Task
This lab contains a DOM-based cross-site scripting vulnerability in a AngularJS expression within the search functionality.
AngularJS is a popular JavaScript library, which scans the contents of HTML nodes containing the ng-app attribute (also known as an AngularJS directive). When a directive is added to the HTML code, you can execute JavaScript expressions within double curly braces. This technique is useful when angle brackets are being encoded.
To solve this lab, perform a cross-site scripting attack that executes an AngularJS expression and calls the alert function.
Attempt
Though I know the lab uses AngularJS from the task description, let’s first confirm it actually uses AngularJS by examining the source code. <body ng-app>’s there. This means it uses AngularJS. Also this even shows the version:<script type="text/javascript" src="[/resources/js/angular_1-7-7.js](https://0a8400f4038c97e882906a25007c0081.web-security-academy.net/resources/js/angular_1-7-7.js)"></script>.
I used put this payload (for AngularJS 1.6+) from PayloadsAllTheThings to the search box: