Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability
This product analysis discusses a repository that demonstrates the vulnerability of web apps using both server-side rendering and Vue.js to XSS attacks. The repository includes a vulnerable PHP script, as well as fixed versions of the script. The analysis provides a walkthrough of how to exploit the vulnerability, how to fix it, and discusses the scope and impact of such a vulnerability.
To run the demo, follow these steps:
If you prefer not to use Docker, you can host the index.php file on a PHP capable server. However, keep in mind that this file is deliberately vulnerable to XSS attacks, so it should only be run on a local environment.
This product analysis discusses a repository that demonstrates the vulnerability of web apps that use both server-side rendering and Vue.js to XSS attacks. The repository includes a vulnerable PHP script and fixed versions of the script. The analysis provides a walkthrough on how to exploit the vulnerability, how to fix it, and discusses the scope and impact of the vulnerability. It also provides instructions for running the demo using Docker and Docker Compose, as well as alternative hosting options for the vulnerable PHP script.
