Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-11358 PoC — jQuery 跨站脚本漏洞

Source
https://github.com/isacaya/CVE-2019-11358
Associated Vulnerability
Title:jQuery 跨站脚本漏洞 (CVE-2019-11358)
Description:jQuery是美国John Resig个人开发者的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作,并具有模块化、插件扩展等特点。 jQuery 3.4.0之前版本中存在跨站脚本漏洞,该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Readme
# CVE-2019-11358 (Prototype Pollution)
A simple poc of prototype pollution that occurs in the jQuery's (<3.4.0) extension method.
* The first argument(deep) in the extend method must be true.
File Snapshot

 [4.0K]  /data/pocs/6b92f686c0ad2de57eba0ec356a033012ef53565
├── [ 521]  PoC.html
└── [ 192]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.