Reflected XSS On Search Product via AngularJS Template Injection [ ]

Description :

I’ve found Reflected XSS on via AngularJs , I found this by write {{31338-1}} on their search page and found result 31337 . And i also read h1 report from ysx  for my reference to exploit this.

And I use payload from ysx to exploit AngularJS with {{constructor.constructor(‘alert(document.domain)’)()}} payload.

POC (Piye Om Carane ):

  1. login to account
  2. insert the payload to search field
  3. and XSS will fire up


Screenshoot :

It fixed 1 day after I report to them.

Reference :


Note: I got permission to disclose this report from bukalapak

For Indonesia Languange, you can see my original report on :