search

jquery / codeorigin.jquery.com

jQuery CDN
https://releases.jquery.com
Other
57 stars 602 forks source link

jQuery CDN - Bug Bounty - Vulnerabilities WebApplicationAssessment #37

Closed 4k4xs4pH1r3 closed 6 years ago

4k4xs4pH1r3 commented 6 years ago

Over this site jQuery CDN https://94.31.29.54/ I detected the below vulnerabilities, my objective is that you see this issue as Bug Bounty and give me an reward for this, thanks.

Asset IP Address Service Port Vulnerability  Test Result Code Vulnerability ID Vulnerability CVE IDs Vulnerability  Severity Level Vulnerability Title
94.31.29.54 443 vv http-php-obsolete   10 Obsolete Version of PHP
94.31.29.54 0 vv wordpress-obsolete   10 Obsolete Version of WordPress
94.31.29.54 0 vv wordpress-cve-2017-14723 CVE-2017-14723 8 Wordpress: CVE-2017-14723: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection
94.31.29.54 0 vv wordpress-cve-2017-5611 CVE-2017-5611 8 Wordpress: CVE-2017-5611: 'WP_Query' is vulnerable to SQL injection when passing unsafe data
94.31.29.54 443 vv php-cve-2015-1351 CVE-2015-1351 8 PHP Vulnerability: CVE-2015-1351
94.31.29.54 0 vv wordpress-cve-2017-16510 CVE-2017-16510 8 Wordpress: CVE-2017-16510: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection
94.31.29.54 443 ve certificate-common-name-mismatch   7 X.509 Certificate Subject CN Does Not Match the Entity Name
94.31.29.54 0 vv wordpress-cve-2017-9064 CVE-2017-9064 7 Wordpress: CVE-2017-9064: Cross-Site Request Forgery (CRSF) vulnerability in the filesystem credentials dialog
94.31.29.54 0 vv wordpress-cve-2017-5489 CVE-2017-5489 7 Wordpress: CVE-2017-5489: Cross-site request forgery (CSRF) bypass via uploading a Flash file
94.31.29.54 0 vv wordpress-cve-2016-7169 CVE-2016-7169 7 Wordpress: CVE-2016-7169: Directory Traversal Vulnerability in the upgrade package uploader
94.31.29.54 0 vv wordpress-cve-2017-17091 CVE-2017-17091 7 Wordpress: CVE-2017-17091: wp-admin/user-new.php allows remote attackers to bypass intended access restrictions
94.31.29.54 0 vv wordpress-cve-2017-5492 CVE-2017-5492 7 Wordpress: CVE-2017-5492: Cross-site request forgery (CSRF) in the accessibility mode of widget editing
94.31.29.54 0 vv wordpress-cve-2017-6815 CVE-2017-6815 6 Wordpress: CVE-2017-6815: Control characters can trick redirect URL validation
94.31.29.54 0 vv wordpress-cve-2016-6896 CVE-2016-6896 6 Wordpress: CVE-2016-6896: Directory Traversal Vulnerability in the wp_ajax_update_plugin function of 'wp-admin/includes/ajax-actions.php'
94.31.29.54 0 vv wordpress-cve-2016-5839 CVE-2016-5839 5 Wordpress: CVE-2016-5839: 'sanitize_file_name' protection bypass via unspecified vectors
94.31.29.54 0 vv wordpress-cve-2016-5835 CVE-2016-5835 5 Wordpress: CVE-2016-5835: Information Disclosure Vulnerability allowing remote attackers to obtain sensitive revision-history information
94.31.29.54 0 vv wordpress-cve-2017-5610 CVE-2017-5610 5 Wordpress: CVE-2017-5610: User interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it
94.31.29.54 0 vv wordpress-cve-2017-14725 CVE-2017-14725 5 Wordpress: CVE-2017-14725: An open redirect was discovered on the user and term edit screens
94.31.29.54 0 vv wordpress-cve-2017-9062 CVE-2017-9062 5 Wordpress: CVE-2017-9062: Improper handling of post meta data values in the XML-RPC
94.31.29.54 0 vv wordpress-cve-2017-9065 CVE-2017-9065 5 Wordpress: CVE-2017-9065: Lack of capability checks for post meta data in the XML-RPC API
94.31.29.54 0 vv wordpress-cve-2018-6389 CVE-2018-6389 5 Wordpress: CVE-2018-6389: Application Denial of Service (DoS)
94.31.29.54 0 vv wordpress-cve-2017-14719 CVE-2017-14719 5 Wordpress: CVE-2017-14719: A path traversal vulnerability was discovered in the file unzipping code
94.31.29.54 0 vv wordpress-cve-2017-9066 CVE-2017-9066 5 Wordpress: CVE-2017-9066: Insufficient redirect validation in the HTTP class, leading to SSRF.
94.31.29.54 0 vv wordpress-cve-2016-5838 CVE-2016-5838 5 Wordpress: CVE-2016-5838: Password-change restriction bypass via stolen cookie
94.31.29.54 0 vv wordpress-cve-2016-5836 CVE-2016-5836 5 Wordpress: CVE-2016-5836: Potential Denial of Service (DoS) attack vectors via oEmbed protocol implementation
