Write-up on Stored Cross-Site Scripting Vulnerability in the popular Invision App

I’m a big fan of the InVision App because of its amazing UX and the prototyping tools. For those who are not aware, invisionapp.com helps transform high-fidelity designs into clickable, interactive Prototypes and Mockups.

I love Garfield

One fine day, I started playing around it to find some interesting vulnerability. Information Gathering is the first thing I do when pen-testing any application. It was easy to figure out that the application is built using AngularJS framework with version 1.2.x.

In AngularJS, there is a service $sce that provides Strict Contextual Escaping. As of version 1.2, Angular ships with SCE enabled by default.