armin
Reputation: 37
DoM XSS in jquery
here is a DOM based vulnerability: Query Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') These jQuery libraries cause DOM XSS when a user controlled value is passed as a the class selected [$('.'+ className)]
But I don't know about the attack vector. Can you give me an example?
Upvotes: 0
Views: 2309
Answers (1)
tguglanaklona
Reputation: 31
Here is the action script (scroll down the page): http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
You can see the result of the js "exploit" variable injection in DOM. (Un)fortunately jQuery, and the old versions, is such-alike.
Upvotes: 1
Related Questions
- How prevent DOM XSS
- Prevent XSS in jQuery html()
- How to execute Javascript inside jQuery selector
- jquery xss prevention when using html()
- XSS safe html decode for Javascript
- xss javascript protection
- Preventing XSS in innerHTML attribute
- Trying to create a DOM based XSS example
- Protect JQuery code against XSS
- Preventing DOM XSS