1. Introduction
2. Building, running the application
3. Configuring a backend
4. Exercises
   1. Exercise 1 - XSS
   2. Exercise 2 - Injection
   3. Exercise 3 - CSRF, OSRF
   4. Exercise 4 - Tabnabbing

LeakyAngular is a deliberately vulnerable angular application. The project was generated with Angular CLI version 7.3.4. It uses the javulna backend. LeakyAngular (together with the javulna backend) is a movie-related application, where you can log in and out, read information about movies, buy movie-related objects, send messages to other users of the application, etc. The functionalities are far from complete or coherent, they just serve the purpose of demonstrating specific vulnerabilities. This document contains exercises which can be done with LeakyAngular to understand how to exploit and how to fix specific vulnerabilities.

Run ng serve for a dev server. Navigate to http://localhost:4200/. The app will automatically reload if you change any of the source files.

Or

Run ng build to build the project. The build artifacts will be stored in the dist/ directory. Use the --prod flag for a production build.

LeakyAngular uses by default a backend hosted on Google Cloud. This cloud instance is live only for limited periods. If you want to use it with your own backend, get the javulna application and run it. Than configure LeakyAngular to use your local backend by changing the baseUrl attribute in environments/environment.ts, and environments/environment.prod.ts

The application is vulnerable to XSS in the Users page! Find the vulnerability, and exploit it!
Then check the source-code, and fix it!
Discuss what could be the developer's reason for choosing the vulnerable solution!

The application is vulnerable to a classic client-side script-injection attack. Check the movies page to find it!
Then check the source-code, and fix it!
Discuss what kind of other fixes you can imagine!

The application is vulnerable to both CSRF and OSRF! Find the OSRF vulnerability, and exploit it!
To find the OSRF vulnerability, you should know, that the backend application has a password change functionality.
A logged in user can change her password by sending a GET request to {{javulna_host}}/rest/user/changepwd?newpwd={{new password}}.
Find where the OSRF vulnerability is, and exploit it!
Discuss how could you fix this vulnerability!

The application is vulnerable to Tabnabbing! Find the vulnerable place, and exploit it!
Fix the vulnerability!