CVE-2022-0144 shelljs is vulnerable to Improper Privilege Management
All app based on AngularJS, EmberJS or other frameworks are vulnerable to this issue. All the user supplied data can be used by the app developer by simply creating his own view. Every view has a view model where all the data of the view are stored.
So if anyone attacker has control over the view he can do anything. In the above app developer can do anything with any user supplied data. Every app has lots of data like user’s email address, profile information, contact information and other such data. Now by controlling the view of the app developer can steal such data. In the above app developer has a view where he can do anything with any user supplied data. With the help of this vulnerability hackers can steal any data like password, credit card information, medical history, and other such data.
Steps to perform AngularJS web app data theft attack
Steps to perform AngularJS web app data theft attack are very easy. This vulnerability can be exploited by following these steps:
1) The attacker first visits the site of the victim and logs in as authorized user.
2) After logging in successfully, the attacker goes to any page that is using AngularJS. For example show a list of users or something like that.
3) Now with the help of each view model which stores all the data of the view, he can do anything with any user supplied information like credit card number, email address etc.
How to Bypass AngularJS Login or Register Functionality
Let’s say the attacker is not able to bypass the login functionality of the app. The attacker can just access the view model where all the data of the view are stored and read them. So with this vulnerability he can see users email address, profile information, contact information and other such data. This is a fairly simple exploit and it may take a long time for developers to fix it.
Timeline
Published on: 01/11/2022 07:15:00 UTC
Last modified on: 02/09/2022 14:17:00 UTC