Yastat Angular Content-Security-Policy Bypass Scanner

Yastat Angular is a part of the external resources used within web applications, often for analytics and interactive component integration. Many websites use Yastat Angular to enhance user interfaces and capture analytics. It is crucial in delivering dynamic user experiences by providing tools to manipulate and monitor user interactions. Deployed mainly by developers and engineers, Yastat Angular ensures that applications meet their functional requirements with rich interactivity. As a widely used tool, it is found globally across various industries for web analytics and interface enhancements. Its primary purpose includes providing scripts and functionalities that interact with the website users more effectively.

The vulnerability detected, known as Cross-Site Scripting (XSS), occurs when untrusted data execution within a web application is improperly handled. It leads to an attacker being able to inject malicious scripts into content from trusted websites. XSS is exploited by attackers to execute scripts in the victim's browser, which can hijack user sessions, deface websites, or redirect to malicious sites. This particular vulnerability is associated with CSP bypass in Yastat Angular, leveraging weak CSP policies to insert scripts. The threat extends to data exposure or execution without user interaction, posing a significant risk to web applications. Recognizing and mitigating such vulnerabilities helps maintain the web application's integrity, confidentiality, and availability.

The technical details involve a payload that is inserted directly into the query part of the web request, aimed at exploiting CSP bypass features. The specific endpoint vulnerable to this is the open session in the angular application, which fails to protect against arbitrary script loads. The initial injection through 'ng-focus' directive opens the potential for script execution by inserting resource URLs into the application context. This happens typically in the browser's execution environment where CSP headers are weak or improperly set. The solution lies in establishing robust CSP policies and validating user inputs thoroughly to prevent unauthorized code execution. Attackers focus on browsers handling Content-Security-Policy headers, identifying the weak points to exploit them and execute malicious scripts.

Exploiting this vulnerability can result in severe repercussions, such as session hijacking, where an attacker gains unauthorized access to a user's session. Users might be redirected to phishing sites, leading to credential theft and user account compromise. Persistent XSS attacks might enable attackers to leverage users' stored data or cache, extracting sensitive information over time. Additionally, malicious actors can use compromised sites as a stepstone for larger orchestrated attacks on users, leading to user and data loss. These effects highlight the critical need for constant monitoring and strengthening of security policies in web applications.

REFERENCES

• https://github.com/renniepak/CSPBypass/blob/main/data.tsv