Abstract: A method for detecting an injection vulnerability of a client-side templating system includes receiving a web page, determining that the web page implements an interpreted programming language framework with client-side templating, and extracting a version of the interpreted programming language framework and an interpolation sign from the web page. The method also includes generating an attack payload for at least one injection vulnerability context of the web page based on the version of the interpreted programming language framework and the interpolation sign, instrumenting the web page to inject the attack payload into the at least one injection vulnerability context of the web page, and executing the instrumented web page.

Abstract: A method for detecting an injection vulnerability of a client-side templating system includes receiving a web page, determining that the web page implements an interpreted programming language framework with client-side templating, and extracting a version of the interpreted programming language framework and an interpolation sign from the web page. The method also includes generating an attack payload for at least one injection vulnerability context of the web page based on the version of the interpreted programming language framework and the interpolation sign, instrumenting the web page to inject the attack payload into the at least one injection vulnerability context of the web page, and executing the instrumented web page.

Abstract: A method (800) for detecting an injection vulnerability of a client-side templating system includes receiving a web page (200), determining that the web page implements an interpreted programming language framework (142) with client-side templating, and extracting a version (144) of the interpreted programming language framework and an interpolation sign (146) from the web page. The method also includes generating an attack payload (152a) for at least one injection vulnerability context (210) of the web page based on the version of the interpreted programming language framework and the interpolation sign, instrumenting the web page to inject the attack payload into the at least one injection vulnerability context of the web page, and executing the instrumented web page.

Abstract: A method for detecting an injection vulnerability of a client-side templating system includes receiving a web page, determining that the web page implements an interpreted programming language framework with client-side templating, and extracting a version of the interpreted programming language framework and an interpolation sign from the web page. The method also includes generating an attack payload for at least one injection vulnerability context of the web page based on the version of the interpreted programming language framework and the interpolation sign, instrumenting the web page to inject the attack payload into the at least one injection vulnerability context of the web page, and executing the instrumented web page.

Abstract: A method (800) for detecting an injection vulnerability of a client-side templating system includes receiving a web page (200), determining that the web page implements an interpreted programming language framework (142) with client-side templating, and extracting a version (144) of the interpreted programming language framework and an interpolation sign (146) from the web page. The method also includes generating an attack payload (152a) for at least one injection vulnerability context (210) of the web page based on the version of the interpreted programming language framework and the interpolation sign, instrumenting the web page to inject the attack payload into the at least one injection vulnerability context of the web page, and executing the instrumented web page.