GitHub - qeeqbox/client-side-template-injection: A threat actor may trick a victim into executing native template syntax on a vulnerable target

A threat actor may trick a victim into executing native template syntax on a vulnerable target (This is similar SSTI but happens on the client side)

Example #1

Threat actor crafts an exploit URL
Bob logs in to the vulnerable website
Threat actor tricks Bob into clicking on the exploit URL
Bob clicks on the exploit URL, and the browser executes the exploit

Code

Target-Logic

<html>
  <body>
    <div id="alert"></d>
    <script>
    var url = new URL(window.location);
    var alert = url.searchParams.get("alert");
    document.getElementById('alert').innerHTML = alert
    document.body.style.backgroundColor = alert
    </script>
  </body>
</html>

Target-In

/?alert=<img src="/" onerror=alert("test")>

Target-Output

alert box: test

Impact

Vary

Risk

Command execution

Redemption

Input validation
Logic-less

Names

Client Side Template Injection
SST injection

ID

477ac741-89fe-4d0b-b094-09d720ed9d83

References

tenable

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
LICENSE		LICENSE
README.md		README.md
client-side-template-injection.drawio		client-side-template-injection.drawio
client-side-template-injection.png		client-side-template-injection.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Example #1

Code

Target-Logic

Target-In

Target-Output

Impact

Risk

Redemption

Names

ID

References

About

Sponsor this project

License

qeeqbox/client-side-template-injection

Folders and files

Latest commit

History

Repository files navigation

Example #1

Code

Target-Logic

Target-In

Target-Output

Impact

Risk

Redemption

Names

ID

References

About

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Sponsor this project