jQuery DOM XSS漏洞

K2epUp

已于 2022-01-19 16:39:35 修改

阅读量1.1k

点赞数

分类专栏：渗透测试文章标签： jquery javascript css

于 2022-01-19 16:37:13 首次发布

本文链接：https://blog.csdn.net/ZPFCD/article/details/122584329

版权

渗透测试专栏收录该内容

5 篇文章 0 订阅

订阅专栏

JQuery DOM方法中XSS漏洞：

漏洞截图：

测试代码：

<html class=" -webkit- js flexbox canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers no-applicationcache svg inlinesvg smil svgclippaths" style=""><head> <meta charset="UTF-8"><title>HTML5 Preview Panel</title><style>html {
    height: 100%;
}
body {
    background: #ff8800 -webkit-linear-gradient(transparent, rgba(100, 0, 0, 0.3));
    background: #ff8800 linear-gradient(transparent, rgba(100, 0, 0, 0.3));
    color: #333;
    margin: 1em;
}
h1 {
    color: black;
}
hr {
    border: 1px solid #ffaa00;
}
a {
    color: #ffff33;
}
#wrap {
    max-width: 500px;
    text-align: center;
    margin: 0 auto;
}
form {
    margin-bottom: 2em;
}
code {
    font-weight: normal;
    color: #800;
}
.info {
    font-size: 0.8em;
}
.out {
    min-height: 80px;
    border: 1px solid silver;
    background: #ddd;
    margin-bottom: 2em;
    color: #888;
}</style><script src="http://test.com.cn/js/jquery-1.7.2.min.js"></script></head><body><div id="wrap">
    <h1>XSS vulnerabilities in jQuery DOM methods</h1>

    <hr>

    <h3>Input</h3>
    <form>
        <input id="test" placeholder="Enter malicious input here" size="40" value="<script>alert('XSS injected!');</script>">
        <input type="submit" value="Submit">
    </form>

    <hr>

    <h3>Output (native <code>innerHTML</code>)</h3>
    <p class="info">The <a href="https://www.w3.org/TR/2008/WD-html5-20080610/dom.html#innerhtml0" target="_blank">HTML5 spec</a> states that script tags inserted via <code>innerHTML</code> will not be executed.</p>
    <div class="out" id="output-inner">
        Injection goes here...
    </div>

    <h3>Output (<code>$.html()</code>)</h3>
    <p class="info">jQuery DOM methods strip and <code>eval()</code> any script tags passed in, exposing an XSS vulnerability.</p>
    <div class="out" id="output-html">
        Injection goes here...
    </div>

    <h3>Output (<code>$.text()</code>)</h3>
    <p class="info">This method treats the passed string as a textNode, preventing it from being executed by the browser.</p>
    <div class="out" id="output-text">
        Injection goes here...
    </div>
</div>

<script src="http://test.com.cn/js/jquery-1.7.2.min.js"></script><script>$('form').on('submit', function(e) {
    e.preventDefault();

    var ov = $('#test').val();

    $('#output-inner').get(0).innerHTML = ov;
    $('#output-html').html(ov); // Comment this out to see how innerHTML does not fire the dialog
    $('#output-text').text(ov);

});</script></body></html>

参考链接：jQuery DOM方法中的XSS漏洞演示 - 踏得网

K2epUp

关注

0
点赞
踩
2

收藏

觉得还不错? 一键收藏
打赏
0
评论
jQuery DOM XSS漏洞

JQuery DOM方法中XSS漏洞：<html class=" -webkit- js flexbox canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow
复制链接

扫一扫