AngularJS Sandbox Bypass

YouTube Playlist

AngularJS is a JavaScript framework to build single-page web applications. The official documents say, you must not mix html pages that use angularJS with embedded user input, because this will turn a XSS safe site, into being vulnerable. We explore how this can happen, and how amazing the techniques are which bypass the AngularJS sandbox.

Each video uses a test page (testbed), to explore AngularJS. You will find these pages to the right in the sidebar.

If you are a beginner, I suggest you to start from the beginning. If you are already experienced, just try out a video and see if you understand it.

Introduction to AngularJS {{expressions}}. Next videos will be about bypassing AngularJS expressions in v1.0.8 to gain XSS

Bypassing the AngularJS Sandbox for version 1.0.8 to get XSS.

Testing the old bypass from version 1.0.8 on a new version 1.4.7 where it's fixed, to prepare for a different bypass.

Walkthrough of the sandbox bypass for version 1.4.7 by Gareth Heyes that leads to XSS in AngularJS.

The current AngularJS version is still vulnerable to this bypass. We just had to modify the latest fixed bypass to break the incomplete fix in 1.5.7