Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Link manipulation and Open rediraction (DOM-based) - JQuery Mobile

Olga | Last updated: Mar 06, 2019 09:37AM UTC

Hi all, we use jquery.mobile-1.4.5.min.js in our application. Burp scan found a Link manipulation (DOM-based) and Open redirection (DOM-based) vulnerabilities in JQuery Mobile sources: Open redirection (DOM-based): Issue detail The application may be vulnerable to DOM-based open redirection. Data is read from location.href and passed to location.href via the following statement: d!==j?(m(j=d,h),a(b).trigger(g)):h!==j&&(location.href=location.href.replace(/#.*/,"")+h),f=setTimeout(c,a.fn[g].delay) location.href=location.href.replace(/#.*/,"") looks safe. No real redirections are done. Link manipulation (DOM-based): Issue detail The application may be vulnerable to DOM-based link manipulation. Data is read from location.pathname and passed to the 'href' property of a DOM element via the following statement: e[0 ] .href= g|| location.pathname from : return e.length?g=e.attr("href"):e=f=a("<base>",{href:d}).appendTo("head"),b=a("<a href='testurl' />").prependTo(m),c=b[0].href,e[0].href=g||location.pathname,f&&f.remove(),0===c.indexOf(d) Could someone tell me if these are real JQuery Mobile issues and bugs are needed for jquery-mobile or the findings are false positive? Thanks, Olga.

PortSwigger Agent | Last updated: Mar 06, 2019 10:57AM UTC