#7509 closed bug (invalid)
Report of XSS in jquery.com
| Reported by: | Owned by: | jdsharp | |
|---|---|---|---|
| Priority: | undecided | Milestone: | 1.5 |
| Component: | web | Version: | 1.4.4 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Report of XSS in forum.query.com and jquery.com, etc.
We tried to make a few private contacts but received no response. We've fingerprinted Cross Site Scripting and provide a Forum Poc:
http://forum.jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1
Also provided is a jquery.com PoC:
http://jquery.com/?d53cd"><script>alert(1)</script>f59c917a6e7=1
As noted, this can be reproduced en mass.
We'd appreciate someone from the jquery team sending us email to h02332
@
/ gmail
.\ com as we have a number of bugs to provide privately.
Thank You.
Hoyt LLC Research
Change History (12)
comment:1 Changed 9 years ago by
| Component: | unfiled → web |
|---|---|
| Owner: | set to jdsharp |
comment:2 Changed 9 years ago by
comment:9 Changed 9 years ago by
| Status: | new → assigned |
|---|
comment:10 Changed 9 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | assigned → closed |
None of these reports are valid. Just because IE says it’s “changed the page” to prevent XSS doesn’t mean there is actually a vulnerability on the page, and in these cases, there was indeed no vulnerability.
comment:11 Changed 9 years ago by
Hello-
This is the first update we've seen on this ticket.. we don't publish live PoC's for frameworks.. however, some additional info can help..
Request GET /?d53cd"><script>alert(1)</script>f59c917a6e7=1 HTTP/1.1 Host: forum.jquery.com
Response HTTP/1.1 200 OK Set-Cookie: zdccn=ba2a8341-6714-4548-ba38-cb44b081796e; Path=/ <head> <link rel="SH ...[SNIP]... <a href="/portalLogin.do?serviceurl=/?d53cd"><script>alert(1)</script>f59c917a6e7=1&forumGroupUrl=jquery"> ...[SNIP]...
This is JqueryUI ... cookies too.. http://cloudscan.blogspot.com/2010/11/jqueryuicom-cross-site-scripting.html
From the looks of this ticket, it doesn't look like more info is requested, so we'll publish the data. Sorry you didn't find the info useful.
comment:12 Changed 9 years ago by
forum.jquery.com is not our property. We have no control over the code. You should talk to Zoho about that.
#7510 is a duplicate of this ticket.