extended test for jquery selector xss

extended test for jquery selector xss

By
Zemnmez 0 Seen 780 times
Tags
jquery security xss
Run this test now.

Results


Tested on
Chrome - 65 - Mac OS X
jQ versafe?
1.10.6Some Error Occured
jQuery 1.11.1Safe
jQuery 1.10.0Safe
jQuery 1.11.2Safe
jQuery 1.10.1Safe
jQuery 1.10.2Safe
1.9.9Some Error Occured
1.10.4Some Error Occured
1.9.8Some Error Occured
jQuery 1.2.3Vulnerable with: css class selector,location hash selector
jQuery 1.9.0Safe
1.4.6Some Error Occured
jQuery 1.6.0Vulnerable with: css class selector,location hash selector
1.9.7Some Error Occured
1.9.6Some Error Occured
jQuery 1.9.1Safe
1.4.5Some Error Occured
1.9.5Some Error Occured
1.9.2Some Error Occured
1.9.4Some Error Occured
1.8.11Some Error Occured
1.8.10Some Error Occured
1.8.9Some Error Occured
1.9.3Some Error Occured
1.10.3Some Error Occured
jQuery 1.8.3Vulnerable with: css class selector
1.8.7Some Error Occured
1.8.8Some Error Occured
1.8.6Some Error Occured
1.10.5Some Error Occured
1.8.4Some Error Occured
jQuery 1.8.1Vulnerable with: css class selector
jQuery 1.8.0Vulnerable with: css class selector
jQuery 1.8.2Vulnerable with: css class selector
1.7.10Some Error Occured
1.7.9Some Error Occured
1.8.5Some Error Occured
1.7.7Some Error Occured
jQuery 1.3.1Vulnerable with: css class selector,location hash selector
1.7.8Some Error Occured
1.7.6Some Error Occured
1.7.4Some Error Occured
1.2.0Some Error Occured
jQuery 1.7.2Vulnerable with: css class selector
jQuery 1.6.3Vulnerable with: css class selector
jQuery 1.6.2Vulnerable with: css class selector,location hash selector
jQuery 1.7.1Vulnerable with: css class selector
1.7.3Some Error Occured
1.7.5Some Error Occured
1.5.3Some Error Occured
1.8.12Some Error Occured
jQuery 1.7.0Vulnerable with: css class selector
jQuery 1.5.2Vulnerable with: css class selector,location hash selector
jQuery 1.5.1Vulnerable with: css class selector,location hash selector
jQuery 1.6.1Vulnerable with: css class selector,location hash selector
1.5.4Some Error Occured
jQuery 1.4.0Vulnerable with: css class selector,location hash selector
jQuery 1.3.2Vulnerable with: css class selector,location hash selector
jQuery 1.4.1Vulnerable with: css class selector,location hash selector
jQuery 1.4.3Vulnerable with: css class selector,location hash selector
jQuery 1.4.4Vulnerable with: css class selector,location hash selector
jQuery 1.3.0Vulnerable with: css class selector,location hash selector
jQuery 1.5.0Vulnerable with: css class selector,location hash selector
1.1.1Some Error Occured

Tested on
Googlebot - 2.1 - undefined
jQ versafe?
1.10.6Some Error Occured
1.10.5Some Error Occured
1.10.4Some Error Occured
1.10.3Some Error Occured
1.9.9Some Error Occured
jQuery 1.11.2Safe
jQuery 1.11.1Safe
jQuery 1.10.2Safe
jQuery 1.10.1Safe
jQuery 1.10.0Safe
1.9.8Some Error Occured
1.9.7Some Error Occured
1.9.6Some Error Occured
1.9.5Some Error Occured
1.9.4Some Error Occured
1.9.3Some Error Occured
1.9.2Some Error Occured
1.8.12Some Error Occured
jQuery 1.9.1Safe
jQuery 1.9.0Safe
1.8.11Some Error Occured
1.8.10Some Error Occured
1.8.9Some Error Occured
1.8.8Some Error Occured
1.8.7Some Error Occured
1.8.6Some Error Occured
1.8.5Some Error Occured
1.8.4Some Error Occured
jQuery 1.8.3Vulnerable with: css class selector
jQuery 1.8.2Vulnerable with: css class selector
1.7.10Some Error Occured
1.7.9Some Error Occured
1.7.8Some Error Occured
1.7.7Some Error Occured
1.7.6Some Error Occured
1.7.5Some Error Occured
1.7.4Some Error Occured
1.7.3Some Error Occured
jQuery 1.8.1Vulnerable with: css class selector
jQuery 1.8.0Vulnerable with: css class selector
1.5.4Some Error Occured
1.5.3Some Error Occured
jQuery 1.7.2Vulnerable with: css class selector
jQuery 1.7.1Vulnerable with: css class selector
jQuery 1.7.0Vulnerable with: css class selector
jQuery 1.6.3Vulnerable with: css class selector
jQuery 1.6.2Vulnerable with: css class selector,location hash selector
jQuery 1.6.1Vulnerable with: css class selector,location hash selector
jQuery 1.6.0Vulnerable with: css class selector,location hash selector
jQuery 1.5.2Vulnerable with: css class selector,location hash selector
1.4.6Some Error Occured
1.4.5Some Error Occured
jQuery 1.5.1Vulnerable with: css class selector,location hash selector
jQuery 1.5.0Vulnerable with: css class selector,location hash selector
jQuery 1.4.4Vulnerable with: css class selector,location hash selector
jQuery 1.4.3Vulnerable with: css class selector,location hash selector
jQuery 1.4.1Vulnerable with: css class selector,location hash selector
jQuery 1.4.0Vulnerable with: css class selector,location hash selector
jQuery 1.3.2Vulnerable with: css class selector,location hash selector
jQuery 1.3.1Vulnerable with: css class selector,location hash selector
1.2.0Some Error Occured
1.1.1Some Error Occured
jQuery 1.3.0Vulnerable with: css class selector,location hash selector
jQuery 1.2.3Vulnerable with: css class selector,location hash selector

