Nothing fancy, but jqueryui.com/themeroller is vulnerable to reflected XSS attacks. I verified this vulnerability on Google Chrome(23.0.1271.64) and Firefox(17.0). The vulnerable URI is http://jqueryui.com/themeroller/#”><script>alert(document.domain);</script>
I disclosed this bug to the jQuery UI bugtracker on November 26, 2012, which can be found here: http://bugs.jqueryui.com/ticket/8854
To understand what is going on, lets examine a benign payload like #TARGET. The page is building a <link> tag where the ‘src’ attribute is built, unescaped, from the fragment identifier (#).
Using #"><script>alert(document.domain)</script> as the payload, we see the <link> tag is closed out and the remainder of what would be inside the <link> tag is rendered to the page as plaintext.
Hi, just wanted to say i liked this article. it was practical. keep on posting.
Hi, i have reading out and i will definitely bookmarrk your site, just wanted to say i liked this article.
Very nice post. I just stumbled upon your blog and wanted
to say that I have really enjoyed surfing around your blog posts.
In any case I will be subscribing to your feed and I hope you write again soon!
This site was… how do I say it? Relevant!! Finally I’ve found something that helped me. Thanks a lot!
I just added this blog to my rss reader, great stuff. Cannot get enough!