jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. (2)
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
By
0
Seen 422 times
Tags
Run this test now.
Results
Chrome Mobile
Chrome
This browser ran the most recent scan
Tested on
Chrome Mobile - 98 - Android
| jQuery Version | Is Vulnerable? |
|---|---|
| jQuery 3.4.0 | Safe |
| jQuery 3.2.0 | Safe |
| jQuery 2.2.1 | Safe |
| jQuery 3.0.0 | Safe |
| jQuery 2.1.0 | Safe |
| jQuery 2.2.0 | Safe |
| jQuery 3.1.0 | Safe |
| 2.3.0 | Some Error Occured |
| 3.3.0 | Some Error Occured |
| jQuery 2.0.0 | Safe |
| 1.2.1 | Some Error Occured |
This browser ran the most recent scan
Tested on
Chrome - 98 - undefined
| jQuery Version | Is Vulnerable? |
|---|---|
| jQuery 3.1.0 | Safe |
| jQuery 3.4.0 | Safe |
| 2.3.0 | Some Error Occured |
| 3.3.0 | Some Error Occured |
| jQuery 3.0.0 | Safe |
| jQuery 2.2.1 | Safe |
| jQuery 2.2.0 | Safe |
| jQuery 2.0.0 | Safe |
| jQuery 2.1.0 | Safe |
| jQuery 3.2.0 | Safe |
| 1.2.1 | Some Error Occured |
User Script (ENUM_FUNCTION)
// Custom Functions
var jQuery_version = '';
function vulnerable(){
addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>');
}
function safe(){
addSuccess('jQuery '+ jQuery_version, 'Safe');
}
function removeIframe(){
var x = document.getElementById('jQueryFrameID');
x.parentNode.removeChild(x);
}
// Test Function
function test(data){
// We need to separate properties and access one by one.
try{
jQuery_version = data;
var jQueryFrame = document.createElement('iframe');
jQueryFrame.src = location.href+'#<img src=x onerror=bad();>';
jQueryFrame.id = 'jQueryFrameID';
jQueryFrame.onload = function(){
var jQueryScript = jQueryFrame.contentWindow.document.createElement('script');
jQueryScript.type = 'text/javascript';
jQueryScript.src = 'https://ajax.googleapis.com/ajax/libs/jquery/'+ data.toString() +'/jquery.js';
jQueryFrame.contentWindow.document.body.appendChild(jQueryScript);
jQueryScript.onload = function(){console.warn(location.href);
var exploitScript = "try{function bad(){parent.vulnerable(); parent.removeIframe();} $(location.hash);} catch(err){parent.safe();parent.removeIframe();}";
var exploit = jQueryFrame.contentWindow.document.createElement('script');
exploit.type = 'text/javascript';
exploit.innerHTML = exploitScript;
jQueryFrame.contentWindow.document.body.appendChild(exploit);
};
jQueryScript.onerror = function(){
addResult(data , 'Some Error Occured');
};
};
document.body.appendChild(jQueryFrame);
}
catch(err){
addInfo(data , 'Some Error Occured');
}
}
Enum Data (ENUM_FUNCTION)
// Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ['2.0.3', '2.0.2', '2.0.1', '2.0.0', '1.10.2', '1.10.1',
'1.10.0', '1.9.1', '1.9.0', '1.8.3', '1.8.2', '1.8.1', '1.8.0',
'1.7.2', '1.7.1', '1.7.0', '1.6.4', '1.6.3', '1.6.2', '1.6.1',
'1.6.0', '1.5.2', '1.5.1', '1.5.0', '1.4.4', '1.4.3', '1.4.2',
'1.4.1', '1.4.0', '1.3.2', '1.3.1', '1.3.0', '1.2.6', '1.2.3','3.3.1' ,'3.4.1'];