关联漏洞
标题:
jQuery 跨站脚本漏洞
(CVE-2020-11023)
描述:jQuery是美国John Resig个人开发者的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作,并具有模块化、插件扩展等特点。 jQuery 1.0.3版本至3.5.0之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
介绍
# 💥 CVE-2020-11023 Scanner: Find and Conquer XSS Before It's Too Late! 💥
[](https://en.wikipedia.org/wiki/Static_program_analysis) [](https://en.wikipedia.org/wiki/Dynamic_program_analysis) [](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023)
Are you haunted by the specter of **Cross-Site Scripting (XSS) vulnerabilities** lurking in your JavaScript code? Worried about **CVE-2020-11023** leaving your web applications open to attack? Fear no more! The **CVE-2020-11023 Scanner** is here to help you find and conquer those pesky vulnerabilities!
This **fast** and **reliable** **static analysis** tool is designed to scan JavaScript files and web pages for the telltale signs of XSS vulnerabilities, especially those related to CVE-2020-11023. It focuses on **jQuery** versions before 3.5.0, which are known to be susceptible.
**Disclaimer:** Remember, this tool performs **static analysis only**. It doesn't execute any code, so it can't guarantee exploitability with the same certainty as dynamic analysis. **Always manually review the findings and perform further testing to confirm the actual risk!**
## ✨ Killer Features:
* **🔎 Versatile Scanning:**
* **URLs:** Crawls web pages, analyzing both inline and external JavaScript files.
* **Local Files & Directories:** Recursively scans local directories for `.js` files.
* **🕵️♂️ Vulnerable jQuery Detection:** Pinpoints jQuery versions known to be affected by CVE-2020-11023.
* **🚨 Dangerous Pattern Identification:** Flags the use of potentially dangerous jQuery DOM manipulation methods like `.html()`, `.append()`, `.after()`, `.before()`, and `.replaceWith()` when used with potentially unsafe inputs.
* **🔍 Unsafe Input Source Tracking:** Detects the use of potentially untrusted data sources like `window.location`, `document.cookie`, and more.
* **🚀 Application Code Focus:** Skips common third-party libraries (jQuery, Bootstrap, etc.) by default to reduce noise and zero in on your code.
* **🌐 Deep Scanning (Optional):** Recursively crawls linked JavaScript files on web pages for a more thorough analysis.
* **📃 Clear and Concise Reporting:** Generates a report highlighting potential vulnerabilities with details about their location and severity.
## 🛠️ Requirements
* Python 3.x
* `requests` library (`pip install requests`)
* `beautifulsoup4` library (`pip install beautifulsoup4`)
* `packaging` library (`pip install packaging`)
## ⚡ Quick Installation
1. **Clone this repository:**
```bash
git clone <your-repository-url>
cd <your-repo-name>
```
2. **Install the dependencies:**
```bash
pip install -r requirements.txt
```
## 🚀 Usage
**Command-line arguments:**
* `--url <URL>`: Specifies the target URL to scan.
* `--file <path>`: Specifies a local file or directory path to scan.
* `--deep`: Enables deep scanning for URLs (recursive crawling of linked JavaScript files).
**Examples:**
* **Scan a website (with deep scanning):**
```bash
python scan.py --url [https://www.example.com](https://www.example.com) --deep
```
* **Scan a local JavaScript file:**
```bash
python scan.py --file /path/to/your/file.js
```
* **Scan a local directory recursively:**
```bash
python scan.py --file /path/to/your/directory
```
**Example Report:**
```text
════════════════════════════════════════════════════════════════════════════════════════════
VULNERABILITY SCAN REPORT
CVE-2020-11023
════════════════════════════════════════════════════════════════════════════════════════════
■ [POTENTIAL VULNERABLE] JQUERY_VERSION
Location: [https://www.example.com/](https://www.example.com/)
Line: N/A
Code: Update to >=3.5.0
Details: jQuery 3.4.0 (POTENTIALLY VULNERABLE)
■ [POTENTIAL VULNERABLE] METHOD_APPEND
Location: [https://support.google.com/photos/thread/202686606/apakah-foto-atau-video-yg-dihapus-secara-permanen-tidak-akan-bisa-kembali-lagi?hl=id](https://support.google.com/photos/thread/202686606/apakah-foto-atau-video-yg-dihapus-secara-permanen-tidak-akan-bisa-kembali-lagi?hl=id)
Line: 25
Code: element.append(data);
Details: Unsafe variable: data, Direct source: window.location
■ [INFO] JQUERY_VERSION
Location: [https://support.google.com/photos/thread/202686606/apakah-foto-atau-video-yg-dihapus-secara-permanen-tidak-akan-bisa-kembali-lagi?hl=id](https://support.google.com/photos/thread/202686606/apakah-foto-atau-video-yg-dihapus-secara-permanen-tidak-akan-bisa-kembali-lagi?hl=id)
Line: N/A
Code: Safe version
Details: jQuery 3.6.0 (SAFE)
🛡️ Recommendations
Update jQuery: If a vulnerable jQuery version is detected, update to the latest version (>= 3.5.0) immediately.
Sanitize Input: Thoroughly sanitize any user-supplied or untrusted data before using it with potentially dangerous DOM manipulation methods. Consider using libraries like DOMPurify.
Use .text() Wisely: If you only need to insert text content, use the .text() method instead of .html() or other methods that could interpret input as HTML.
Manual Review: Always manually review the findings of this script to determine the actual risk and rule out false positives.
🙌 Contributing
Let's make the digital world safer together! Your contributions are highly welcome! Please feel free to submit pull requests or open issues to improve this script's performance and capabilities.
📄 License
This project is licensed under the MIT License.
文件快照
[4.0K] /data/pocs/76a5210d276bad67a8e53d0653c55ceadd8c86ab
├── [1.0K] LICENSE
├── [6.0K] README.md
├── [ 56] requirements.txt
└── [9.8K] scan.py
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。