BOOK THIS SPACE FOR AD
ARTICLE ADبِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ
Hi geeks,
A few months ago, I worked on a VDP on the HackerOne platform. I usually start my testing with passive and active recon to discover subdomains. Following this, I proceed to test such as SQL injection, XSS , and SSTI in various parameters when navigating the websites.
I noticed that the website reflected {7*7} as 49. My first instinct was to attempt exploiting SSTI, which led to achieving RCE :))
After spending amount of time attempting to exploit SSTI, I discovered that the website was built with the Vue.js framework, which utilizes a Client-Side Template Engine. As a result, all avenues to exploit SSTI were closed :))
Client-Side Template Engines such as AngularJS and Vue.js , as their name suggests, will render the data on the client-side. These engines can only access data that is accessible and presented to the client and will process the data locally. Their impact will be limited mostly to the user
So now, we can easily exploit that and escalate it to DOM XSS..