asd
HomeBug BountyJavaScript Execution via Client-Side Template Injection by AMR
Bug BountyXSS

JavaScript Execution via Client-Side Template Injection by AMR

Christin
By Christin
0
36
Javascript Execution (DOM XSS) Via CSTI
JS Execution (DOM XSS) Via CSTI

XSS Via CSTI – DOM XSS – Vue JS Execution Vulnerability – A savvy bug hunter, known as Amr, recently uncovered a significant security flaw in a web application, shedding light on the potential risks posed by Client-Side Template Injection (CSTI). Posted at Medium on February 16, 2024, Amr’s detailed write-up provides valuable insights into his discovery and exploitation of this vulnerability.

Amr’s exploration started with thorough recon, combing through the web app for any possible weaknesses. Once he spotted the Vue.js framework in action, he shifted gears to probe for Server-Side Template Injection (SSTI) vulnerabilities. However, he soon hit a roadblock when he encountered the constraints of Client-Side Template Engines like Vue.js, which process data solely on the client’s side.

Undeterred, Next Amr recognized an opportunity to exploit the CSTI vulnerability to achieve JavaScript Execution (DOM XSS). Armed with his newfound insight, he crafted a payload using Vue.js’s template syntax, {{alert(document.cookie)}}, aiming to trigger an alert and confirm JavaScript execution.

In the event of a failed payload, Amr utilized error messages thrown by Vue.js to gain deeper insights into the code’s structure. Through careful analysis and leveraging the constructor property (using the payload: {{$emit.constructor}} ) . After that, he crafted a custom function, bypassing Vue.js’s security measures and successfully executing JavaScript with code {{$emit.constructor`alert(document.cookie)`()}} , to create a function that pop up an alert box.

His detailed report not only demonstrates his technical skills but also offers valuable lessons for developers and security experts. By pointing out the dangers of CSTI vulnerabilities, Amr’s findings emphasize the critical need for thorough testing and proactive security measures to protect web applications from potential attacks.

This finding underscores the importance of staying alert and working together in the cybersecurity community to spot and tackle new threats effectively. Amr’s work is a clear reminder that cybersecurity challenges are always changing, highlighting the need to stay ahead of the game.

 

Link to read full write up: here

Save the PDF here

Previous article
Bug Hunter Discovers Google Keep Client-side DoS
Next article
Hackers Exploit OpenMetadata Vulnerability for Cryptomining Attacks on Kubernetes
Christin
Christinhttps://secry.me/explore
A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

fifteen − eight =

Most Popular

Load more

GOOGLE ADVERTISEMENT

- Advertisement -

ABOUT SECRY

SECRY Media is Cyber Security platform that serve Collections of WRITE UP + PDFs of original stories from Bug Hunter, Hacking News around the World of Cyber Security, Tips and Trick Ethical Hacking, Bug Bounty Tools and all related Categories.

Contact us: [email protected]

FOLLOW OUR SOCIAL MEDIA

Seedbacklink