jquery – Page 2 – WindowsTechs.com

DOM Based XSS and Adding HTML Elements

Posted on May 18, 2020 by FamousAv8er

So as a rule of thumb I once learned that adding or removing HTML with JavaScript/JQuery (.html(),.append(), etc) leaves yourself wide open for DOM Based XSS Attacks. It is now my understanding that this is not 100% true. Supposedly there … Continue reading DOM Based XSS and Adding HTML Elements→

JQuery function inside Script Tag. How to execute XSS in such a scenario?

Posted on December 2, 2019 by Himanshu Kumar

The value of currentPage: can be controlled by the user. All characters (like: ” ‘ ( ) / ; : except < & > are injected without being sanitized.

Is there any possible way to execute XSS in such a scenario?

<scr… Continue reading JQuery function inside Script Tag. How to execute XSS in such a scenario?→

I want to hide my youtube embeded code from my source code [on hold]

Posted on September 18, 2019 by Saad Shaikh

I have iframe in my website i want it to be encrypted so that user can’t understand the link and when user try to paste on browser it should show the video

Is it really Security Misconfiguration to show a version number?

Posted on August 13, 2019 by stormtrooper

Our web application uses a HTML file with jQuery embedded inside.
According to the jQuery license (https://jquery.org/license/), we have to leave the license header intact, including the version number.

Our client reported e… Continue reading Is it really Security Misconfiguration to show a version number?→

Cross-Site Scripting (XSS) in ASP.NET Core

Posted on August 9, 2019 by kite

I am working on a site which is vulnerable to XSS attacks when a cross-domain AJAX request is performed without the dataType option causing text/javascript responses to be executed.

$.get(‘https://sakurity.com/jqueryxss’)

j… Continue reading Cross-Site Scripting (XSS) in ASP.NET Core→

Weather Channel, Shopify, & SAC – Hack Naked News #221

Posted on June 4, 2019 by Security Weekly Productions

This week, SUPRA Smart TV flaw lets attackers hijack screens with no video, 20,000 Linksys routers leak historic record of every device ever connected, a new attack creates ghost taps on Android smartphones, and an Australian teenager that hacked i… Continue reading Weather Channel, Shopify, & SAC – Hack Naked News #221→

jQuery-1.11.0 xss p0c

Posted on May 21, 2019 by the_me

I have a web application at the workshop that uses the old jQuery-1.11.0 library, where
jQuery.globalEval (text);
hence every text/javascript responses gets executed, and in my case it looks like:
> jQuery.get(‘https://m… Continue reading jQuery-1.11.0 xss p0c→

How to exploit publicy known vunerable version of jquery?

Posted on April 27, 2019 by Tomi Begher

I am trying to see how a publicly known "vulnerable version of the library jquery" can be exploited to make proof of concepts to website owners.
Let’s say we have jquery version 2.1.1 that has known security issues.
If you search… Continue reading How to exploit publicy known vunerable version of jquery?→

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

Posted on April 17, 2019 by Swati Khandelwal

Drupal, the popular open-source content management system, has released security updates to address multiple “moderately critical” vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of w… Continue reading Drupal Releases Core CMS Updates to Patch Several Vulnerabilities→

Bypass a simple XSS filter that only looks at <

Posted on April 5, 2019 by Phani

Say, I have a page where the input from the user is taken and is passed through a simple client-side XSS filter. That filter only replaces < characters with ”.

in = in.replace(/[<]/g, ”);

The input is then passed o… Continue reading Bypass a simple XSS filter that only looks at <→