jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.

List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/)

By
skeptic_fx 37 Seen 3587 times
Tags
jquery xss bug
Run this test now.

Results


Tested on
Chrome - 64 - Windows 7
jQuery VersionIs Vulnerable?
jQuery 2.0.3Safe
jQuery 2.0.2Safe
jQuery 2.0.1Safe
jQuery 2.0.0Safe
jQuery 1.10.2Safe
jQuery 1.10.1Safe
jQuery 1.10.0Safe
jQuery 1.9.1Safe
jQuery 1.9.0Safe
jQuery 1.8.3Safe
jQuery 1.8.2Safe
jQuery 1.8.1Safe
jQuery 1.8.0Safe
jQuery 1.7.2Safe
jQuery 1.7.1Safe
jQuery 1.7.0Safe
jQuery 1.6.4Safe
jQuery 1.6.3Safe
jQuery 1.6.2Vulnerable
jQuery 1.6.1Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.5.2Vulnerable
jQuery 1.5.1Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.3.1Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.2.3Vulnerable

Tested on
Chrome Mobile - 53 - Android
jQuery VersionIs Vulnerable?
jQuery 2.0.2Safe
jQuery 2.0.3Safe
jQuery 2.0.1Safe
jQuery 2.0.0Safe
jQuery 1.10.2Safe
jQuery 1.10.1Safe
jQuery 1.10.0Safe
jQuery 1.9.1Safe
jQuery 1.9.0Safe
jQuery 1.8.3Safe
jQuery 1.8.2Safe
jQuery 1.7.2Safe
jQuery 1.6.3Safe
jQuery 1.6.1Vulnerable
jQuery 1.8.1Safe
jQuery 1.8.0Safe
jQuery 1.7.1Safe
jQuery 1.7.0Safe
jQuery 1.6.4Safe
jQuery 1.6.0Vulnerable
jQuery 1.6.2Vulnerable
jQuery 1.5.1Vulnerable
jQuery 1.5.2Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.3.1Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.2.3Vulnerable
jQuery 1.3.0Vulnerable

Tested on
Chromium - 52 - Ubuntu
jQuery VersionIs Vulnerable?
jQuery 2.0.3Safe
jQuery 2.0.2Safe
jQuery 2.0.1Safe
jQuery 2.0.0Safe
jQuery 1.10.2Safe
jQuery 1.10.1Safe
jQuery 1.10.0Safe
jQuery 1.9.1Safe
jQuery 1.9.0Safe
jQuery 1.8.3Safe
jQuery 1.8.2Safe
jQuery 1.8.1Safe
jQuery 1.8.0Safe
jQuery 1.7.2Safe
jQuery 1.7.1Safe
jQuery 1.7.0Safe
jQuery 1.6.4Safe
jQuery 1.6.3Safe
jQuery 1.6.1Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.6.2Vulnerable
jQuery 1.5.2Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.5.1Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.3.1Vulnerable
jQuery 1.2.3Vulnerable

Tested on
Googlebot - 2.1 - undefined
jQuery VersionIs Vulnerable?
jQuery 2.0.3Safe
jQuery 2.0.2Safe
jQuery 2.0.1Safe
jQuery 2.0.0Safe
jQuery 1.10.2Safe
jQuery 1.10.1Safe
jQuery 1.10.0Safe
jQuery 1.9.1Safe
jQuery 1.9.0Safe
jQuery 1.8.3Safe
jQuery 1.8.2Safe
jQuery 1.8.1Safe
jQuery 1.8.0Safe
jQuery 1.7.2Safe
jQuery 1.7.1Safe
jQuery 1.7.0Safe
jQuery 1.6.4Safe
jQuery 1.6.3Safe
jQuery 1.5.1Safe
jQuery 1.6.2Vulnerable
jQuery 1.6.1Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.5.2Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.3.1Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.2.3Vulnerable

Tested on
IE Mobile - 11 - Windows Phone 8
jQuery VersionIs Vulnerable?
jQuery 1.8.3Safe
jQuery 1.8.2Safe
jQuery 1.10.0Safe
jQuery 1.9.1Safe
jQuery 2.0.1Safe
jQuery 1.9.0Safe
jQuery 1.7.2Safe
jQuery 1.10.1Safe
jQuery 2.0.0Safe
jQuery 1.8.0Safe
jQuery 2.0.2Safe
jQuery 2.0.3Safe
jQuery 1.8.1Safe
jQuery 1.10.2Safe
jQuery 1.7.1Safe
jQuery 1.7.0Safe
jQuery 1.6.4Safe
jQuery 1.6.3Safe
jQuery 1.5.1Safe
jQuery 1.2.3Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.3.1Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.6.1Vulnerable
jQuery 1.6.2Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.5.2Vulnerable

Tested on
Safari - 10.1.2 - Mac OS X
jQuery VersionIs Vulnerable?
jQuery 2.0.3Safe
jQuery 2.0.2Safe
jQuery 2.0.1Safe
jQuery 1.10.1Safe
jQuery 1.10.0Safe
jQuery 1.9.0Safe
jQuery 1.9.1Safe
jQuery 2.0.0Safe
jQuery 1.10.2Safe
jQuery 1.8.3Safe
jQuery 1.8.2Safe
jQuery 1.8.1Safe
jQuery 1.8.0Safe
jQuery 1.7.2Safe
jQuery 1.7.1Safe
jQuery 1.7.0Safe
jQuery 1.6.4Safe
jQuery 1.6.3Safe
jQuery 1.6.1Vulnerable
jQuery 1.6.2Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.5.2Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.5.1Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.2.3Vulnerable
jQuery 1.3.1Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.2.6Vulnerable