Tested on
Firefox - 61 - Mac OS X
jQ versafe?
1.10.6Some Error Occured
1.10.5Some Error Occured
1.10.4Some Error Occured
1.10.3Some Error Occured
1.9.9Some Error Occured
jQuery 1.11.1Safe
jQuery 1.11.2Safe
jQuery 1.10.1Safe
jQuery 1.10.2Safe
jQuery 1.10.0Safe
jQuery 1.9.0Safe
1.9.7Some Error Occured
1.9.8Some Error Occured
jQuery 1.9.1Safe
1.9.6Some Error Occured
1.9.4Some Error Occured
1.9.5Some Error Occured
1.9.2Some Error Occured
1.9.3Some Error Occured
jQuery 1.4.1Vulnerable with: css class selector,location hash selector
jQuery 1.4.0Vulnerable with: css class selector,location hash selector
1.8.12Some Error Occured
jQuery 1.4.3Vulnerable with: css class selector,location hash selector
jQuery 1.3.1Vulnerable with: css class selector,location hash selector
jQuery 1.3.2Vulnerable with: css class selector,location hash selector
jQuery 1.3.0Vulnerable with: css class selector,location hash selector
jQuery 1.2.3Vulnerable with: css class selector,location hash selector
1.8.11Some Error Occured
jQuery 1.8.3Vulnerable with: css class selector
1.2.0Some Error Occured
1.1.1Some Error Occured
1.8.9Some Error Occured
1.8.6Some Error Occured
1.8.7Some Error Occured
1.8.5Some Error Occured
1.8.10Some Error Occured
1.8.8Some Error Occured
1.8.4Some Error Occured
jQuery 1.8.2Vulnerable with: css class selector
jQuery 1.8.0Vulnerable with: css class selector
jQuery 1.8.1Vulnerable with: css class selector
1.7.10Some Error Occured
jQuery 1.7.2Vulnerable with: css class selector
jQuery 1.7.1Vulnerable with: css class selector
1.7.4Some Error Occured
jQuery 1.7.0Vulnerable with: css class selector
1.7.9Some Error Occured
1.7.5Some Error Occured
jQuery 1.6.3Vulnerable with: css class selector
1.7.8Some Error Occured
1.7.6Some Error Occured
1.7.7Some Error Occured
jQuery 1.6.0Vulnerable with: css class selector,location hash selector
jQuery 1.6.1Vulnerable with: css class selector,location hash selector
jQuery 1.6.2Vulnerable with: css class selector,location hash selector
jQuery 1.5.2Vulnerable with: css class selector,location hash selector
jQuery 1.5.1Vulnerable with: css class selector,location hash selector
1.5.3Some Error Occured
jQuery 1.5.0Vulnerable with: css class selector,location hash selector
jQuery 1.4.4Vulnerable with: css class selector,location hash selector
1.4.6Some Error Occured
1.7.3Some Error Occured
1.5.4Some Error Occured
1.4.5Some Error Occured

