JQuery version vulnerable!

Viruses and worms
1

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcode.jquery.com%2Fjquery-1.9.1.js
See: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
Where we found this: http://killmalware.com/italiansmoke.tk/
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fitaliansmoke.tk%2F
Has Trojan.Script.Heuristic-js.iacgm.
Avast detects as HTML-Defacement-V[Trj].

pol

2

code.jquery.com/jquery-1.9.1.js
https://www.virustotal.com/nb/file/7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40/analysis/1439897877/

italiansmoke.tk/
https://www.virustotal.com/nb/file/91cad11d99e36fc713064a56b15f0c505a6ba55905a69701613b3a7a0ec64e26/analysis/1439898023/

3

Hi Pondus,

Still vulnerable

Comment by romain.g...@gmail.com, Jul 8, 2015
New sinks based on data schemes:

jQuery.ajax({url: userContent})
jQuery.get(userContent)
jQuery.post(userContent)

That means:

\f\n\r\t\v​\u00a0\u1680​\u180e\u2000​\u2001\u2002​\u2003\u2004​ \u2005\u2006​\u2007\u2008​\u2009\u200a​\u2028\u2029​​\u202f\u205f​\u3000
are allowed.

A form of protection: https://www.box.com/blog/securing-jquery-against-unintended-xss/ credits go to Nicolas Zakas

polonus

P.S. [quote]“Manual code review is hell – have you seen JavaScript lately?” Ory Segal
[/qoute]