Tested on
undefined - undefined - undefined
jQuery VersionIs Vulnerable?
jQuery 2.0.0Safe
jQuery 1.10.2Safe
jQuery 2.0.2Safe
jQuery 1.9.0Safe
jQuery 1.9.1Safe
jQuery 1.10.0Safe
jQuery 2.0.1Safe
jQuery 1.8.3Safe
jQuery 2.0.3Safe
jQuery 1.10.1Safe
jQuery 1.8.2Safe
jQuery 1.6.4Safe
jQuery 1.6.3Safe
jQuery 1.7.1Safe
jQuery 1.7.2Safe
jQuery 1.8.1Safe
jQuery 1.6.1Vulnerable
jQuery 1.8.0Safe
jQuery 1.7.0Safe
jQuery 1.5.2Vulnerable
jQuery 1.6.2Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.5.1Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.2.3Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.3.1Vulnerable

Tested on
Chrome Mobile iOS - 49 - iOS
jQuery VersionIs Vulnerable?
jQuery 2.0.1Safe
jQuery 1.10.1Safe
jQuery 1.10.2Safe
jQuery 1.9.1Safe
jQuery 1.8.3Safe
jQuery 2.0.2Safe
jQuery 2.0.0Safe
jQuery 1.9.0Safe
jQuery 2.0.3Safe
jQuery 1.10.0Safe
jQuery 1.7.1Safe
jQuery 1.8.0Safe
jQuery 1.7.2Safe
jQuery 1.8.1Safe
jQuery 1.6.3Safe
jQuery 1.8.2Safe
jQuery 1.7.0Safe
jQuery 1.6.4Safe
jQuery 1.6.2Vulnerable
jQuery 1.6.1Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.5.1Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.5.2Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.2.3Vulnerable
jQuery 1.3.1Vulnerable

Tested on
Opera - 40 - Linux
jQuery VersionIs Vulnerable?
jQuery 2.0.3Safe
jQuery 2.0.2Safe
jQuery 2.0.1Safe
jQuery 2.0.0Safe
jQuery 1.10.1Safe
jQuery 1.10.2Safe
jQuery 1.10.0Safe
jQuery 1.9.1Safe
jQuery 1.9.0Safe
jQuery 1.8.3Safe
jQuery 1.7.1Safe
jQuery 1.4.0Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.8.2Safe
jQuery 1.8.0Safe
jQuery 1.4.1Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.2.3Vulnerable
jQuery 1.7.2Safe
jQuery 1.7.0Safe
jQuery 1.6.4Safe
jQuery 1.6.3Safe
jQuery 1.3.2Vulnerable
jQuery 1.6.2Vulnerable
jQuery 1.6.1Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.5.1Vulnerable
jQuery 1.5.2Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.8.1Safe
jQuery 1.3.1Vulnerable

User Script (ENUM_FUNCTION)

					
// Custom Functions
var jQuery_version = '';
function vulnerable(){
    addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>');
}

function safe(){
    addSuccess('jQuery '+ jQuery_version, 'Safe');
}
    
function removeIframe(){
    var x = document.getElementById('jQueryFrameID');
    x.parentNode.removeChild(x);
}

// Test Function
function test(data){
	// We need to separate properties and access one by one.
try{
    jQuery_version = data;
    var jQueryFrame = document.createElement('iframe');
    jQueryFrame.src = location.href+'#<img src=x onerror=bad();>';
    jQueryFrame.id = 'jQueryFrameID';
    jQueryFrame.onload = function(){
            var jQueryScript = jQueryFrame.contentWindow.document.createElement('script');
            jQueryScript.type = 'text/javascript';
            jQueryScript.src = 'https://ajax.googleapis.com/ajax/libs/jquery/'+ data.toString() +'/jquery.js';
            jQueryFrame.contentWindow.document.body.appendChild(jQueryScript);
            jQueryScript.onload = function(){console.warn(location.href);
                var exploitScript = "try{function bad(){parent.vulnerable(); parent.removeIframe();} $(location.hash);} catch(err){parent.safe();parent.removeIframe();}";
                var exploit = jQueryFrame.contentWindow.document.createElement('script');
                exploit.type = 'text/javascript';
                exploit.innerHTML = exploitScript;
                jQueryFrame.contentWindow.document.body.appendChild(exploit);
                
            };
            jQueryScript.onerror = function(){
                addResult(data ,  'Some Error Occured');
            };
    };
    document.body.appendChild(jQueryFrame);

}

catch(err){
	addInfo(data ,  'Some Error Occured');
}

}

					
				

Enum Data (ENUM_FUNCTION)

					
// Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ['2.0.3', '2.0.2', '2.0.1', '2.0.0', '1.10.2', '1.10.1', 
'1.10.0', '1.9.1', '1.9.0', '1.8.3', '1.8.2', '1.8.1', '1.8.0', 
'1.7.2', '1.7.1', '1.7.0', '1.6.4', '1.6.3', '1.6.2', '1.6.1', 
'1.6.0', '1.5.2', '1.5.1', '1.5.0', '1.4.4', '1.4.3', '1.4.2', 
'1.4.1', '1.4.0', '1.3.2', '1.3.1', '1.3.0', '1.2.6', '1.2.3'];