Scribd Logo
Upload

Welcome to Scribd!

  • 22 views

    Jquery 1.4

    Uploaded by

    羽山
    The jQuery JavaScript library version 1.4.1 contains vulnerable code on lines 119 and 120 that could allow unauthorized attackers to read sensitive data transported using JavaScript notation from vulnerable applications. Applications using jQuery to transport sensitive data can be at risk of JavaScript hijacking attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Jquery 1.4

    Uploaded by

    羽山
    22 views3 pages
    The jQuery JavaScript library version 1.4.1 contains vulnerable code on lines 119 and 120 that could allow unauthorized attackers to read sensitive data transported using JavaScript notation from vulnerable applications. Applications using jQuery to transport sensitive data can be at risk of JavaScript hijacking attacks.

    Original Title

    jquery 1.4

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The jQuery JavaScript library version 1.4.1 contains vulnerable code on lines 119 and 120 that could allow unauthorized attackers to read sensitive data transported using JavaScript notation from vulnerable applications. Applications using jQuery to transport sensitive data can be at risk of JavaScript hijacking attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    22 views3 pages

    Jquery 1.4

    Uploaded by

    羽山
    The jQuery JavaScript library version 1.4.1 contains vulnerable code on lines 119 and 120 that could allow unauthorized attackers to read sensitive data transported using JavaScript notation from vulnerable applications. Applications using jQuery to transport sensitive data can be at risk of JavaScript hijacking attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 3

    jquery-1.4.1.min.

    js, line 119 (JavaScript Hijacking: Vulnerable Framework)


    Priority: Folder Info
    Kingdom: Encapsulation
    Abstract: Applications that use JavaScript notation
    to transport sensitive data can be
    vulnerable to JavaScript hijacking, which
    allows an unauthorized attacker to read
    confidential data from a vulnerable
    application.
    Sink: jquery-1.4.1.min.js:119
    117 J(),qb=/<script(.|\s)*?\/script>/gi,rb=/select|textar
    ea/i,sb=/color|date|datetime|email|hidden|month|nu
    mber|password|range|search|tel|text|time|url|week/
    i,N=/=\?(&|$)/,ja=/\?/,tb=/(\?|&)_=.*?(&|$)/,ub=
    /^(\w+:)?\/\/([^\/?#]+)/,vb=/%20/g;c.fn.extend(
    {_load:c.fn.load,load:function(a,b,d){if(typeof
    a!=="string")return this._load(a);else
    if(!this.length)return this;var f=a.indexOf("
    ");if(f>=0){var
    e=a.slice(f,a.length);a=a.slice(0,f)}f="GET";if(b)if(c.is
    Function(b)){d=b;b=null}else if(typeof
    b==="object"){b=
    118 c.param(b,c.ajaxSettings.traditional);f="POST"}var
    i=this;c.ajax({url:a,type:f,dataType:"html",data:b,com
    plete:function(j,n){if(n==="success"||n==="notmodif
    ied")i.html(e?c("<div
    />").append(j.responseText.replace(qb,"")).find(e):j.r
    esponseText);d&&i.each(d,[j.responseText,n,j])}});ret
    urn this},serialize:function(){return
    c.param(this.serializeArray())},serializeArray:function
    (){return this.map(function(){return
    this.elements?c.makeArray(this.elements):this}).filter
    (function(){return this.name&&!this.disabled&&
    119 (this.checked||rb.test(this.nodeName)||sb.test(this.ty
    pe))}).map(function(a,b){a=c(this).val();return
    a==null?null:c.isArray(a)?c.map(a,function(d){return{
    name:b.name,value:d}}):{name:b.name,value:a}}).ge
    t()}});c.each("ajaxStart ajaxStop ajaxComplete
    ajaxError ajaxSuccess ajaxSend".split("
    "),function(a,b){c.fn[b]=function(d){return
    this.bind(b,d)}});c.extend({get:function(a,b,d,f){if(c.i
    sFunction(b)){f=f||d;d=b;b=null}return
    c.ajax({type:"GET",url:a,data:b,success:d,dataType:f})
    },getScript:function(a,
    120 b){return
    c.get(a,null,b,"script")},getJSON:function(a,b,d){retur
    n
    c.get(a,b,d,"json")},post:function(a,b,d,f){if(c.isFuncti
    on(b)){f=f||d;d=b;b={}}return
    c.ajax({type:"POST",url:a,data:b,success:d,dataType:f
    })},ajaxSetup:function(a){c.extend(c.ajaxSettings,a)}
    ,ajaxSettings:{url:location.href,global:true,type:"GET",
    contentType:"application/x-www-form-
    urlencoded",processData:true,async:true,xhr:z.XMLHtt
    pRequest&&(z.location.protocol!=="file:"||!z.ActiveXO
    bject)?function(){return new z.XMLHttpRequest}:
    121 function(){try{return new
    z.ActiveXObject("Microsoft.XMLHTTP")}catch(a){}},ac
    cepts:{xml:"application/xml,
    text/xml",html:"text/html",script:"text/javascript,
    application/javascript",json:"application/json,
    text/javascript",text:"text/plain",_default:"*/*"}},las
    tModified:{},etag:{},ajax:function(a){function
    b(){e.success&&e.success.call(o,n,j,w);e.global&&f("a
    jaxSuccess",[w,e])}function
    d(){e.complete&&e.complete.call(o,w,j);e.global&&f("
    ajaxComplete",[w,e]);e.global&&!--
    c.active&&c.event.trigger("ajaxStop")}
     

