JQuery XSS test

JQuery XSS test

By
bananabr 0 Seen 76 times
Tags
xss
Run this test now.

Results


This browser ran the most recent scan
Tested on
Chrome - 92 - undefined
jQuery VersionIs it Vulnerable?
jQuery 3.6.0Safe
jQuery 1.12.4Safe
jQuery 2.2.4Safe

This browser ran the most recent scan
Tested on
Firefox - 88 - Ubuntu
jQuery VersionIs it Vulnerable?
3.5.1Some Error Occured
3.5.0Some Error Occured
jQuery 3.6.0Safe
3.4.0Some Error Occured
3.3.1Some Error Occured
3.2.1Some Error Occured
3.2.0Some Error Occured
3.1.1Some Error Occured
3.4.1Some Error Occured
3.1.0Some Error Occured
3.0.0Some Error Occured
2.2.2Some Error Occured
2.2.4Some Error Occured
2.2.1Some Error Occured
2.2.0Some Error Occured
2.2.3Some Error Occured
2.1.4Some Error Occured
2.1.0Some Error Occured
2.1.3Some Error Occured
2.1.1Some Error Occured
2.0.3Some Error Occured
2.0.2Some Error Occured
2.0.1Some Error Occured
1.12.3Some Error Occured
1.12.2Some Error Occured
1.12.1Some Error Occured
1.12.0Some Error Occured
2.0.0Some Error Occured
1.11.3Some Error Occured
1.12.4Some Error Occured
1.11.2Some Error Occured
1.11.1Some Error Occured
1.11.0Some Error Occured
1.10.2Some Error Occured
1.10.1Some Error Occured
1.8.3Some Error Occured
1.9.1Some Error Occured
1.10.0Some Error Occured
1.9.0Some Error Occured
1.8.2Some Error Occured
1.8.1Some Error Occured
1.8.0Some Error Occured
1.7.2Some Error Occured
1.7.1Some Error Occured
1.6.2Some Error Occured
1.6.1Some Error Occured
1.7.0Some Error Occured
1.6.4Some Error Occured
1.6.3Some Error Occured
1.6.0Some Error Occured
1.5.2Some Error Occured
1.5.1Some Error Occured
1.5.0Some Error Occured
1.4.4Some Error Occured
1.4.1Some Error Occured
1.4.0Some Error Occured
1.3.2Some Error Occured
1.4.3Some Error Occured
1.4.2Some Error Occured
1.3.1Some Error Occured
1.3.0Some Error Occured
1.2.6Some Error Occured
jQuery 1.2.3Vulnerable

This browser ran the most recent scan
Tested on
Chrome Mobile - 92 - Android
jQuery VersionIs it Vulnerable?
1Some Error Occured

User Script (ENUM_FUNCTION)

					
// Custom Functions
var jQuery_version = '';
function vulnerable(){
    addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>');
}

function safe(){
    addSuccess('jQuery '+ jQuery_version, 'Safe');
}
    
function removeIframe(){
    var x = document.getElementById('jQueryFrameID');
    x.parentNode.removeChild(x);
}

// Test Function
function test(data){
	// We need to separate properties and access one by one.
try{
    jQuery_version = data;
    var jQueryFrame = document.createElement('iframe');
    jQueryFrame.id = 'jQueryFrameID';
    jQueryFrame.onload = function(){
            var jQueryScript = jQueryFrame.contentWindow.document.createElement('script');
            jQueryScript.type = 'text/javascript';
            jQueryScript.src = `https://code.jquery.com/jquery-${jQuery_version}.min.js`;
            jQueryFrame.contentWindow.document.body.appendChild(jQueryScript);
            jQueryScript.onload = function(){
                var exploitScript = "try{function bad(){parent.vulnerable(); parent.removeIframe();} $('#foo <img src=x onerror=bad();>');} catch(err){parent.safe();parent.removeIframe();}";
                var exploit = jQueryFrame.contentWindow.document.createElement('script');
                exploit.type = 'text/javascript';
                exploit.innerHTML = exploitScript;
                jQueryFrame.contentWindow.document.body.appendChild(exploit);
                
            };
            jQueryScript.onerror = function(){
                addResult(data ,  'Some Error Occured');
            }
    };
    document.body.appendChild(jQueryFrame);

}

catch(err){
	addInfo(data ,  'Some Error Occured');
}

}
					
				
					
				

Enum Data (ENUM_FUNCTION)

					
// Taken from jQuery Versions Under, https://developers.google.com/speed/libraries/devguide#jquery
var data = ['3.6.0','1.12.4','2.2.4'];