Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

jQuery Validate 1.6.0 Cross Site Scripting

🗓️ 24 Feb 2010 00:00:00Reported by CodeScan LabsType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

jQuery Validate 1.6.0 Cross Site Scripting in SilverStripe 2.3.X to 2.3.

Code
`+----------------------------------------------+  
ADVISORY – jQuery Validate 1.6.0 Demo Code   
  
AFFECTED PACKAGES   
> jQuery Validate 1.6.0   
> SilverStripe 2.3.X to 2.3.5   
  
Discovered By CodeScan.com   
+----------------------------------------------+  
  
Vendor's Website:   
http://bassistance.de/jquery-plugins/jquery-plugin-validation/  
  
  
CodeScan Labs (www.codescan.com), has recently   
released a new source code scanning tool,   
CodeScan. CodeScan is an advanced auditing tool   
designed to check web application source code   
for security vulnerabilities. CodeScan utilises   
an intelligent source code parsing engine,   
traversing execution paths and tracking the flow  
of user supplied input.  
  
During the ongoing testing of CodeScan PHP, the   
jQuery.Validate demonstration code was discovered  
within another project.   
  
  
  
  
<<< CROSS SITE SCRIPTING THROUGH ECHO >>>  
  
XSS in [form.php], folder [demo].   
(Full Path:   
  
  
$user = $_REQUEST['user'];  
$pw = $_REQUEST['password'];  
if($user && $pw && $pw == "foobar")  
echo "Hi $user, welcome back."  
  
  
<<< PROOF OF CONCEPT >>>  
  
http://[host]/validate/demo/form.php?user=%3Cscript%3Ealert%28%27Proof%20of%20Concept%27%29;%3C/script%3E&password=foobar  
  
  
<<< YES, WE REALISE THIS IS DEMO CODE >>>  
  
A simple Google search unearthed a number of   
results for the existence of this plugin/demo  
within SVN repositories, as well as on live web  
servers. Demo or not, it has been included in  
distributions (Such as SilverStripe) – and has  
been deployed in live environments.  
  
  
<<< RESPONSIBLE DISCLOSURE >>>  
  
We have attempted to make contact with the   
author of this plugin, to no avail.  
  
We successfully made contact with the   
SilverStripe team who promptly tidied up.  
Quick response, well done.   
  
<<< EXPLICIT RECCOMENDATIONS >>>  
  
SilverStripe Users: Upgrade to the latest  
version of SilverStripe (2.3.6 at time of  
writing), and ensure the file is deleted.  
  
Other Users: Chances are you do not need  
this file in your project, so delete the  
[form.php] file. Otherwise, ensure proper  
Sanitization.  
  
  
<<< CLOSING NOTES >>>  
  
You may be able to write secure code, but the  
code you get from third parties can put you at  
risk. Always review the code of third parties  
(including/especially plug ins) – not doing so  
puts you at unnecessary risk.  
  
--   
This message has been scanned for viruses and  
dangerous content by Bizo EmailFilter, and is  
believed to be clean.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Feb 2010 00:00Current
7.4High risk
Vulners AI Score7.4
security vulnerabilitycross site scriptingjquery validatesilverstripecodescansource code scanningdemo coderesponsible disclosuresanitization
24