jQuery vulnerabilities - Header Manipulation & Code Injection

Hi All,

Recently while scanning the code with fortify code scanner I came across the two vulonerabilities reported by scanner: Header Manipulation and Code Injection in jquery related files.

Following are my queries:

Why the values reported by scanner are not validated.
What is the significance/use of those values.

For Code Injection:

aCookies =document.cookie.split(';');

for ( var i=0, iLen=aCookies.length ; i<iLen ; i++ )

{

if ( aCookies[i].indexOf( sBaseName ) != -1 )

{

/* It's a DataTables cookie, so eval it and check the time stamp */

var aSplitCookie = aCookies[i].split('=');

try { oData = eval( '('+decodeURIComponent(aSplitCookie[1])+')' ); }

catch( e ) { continue; }

if ( typeof oData.iCreate != 'undefined' && oData.iCreate < iOldTime )

For Header Manipulation:

aCookies =document.cookie.split(';');

for ( var i=0, iLen=aCookies.length ; i<iLen ; i++ )

{

if ( aCookies[i].indexOf( sBaseName ) != -1 )

{

/* It's a DataTables cookie, so eval it and check the time stamp */

var aSplitCookie = aCookies[i].split('=');

try { oData = eval( '('+decodeURIComponent(aSplitCookie[1])+')' ); }

catch( e ) { continue; }

if ( typeof oData.iCreate != 'undefined' && oData.iCreate < iOldTime )

if ( sOldName !== "" )

{

document.cookie = sOldName+"=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path="+

aParts.join('/') + "/";

}

Topic Participants
sushant.kagi
scott.gonzalez
jakecigar

jQuery vulnerabilities - Header Manipulation & Code Injection

jQuery vulnerabilities - Header Manipulation & Code Injection

Topic Participants

sushant.kagi

scott.gonzalez

jakecigar