Reflected XSS with AngularJS Sandbox Escape Without Strings

In this video we solve the portswigger lab with the title 'Reflected XSS with AngularJS Sandbox Escape Without Strings' We explore the solution in depth and provide an explanation regarding the angularJS sandbox and sandbox escapes. We also briefly consider the history of the angularJS sandbox. 00:00 Intro 01:04 AngularJS recap 02:21 Arbitrary search string 05:06 AngularJS $parse 07:20 Injection into the URL 09:12 Testing for injection vulnerabilities 11:55 Alert() injection test 13:34 Intro to AngularJS Sandbox 15:03 Intro to sandbox escapes 17:27 Removal of AngularJS sandbox 18:29 Gareth Heyes sandbox writeup 19:17 AngularJS v1.4.4 specific exploit 22:05 isIdent sandbox function 24:16 Analysing the exploit 26:44 Backdooring strings 28:49 AngularJS orderBy 31:48 Summary and solving the lab

Join Today
Reflected XSS with event handlers and attributes blocked.
▶︎

Reflected XSS with event handlers and attributes blocked.

Reflected XSS in a JavaScript URL with some characters blocked - Explaining the Payload
▶︎

Reflected XSS in a JavaScript URL with some characters blocked - Explaining the Payload

Reflected XSS Protected by Very Strict CSP with Dangling Markup Attack
▶︎

Reflected XSS Protected by Very Strict CSP with Dangling Markup Attack

AngularJS DOM XSS Attack - Understanding $on.constructor
▶︎

AngularJS DOM XSS Attack - Understanding $on.constructor

Why you should never use eval() in JavaScript. Reflected DOM XSS Attack.
▶︎

Why you should never use eval() in JavaScript. Reflected DOM XSS Attack.

[1] - Cross-Site Scripting - (Advanced Client-Side Attacks)
▶︎

[1] - Cross-Site Scripting - (Advanced Client-Side Attacks)

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
▶︎

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley
▶︎

DEF CON 33 - Cash, Drugs, and Guns - Why Your Safes Aren't Safe - Mark Omo, James Rowley

Norwegen – Frankreich Highlights | Gruppe I, FIFA WM 2026 | sportstudio
▶︎

Norwegen – Frankreich Highlights | Gruppe I, FIFA WM 2026 | sportstudio

ASMR Addictive Fast Tapping Collection For Deep Sleep & Anxiety Relief (No Talking) — 2.5 Hours
▶︎

ASMR Addictive Fast Tapping Collection For Deep Sleep & Anxiety Relief (No Talking) — 2.5 Hours

This XSS attack is both stored AND DOM based - here's why....
▶︎

This XSS attack is both stored AND DOM based - here's why....

Top 10 Angular Interview Questions for Freshers & 0-2 Years Experience | Angular Interview Prep
▶︎

Top 10 Angular Interview Questions for Freshers & 0-2 Years Experience | Angular Interview Prep

248 DIOS TE DICE HOY: NADA ES IMPOSIBLE PARA MÍ | CONFÍA EN DIOS
▶︎

248 DIOS TE DICE HOY: NADA ES IMPOSIBLE PARA MÍ | CONFÍA EN DIOS

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
▶︎

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro

Reflected XSS into HTML Context with Most Tags and Attributes Blocked
▶︎

Reflected XSS into HTML Context with Most Tags and Attributes Blocked

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Reflected XSS into a JavaScript String with Single Quote and Backslash Escaped
▶︎

Reflected XSS into a JavaScript String with Single Quote and Backslash Escaped

What is XSS? | Understanding Cross-Site Scripting | XSS Explained
▶︎

What is XSS? | Understanding Cross-Site Scripting | XSS Explained

Uruguay – Spanien Highlights | Gruppe H, FIFA WM 2026 | sportstudio
▶︎

Uruguay – Spanien Highlights | Gruppe H, FIFA WM 2026 | sportstudio

7 Authentication Concepts Every Developer Should Know
▶︎

7 Authentication Concepts Every Developer Should Know