Re: -https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
200 OK
Content-Length: 91342
Content-Type: text/javascript
clean
-https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
Detected libraries:
jquery - 1.6.1 : -https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
1 vulnerable library detected
DOM XSS issues: Results from scanning URL: -https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
Number of sources found: 40
Number of sinks found: 19
Sizzle.js exploits: http://blog.9bplus.com/if-i-were-an-attacker-third-party-js-librarie/
→ https://oscarotero.com/embed/demo/index.php?url=https%3A%2F%2Fajax.googleapis.com%2Fajax%2Flibs%2Fjquery%2F1.6.1%2Fjquery.min.js+&options[minImageWidth]=0&options[minImageHeight]=0&options[facebookAccessToken]=&options[embedlyKey]=&options[soundcloudClientId]=YOUR_CLIENT_ID&options[oembedParameters]=
Makes some shellcode attacks possible…
polonus (volunteer website security analyst and website error-hunter)