angularJS - Client-Side Template Injection
Hello - I'm testing a web app that is using AngularJS v1.3.11. Burp has flagged multiple high risk client-side template injection issues with a confidence of firm. I'm trying to figure out if this is a false positive or something I need to report. Essentially, Burp is flagging that it is possible to inject arbitrary expressions into the client template. An example would be were users enter their email address. Burp then appends some characters and then it shows it in the template response where the email address value is the value the user enters plus the characters Burp inserted. I'm leaning towards this being a false positive since the template is just taking whatever the user inputs into this field and populates the value of the form, so I'm not sure what appending additional characters proves. Anyway to figure out if this is legit or not?
Glad you got an exploit working. XSS via AngularJS injection breaks all the normal rules!
In terms of action by your client, it’s most likely a single issue.