Tested on
Chrome Mobile - 41 - Android
jQ versafe?
1.10.6Some Error Occured
1.10.5Some Error Occured
1.10.4Some Error Occured
1.10.3Some Error Occured
1.9.9Some Error Occured
jQuery 1.11.2Safe
jQuery 1.11.1Safe
jQuery 1.10.2Safe
jQuery 1.10.1Safe
jQuery 1.10.0Safe
1.9.8Some Error Occured
1.9.7Some Error Occured
1.9.6Some Error Occured
1.9.5Some Error Occured
1.9.4Some Error Occured
1.9.3Some Error Occured
1.9.2Some Error Occured
1.8.12Some Error Occured
jQuery 1.9.1Safe
jQuery 1.9.0Safe
1.8.11Some Error Occured
1.8.10Some Error Occured
1.8.9Some Error Occured
1.8.8Some Error Occured
1.8.7Some Error Occured
1.8.6Some Error Occured
1.8.5Some Error Occured
1.8.4Some Error Occured
jQuery 1.8.3Vulnerable with: css class selector
jQuery 1.8.2Vulnerable with: css class selector
1.7.10Some Error Occured
1.7.9Some Error Occured
1.7.8Some Error Occured
1.7.7Some Error Occured
1.7.6Some Error Occured
1.7.5Some Error Occured
1.7.4Some Error Occured
1.7.3Some Error Occured
jQuery 1.8.1Vulnerable with: css class selector
jQuery 1.8.0Vulnerable with: css class selector
1.5.4Some Error Occured
1.5.3Some Error Occured
jQuery 1.7.2Vulnerable with: css class selector
jQuery 1.7.1Vulnerable with: css class selector
jQuery 1.7.0Vulnerable with: css class selector
jQuery 1.6.3Vulnerable with: css class selector
jQuery 1.6.2Vulnerable with: css class selector,location hash selector
jQuery 1.6.1Vulnerable with: css class selector,location hash selector
jQuery 1.6.0Vulnerable with: css class selector,location hash selector
jQuery 1.5.2Vulnerable with: css class selector,location hash selector
1.4.6Some Error Occured
1.4.5Some Error Occured
jQuery 1.5.1Vulnerable with: css class selector,location hash selector
jQuery 1.5.0Vulnerable with: css class selector,location hash selector
jQuery 1.4.4Vulnerable with: css class selector,location hash selector
jQuery 1.4.3Vulnerable with: css class selector,location hash selector
jQuery 1.4.1Vulnerable with: css class selector,location hash selector
jQuery 1.4.0Vulnerable with: css class selector,location hash selector
jQuery 1.3.2Vulnerable with: css class selector,location hash selector
jQuery 1.3.1Vulnerable with: css class selector,location hash selector
1.2.0Some Error Occured
1.1.1Some Error Occured
jQuery 1.3.0Vulnerable with: css class selector,location hash selector
jQuery 1.2.3Vulnerable with: css class selector,location hash selector

User Script (ENUM_FUNCTION)

					
					
// Custom Functions

function unsafe(jQuery_version, vulnerabilities) {
  addError('jQuery ' + jQuery_version, '<b>Vulnerable with: ' + (vulnerabilities || []).join() + '</b>');
}

function safe(jQuery_version) {
  addSuccess('jQuery ' + jQuery_version, 'Safe');
}

// Test Function
function test(data) {
    try {
        var jQuery_version = data;
        var jQueryScript = document.createElement('script');
        jQueryScript.type = 'text/javascript';
        jQueryScript.src = 'https://ajax.googleapis.com/ajax/libs/jquery/' + data.toString() + '/jquery.js';
        jQueryScript.onload = function() {
            var vulnerabilities = [];
            try { 
                $('. <img src="0" onerror="0">');
                vulnerabilities.push('css class selector');
            } catch(err) {
                console.error('css class selector', err);
            }
            try { 
                $('#<img src="1" onerror="1">');
                vulnerabilities.push('location hash selector');
            } catch(err) {
                console.error('location hash selector', err);
            }

            if (!vulnerabilities.length) {
                safe(jQuery_version);
            } else {
                unsafe(jQuery_version, vulnerabilities);
            }
        };
        jQueryScript.onerror = function() {
            addResult(data, 'Some Error Occured');
        }
        document.body.appendChild(jQueryScript);

    } catch (err) {
        addInfo(data, 'Some Error Occured');
    }
}

					
				

Enum Data (ENUM_FUNCTION)

					
					
// Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ["1.11.2", "1.11.1", "1.10.6", "1.10.5", "1.10.4", "1.10.3", "1.10.2", "1.10.1", "1.10.0", "1.9.9", "1.9.8", "1.9.7", "1.9.6", "1.9.5", "1.9.4", "1.9.3", "1.9.2", "1.9.1", "1.9.0", "1.8.12", "1.8.11", "1.8.10", "1.8.9", "1.8.8", "1.8.7", "1.8.6", "1.8.5", "1.8.4", "1.8.3", "1.8.2", "1.8.1", "1.8.0", "1.7.10", "1.7.9", "1.7.8", "1.7.7", "1.7.6", "1.7.5", "1.7.4", "1.7.3", "1.7.2", "1.7.1", "1.7.0", "1.6.3", "1.6.2", "1.6.1", "1.6.0", "1.5.4", "1.5.3", "1.5.2", "1.5.1", "1.5.0", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.1", "1.4.0", "1.3.2", "1.3.1", "1.3.0", "1.2.3", "1.2.0", "1.1.1"];