-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AngularJS-specific Injection Detection #51
Comments
There is really two ways of doing this. Jack's way or you could just look for reflected use input in a response |
I still like this idea. I wish tracy would generate random math equations and look for their answers in the response as a tracy string |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Yo.
A cool feature would be to detect AngularJS-based injection, a la https://hackerone.com/reports/141463.
A simple payload would be something like {{191*7}} and then watching for 1337 in the output, or something like that.
Bonus points for selecting the appropriate sandbox escape payload, if needed, though this probably goes against the spirit of your tool.
Jack
The text was updated successfully, but these errors were encountered: