jquery – Page 3 – WindowsTechs.com

How to exploit publicy known vunerable version of jquery?

Posted on April 27, 2019 by Tomi Begher

I am trying to see how a publicly known "vulnerable version of the library jquery" can be exploited to make proof of concepts to website owners.
Let’s say we have jquery version 2.1.1 that has known security issues.
If you search… Continue reading How to exploit publicy known vunerable version of jquery?→

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

Posted on April 17, 2019 by Swati Khandelwal

Drupal, the popular open-source content management system, has released security updates to address multiple “moderately critical” vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of w… Continue reading Drupal Releases Core CMS Updates to Patch Several Vulnerabilities→

Bypass a simple XSS filter that only looks at <

Posted on April 5, 2019 by Phani

Say, I have a page where the input from the user is taken and is passed through a simple client-side XSS filter. That filter only replaces < characters with ”.

in = in.replace(/[<]/g, ”);

The input is then passed o… Continue reading Bypass a simple XSS filter that only looks at <→

Is there a way to exploit jquery 1.12.4 vulnerability?

Posted on March 22, 2019 by idkn

According to https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jquery+1.12.4 and https://snyk.io/test/npm/jquery/1.12.4, I see that jQuery 1.12.4 has medium serevrity vulnerability.

I checked on exploit-db and searchsploit to… Continue reading Is there a way to exploit jquery 1.12.4 vulnerability?→

Is this code vulnerable to DOM based XSS? jquery wrap()

Posted on February 3, 2019 by John Flow

Data is read from window.location and passed to the wrap() function of function of jQuery via the following statement:

t.Location.wrap(window.location)

The version of jQuery in use is the 1.12.1 – Is this code vulnerable t… Continue reading Is this code vulnerable to DOM based XSS? jquery wrap()→

XSS with escaped equal sign inside jQuery selector

Posted on January 11, 2019 by Alex Velickiy

Web-site uses jQuery 1.8.3 which has known XSS vulnerability in selector. (https://snyk.io/vuln/npm:jquery:20120206).

It passes filtered and urldecoded document.location.hash (val2 below) value inside selector.

$(‘div[data-foo=\”+filter… Continue reading XSS with escaped equal sign inside jQuery selector→

Is this code vulnerable to dom based XSS?

Posted on December 20, 2018 by Jamyzed

Is this code vulnerable to DOM based XSS?

The application is using jQuery 3.3.1 and i noticed that Data is read from

window.location.hash and passed to $() via the following statements:

var hash = window.location.hash.sub… Continue reading Is this code vulnerable to dom based XSS?→

Bugs, Breaches, and More! – Application Security Weekly #36

Posted on October 24, 2018 by Security Weekly Productions

Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, and a remote code implantation flaw found in Medtronic Cardiac Programmers. Full Show Note… Continue reading Bugs, Breaches, and More! – Application Security Weekly #36→

LibSSH, WordPress, and LIVE555 – Hack Naked News #194

Posted on October 23, 2018 by Security Weekly Productions

This week, Critical Code execution flaws, WordPress working on wiping older versions from existence, Multiple serious flaws in Drupal, TCP/IP flaws leave IoT gear open to mass hijacking, jQuery plugin actively exploited for at least three years, Flaw i… Continue reading LibSSH, WordPress, and LIVE555 – Hack Naked News #194→

Popular website plugin harboured a serious 0-day for years

Posted on October 22, 2018 by John E Dunn

The flaw in the popular file uploader allows an attacker to upload files and run their own command line shell on any affected server. Continue reading Popular website plugin harboured a serious 0-day for years→