Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-11023 PoC — jQuery 跨站脚本漏洞

Source
https://github.com/Cybernegro/CVE-2020-11023
Associated Vulnerability
Title:jQuery 跨站脚本漏洞 (CVE-2020-11023)
Description:jQuery是美国John Resig个人开发者的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作,并具有模块化、插件扩展等特点。 jQuery 1.0.3版本至3.5.0之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Description
CVE-2020-11023  PoC for bug bounty.
Readme

# CVE-2020-11023 POC Dom XSS
This proof of concept, demostraste an security flaw of dom-bases XSS manipulating and using JQuery DOM Methods. eg:(.append, .text,.html)


Payload i used:
alert("Text: " + $("#test").text());


To test the vulnerability do the following:

1. Open and web console, on your browser and in the scope site.

2. Go to the console window and put the following payload:

3. Payload: 
alert("Text: " + $("#test").text());
File Snapshot

 [4.0K]  /data/pocs/815702c7c2ab097c63fca5328ff0fe1ac7d44f23
└── [ 445]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.