Path: /blog

Path: /blog			
Vulnerabilities: Client-side prototype pollution, Client-side template injection, Cross-site scripting (DOM-based), Open redirection (DOM-based)

Vulnerability 1: Client-side prototype pollution

Client-side prototype pollutionportswigger.net

According to the above link:

A client-side prototype pollution source is any user-controlled JSON property, query string, or hash parameter that is converted to a JavaScript object and then merged with another object. This enables an attacker to use property keys, such as __proto__, to assign properties to the Object.prototype or other global prototypes.

Client-side prototype pollution is not a vulnerability in its own right. However, when paired with a gadget, this may lead to vulnerabilities such as DOM XSS, which could enable the attacker to control JavaScript on the page.

Testing for client-side prototype pollution - PortSwiggerBurp_Suite

Testing this using Burp Suite requires Pro Version as per above link. Skipping this.

Vulnerability 2: Client-side template injection

Client-side template injectionportswigger.net

Client Side Template Injection (CSTI) - HackTricksbook.hacktricks.wiki

Short Description of Vulnerability:

Client Side template injection allows us to execute arbitrary JavaScript Code in the victim's browsers.

Steps 1: Identify framework

First Identify which framework is being used in the website.

During the directory traversal, a file named angular_1-7-7.js was discovered.

The website evidently utilizes AngularJS in its backend, as indicated by the resource link: https://ginandjuice.shop/resources/js/angular_1-7-7.js.

Step 2: Test using payload

Client Side Template Injection (CSTI) - HackTricksbook.hacktricks.wiki

From Hacktrick, I discovered one payload.

Let's check it.

Insert the payload into the search box and press enter. A pop-up alert will appear, displaying a message with the value as "one."

The analysis confirms that the website is susceptible to a Client-Side Template Injection attack.

Vulnerability 3: Cross-site scripting (DOM-based)

XXS Attack | Tips To Securehacking.tipstosecure.com

DOM XSS - HackTricksbook.hacktricks.wiki

Takes place entirely in the browser, modifying the page’s Document Object Model (DOM) after it has loaded. The user’s browser processes malicious data (e.g., from the URL or a script), causing client-side code to inject the payload into the page.

I tried to exploit this vulnerability but failed.

Below is what I Tired.

I have Identified that URL takes user input value. [Search Term]

Now I will try to RUN XXS payload. First, I will try the basic payload.

Running above URL resulted in error stating that "Tag is not allowed"

So, Let's Try the payload which doesn't have TAG in it.

This time I did not encounter any errors. Moreover, this payload did not trigger an alert box.

Vulnerability 4: Open Redirection (DOM-Based)

DOM-based open redirection | Web Security AcademyWebSecAcademy

This vulnerability occurs when a web application processes untrusted input from the browser (e.g., URL parameters or fragments) and dynamically sets the destination of a redirect on the client side using JavaScript.

I can see only one URL parameter that accepts user input, which is called search. When I try to add a link to another page, for example, https://www.google.comit does not display any output. Based on this, I am assuming that it is not working.

Payload:

Both payloads did not work.