Bug Tracker

Modify

Ticket #7509 (closed bug: invalid)

Opened 3 years ago

Last modified 2 years ago

Report of XSS in jquery.com

Reported by: h02332@… Owned by: jdsharp
Priority: undecided Milestone: 1.5
Component: web Version: 1.4.4
Keywords: Cc:
Blocking: Blocked by:

Description

Report of XSS in forum.query.com and jquery.com, etc.

We tried to make a few private contacts but received no response. We've fingerprinted Cross Site Scripting and provide a Forum Poc:

 http://forum.jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1

Also provided is a jquery.com PoC:

 http://jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1

As noted, this can be reproduced en mass.

We'd appreciate someone from the jquery team sending us email to h02332
@
/ gmail
.\ com as we have a number of bugs to provide privately.

Thank You.

Hoyt LLC Research

Change History

comment:1 Changed 3 years ago by addyosmani

  • Owner set to jdsharp
  • Component changed from unfiled to web

comment:2 Changed 3 years ago by dmethvin

#7510 is a duplicate of this ticket.

comment:3 Changed 3 years ago by dmethvin

#7511 is a duplicate of this ticket.

comment:4 Changed 3 years ago by dmethvin

#7512 is a duplicate of this ticket.

comment:5 Changed 3 years ago by dmethvin

#7513 is a duplicate of this ticket.

comment:6 Changed 3 years ago by dmethvin

#7514 is a duplicate of this ticket.

comment:7 Changed 3 years ago by dmethvin

#7515 is a duplicate of this ticket.

comment:8 Changed 3 years ago by dmethvin

#7516 is a duplicate of this ticket.

comment:9 Changed 3 years ago by SlexAxton

  • Status changed from new to assigned

comment:10 Changed 3 years ago by snover

  • Status changed from assigned to closed
  • Resolution set to invalid

None of these reports are valid. Just because IE says it’s “changed the page” to prevent XSS doesn’t mean there is actually a vulnerability on the page, and in these cases, there was indeed no vulnerability.

comment:11 Changed 3 years ago by anonymous

Hello-

This is the first update we've seen on this ticket.. we don't publish live PoC's for frameworks.. however, some additional info can help..

Request GET /?d53cd"><script>alert(1)</script>f59c917a6e7=1 HTTP/1.1 Host: forum.jquery.com

Response HTTP/1.1 200 OK Set-Cookie: zdccn=ba2a8341-6714-4548-ba38-cb44b081796e; Path=/ <head> <link rel="SH ...[SNIP]... <a href="/portalLogin.do?serviceurl=/?d53cd"><script>alert(1)</script>f59c917a6e7=1&forumGroupUrl=jquery"> ...[SNIP]...

This is JqueryUI ... cookies too..  http://cloudscan.blogspot.com/2010/11/jqueryuicom-cross-site-scripting.html

From the looks of this ticket, it doesn't look like more info is requested, so we'll publish the data. Sorry you didn't find the info useful.

comment:12 Changed 3 years ago by snover

forum.jquery.com is not our property. We have no control over the code. You should talk to  Zoho about that.

Please follow the  bug reporting guidlines and use  jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.

View

Add a comment

Modify Ticket

Action
as closed
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.