// Custom Functions
var jQuery_version = '';
function vulnerable(){
addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>');
}
function safe(){
addSuccess('jQuery '+ jQuery_version, 'Safe');
}
function removeIframe(){
var x = document.getElementById('jQueryFrameID');
x.parentNode.removeChild(x);
}
// Test Function
function test(data){
// We need to separate properties and access one by one.
try{
jQuery_version = data;
var jQueryFrame = document.createElement('iframe');
jQueryFrame.id = 'jQueryFrameID';
jQueryFrame.onload = function(){
var jQueryScript = jQueryFrame.contentWindow.document.createElement('script');
jQueryScript.type = 'text/javascript';
jQueryScript.src = 'https://ajax.googleapis.com/ajax/libs/jquery/'+ data.toString() +'/jquery.js';
jQueryFrame.contentWindow.document.body.appendChild(jQueryScript);
jQueryScript.onload = function(){
var exploitScript = "try{function bad(){parent.vulnerable(); parent.removeIframe();} $('a[name=\"<img src=x onerror=bad()>\"]');} catch(err){parent.safe();parent.removeIframe();}";
var exploit = jQueryFrame.contentWindow.document.createElement('script');
exploit.type = 'text/javascript';
exploit.innerHTML = exploitScript;
jQueryFrame.contentWindow.document.body.appendChild(exploit);
};
jQueryScript.onerror = function(){
addResult(data , 'Some Error Occured');
}
};
document.body.appendChild(jQueryFrame);
}
catch(err){
addInfo(data , 'Some Error Occured');
}
}