Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Link manipulation and Open rediraction (DOM-based) - JQuery Mobile

Olga | Last updated: Mar 06, 2019 09:37AM UTC

Hi all, we use jquery.mobile-1.4.5.min.js in our application. Burp scan found a Link manipulation (DOM-based) and Open redirection (DOM-based) vulnerabilities in JQuery Mobile sources: Open redirection (DOM-based): Issue detail The application may be vulnerable to DOM-based open redirection. Data is read from location.href and passed to location.href via the following statement: d!==j?(m(j=d,h),a(b).trigger(g)):h!==j&&(location.href=location.href.replace(/#.*/,"")+h),f=setTimeout(c,a.fn[g].delay) location.href=location.href.replace(/#.*/,"") looks safe. No real redirections are done. Link manipulation (DOM-based): Issue detail The application may be vulnerable to DOM-based link manipulation. Data is read from location.pathname and passed to the 'href' property of a DOM element via the following statement: e[0 ] .href= g|| location.pathname from : return e.length?g=e.attr("href"):e=f=a("<base>",{href:d}).appendTo("head"),b=a("<a href='testurl' />").prependTo(m),c=b[0].href,e[0].href=g||location.pathname,f&&f.remove(),0===c.indexOf(d) Could someone tell me if these are real JQuery Mobile issues and bugs are needed for jquery-mobile or the findings are false positive? Thanks, Olga.

PortSwigger Agent | Last updated: Mar 06, 2019 10:57AM UTC

Hi Olga, the first one looks like a false positive. The second one could potentially be a open redirection if you can inject a custom path. For example: //redirect-host.com/ It's unlikely this happens on most sites since you would hit a 404 for "redirect-host.com" but may work if the site you are testing has the JavaScript on the 404 page for example. Kind regards Gareth

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.