0

I have the following javaScript code in an application, which BURP flags as being possibly vulnerable. However, i have had no luck trying to get it to execute.

var hash = window.location.hash; if(hash){ $('a[href="'+ hash +'"]')[0].click(); }

enter image description here

Is the above code vulnerable and if so, what sort of URL fragment can execute it?

user3272983
  • 11
  • 2
  • I don't think there's enough information to know here. It's possible your input might be getting escaped elsewhere too. – securityOrange Dec 07 '18 at 04:31
  • Please do not post text in images. It is hard to search and bad for accessibility. Instead, copy paste the actual text into your question. – Anders Dec 12 '18 at 12:00
  • Also, what version of jQuery are you using? I am assuming `$` is jQuery here? – Anders Dec 12 '18 at 12:03

1 Answers1

0

Assuming that the only relevant code is what has been highlighted above, then as Burp notes at the end, you need to determine what version of jQuery is being used. If the page uses a version of jQuery below 1.6.3, then you can exploit this sink in Edge with #"]<img src=x onerror=alert(1)>.

EdOverflow
  • 1,246
  • 8
  • 21