    jquery-1.4.1.min.js, line 120 (JavaScript Hijacking: Vulnerable Framework)


    Priority: Folder Info
    Kingdom: Encapsulation
    Abstract: Applications that use JavaScript notation
    to transport sensitive data can be
    vulnerable to JavaScript hijacking, which
    allows an unauthorized attacker to read
    confidential data from a vulnerable
    application.
    Sink: jquery-1.4.1.min.js:120
    118 c.param(b,c.ajaxSettings.traditional);f="POST"}var
    i=this;c.ajax({url:a,type:f,dataType:"html",data:b,com
    plete:function(j,n){if(n==="success"||n==="notmodif
    ied")i.html(e?c("<div
    />").append(j.responseText.replace(qb,"")).find(e):j.r
    esponseText);d&&i.each(d,[j.responseText,n,j])}});ret
    urn this},serialize:function(){return
    c.param(this.serializeArray())},serializeArray:function
    (){return this.map(function(){return
    this.elements?c.makeArray(this.elements):this}).filter
    (function(){return this.name&&!this.disabled&&
    119 (this.checked||rb.test(this.nodeName)||sb.test(this.ty
    pe))}).map(function(a,b){a=c(this).val();return
    a==null?null:c.isArray(a)?c.map(a,function(d){return{
    name:b.name,value:d}}):{name:b.name,value:a}}).ge
    t()}});c.each("ajaxStart ajaxStop ajaxComplete
    ajaxError ajaxSuccess ajaxSend".split("
    "),function(a,b){c.fn[b]=function(d){return
    this.bind(b,d)}});c.extend({get:function(a,b,d,f){if(c.i
    sFunction(b)){f=f||d;d=b;b=null}return
    c.ajax({type:"GET",url:a,data:b,success:d,dataType:f})
    },getScript:function(a,
    120 b){return
    c.get(a,null,b,"script")},getJSON:function(a,b,d){retur
    n
    c.get(a,b,d,"json")},post:function(a,b,d,f){if(c.isFuncti
    on(b)){f=f||d;d=b;b={}}return
    c.ajax({type:"POST",url:a,data:b,success:d,dataType:f
    })},ajaxSetup:function(a){c.extend(c.ajaxSettings,a)}
    ,ajaxSettings:{url:location.href,global:true,type:"GET",
    contentType:"application/x-www-form-
    urlencoded",processData:true,async:true,xhr:z.XMLHtt
    pRequest&&(z.location.protocol!=="file:"||!z.ActiveXO
    bject)?function(){return new z.XMLHttpRequest}:
    121 function(){try{return new
    z.ActiveXObject("Microsoft.XMLHTTP")}catch(a){}},ac
    cepts:{xml:"application/xml,
    text/xml",html:"text/html",script:"text/javascript,
    application/javascript",json:"application/json,
    text/javascript",text:"text/plain",_default:"*/*"}},las
    tModified:{},etag:{},ajax:function(a){function
    b(){e.success&&e.success.call(o,n,j,w);e.global&&f("a
    jaxSuccess",[w,e])}function
    d(){e.complete&&e.complete.call(o,w,j);e.global&&f("
    ajaxComplete",[w,e]);e.global&&!--
    c.active&&c.event.trigger("ajaxStop")}
    122 function
    f(q,p){(e.context?c(e.context):c.event).trigger(q,p)}v
    ar
    e=c.extend(true,{},c.ajaxSettings,a),i,j,n,o=a&&a.cont
    ext||e,m=e.type.toUpperCase();if(e.data&&e.processD
    ata&&typeof
    e.data!=="string")e.data=c.param(e.data,e.traditional
    );if(e.dataType==="jsonp"){if(m==="GET")N.test(e.u
    rl)||(e.url+=(ja.test(e.url)?"&":"?")+(e.jsonp||"callba
    ck")+"=?");else
    if(!e.data||!N.test(e.data))e.data=(e.data?e.data+"&":
    "")+(e.jsonp||"callback")+"=?";e.dataType="json"}if(
    e.dataType==="json"&&(e.data&&N.test(e.data)||
     

    You might also like