94.31.29.54 0 vv wordpress-cve-2017-5487 CVE-2017-5487 5 Wordpress: CVE-2017-5487: REST API exposed user data for all users who had authored a post of a public post type
94.31.29.54 0 vv wordpress-cve-2017-5493 CVE-2017-5493 5 Wordpress: CVE-2017-5493: Weak cryptographic security for Multisite activation key
94.31.29.54 0 vv wordpress-cve-2012-6707 CVE-2012-6707 5 Wordpress: CVE-2012-6707: A vulnerability due to weak MD5-based password hashing algorithm
94.31.29.54 0 vv wordpress-cve-2017-14722 CVE-2017-14722 5 Wordpress: CVE-2017-14722: A path traversal vulnerability was discovered in the customizer
94.31.29.54 0 vv wordpress-cve-2016-5837 CVE-2016-5837 5 Wordpress: CVE-2016-5837: Unauthorized category removal from a post
94.31.29.54 0 vv wordpress-cve-2016-5832 CVE-2016-5832 5 Wordpress: CVE-2016-5832: Redirect bypass in the customizer
94.31.29.54 0 vv wordpress-cve-2017-5491 CVE-2017-5491 5 Wordpress: CVE-2017-5491: Post via email checks mail.example.com if default settings aren't changed
94.31.29.54 0 vv wordpress-cve-2017-8295 CVE-2017-8295 4 Wordpress: CVE-2017-8295: Potential Unauthorized Password Reset
94.31.29.54 0 vv wordpress-cve-2017-14720 CVE-2017-14720 4 Wordpress: CVE-2017-14720: A cross-site scripting (XSS) vulnerability was discovered in template names
94.31.29.54 0 vv wordpress-cve-2017-14718 CVE-2017-14718 4 Wordpress: CVE-2017-14718: A cross-site scripting (XSS) vulnerability was discovered in the link modal
94.31.29.54 0 vv wordpress-cve-2017-17093 CVE-2017-17093 4 Wordpress: CVE-2017-17093: wp-includes/general-template.php allows attackers to conduct XSS attacks
94.31.29.54 0 vv wordpress-cve-2016-7168 CVE-2016-7168 4 Wordpress: CVE-2016-7168: Cross-Site Scripting (XSS) Vulnerability in the media_handle_upload function in 'wp-admin/includes/media.php'
94.31.29.54 0 vv wordpress-cve-2018-5776 CVE-2018-5776 4 Wordpress: CVE-2018-5776: WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement)
94.31.29.54 0 vv wordpress-cve-2017-14721 CVE-2017-14721 4 Wordpress: CVE-2017-14721: A cross-site scripting (XSS) vulnerability was discovered in the plugin editor
94.31.29.54 0 vv wordpress-cve-2017-9063 CVE-2017-9063 4 Wordpress: CVE-2017-9063: Cross-Site Scripting (XSS) vulnerability related to the Customizer
94.31.29.54 0 vv wordpress-cve-2017-17092 CVE-2017-17092 4 Wordpress: CVE-2017-17092: wp-includes/functions.php allows remote attackers to conduct XSS attacks
94.31.29.54 0 vv wordpress-cve-2017-17094 CVE-2017-17094 4 Wordpress: CVE-2017-17094: wp-includes/feed.php allows attackers to conduct XSS attacks
94.31.29.54 0 vv wordpress-cve-2017-5488 CVE-2017-5488 4 Wordpress: CVE-2017-5488: Cross-Site Scripting (XSS) Vulnerability via the plugin name or version header on 'update-core.php'
94.31.29.54 0 vv wordpress-cve-2017-6814 CVE-2017-6814 4 Wordpress: CVE-2017-6814: Cross-Site Scripting (XSS) Vulnerability via media file metadata
94.31.29.54 443 ve ssl-cve-2011-3389-beast CVE-2011-3389 4 TLS/SSL Server is enabling the BEAST attack
94.31.29.54 0 vv wordpress-cve-2017-14724 CVE-2017-14724 4 Wordpress: CVE-2017-14724: A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery
94.31.29.54 0 vv wordpress-cve-2017-14726 CVE-2017-14726 4 Wordpress: CVE-2017-14726: A cross-site scripting (XSS) vulnerability was discovered in the visual editor
94.31.29.54 0 vv wordpress-cve-2016-5834 CVE-2016-5834 4 Wordpress: CVE-2016-5834: Cross-Site Scripting (XSS) Vulnerability in the wp_get_attachment_link function in 'wp-includes/post-template.php'
94.31.29.54 0 vv wordpress-cve-2016-5833 CVE-2016-5833 4 Wordpress: CVE-2016-5833: Cross-Site Scripting (XSS) Vulnerability in the column_title function in 'wp-admin/includes/class-wp-media-list-table.php'
94.31.29.54 0 vv wordpress-cve-2016-6897 CVE-2016-6897 4 Wordpress: CVE-2016-6897: Cross-site request forgery (CSRF) in the wp_ajax_update_plugin function of 'wp-admin/includes/ajax-actions.php'
94.31.29.54 0 vv wordpress-cve-2017-5612 CVE-2017-5612 4 Wordpress: CVE-2017-5612: Cross-Site Scripting (XSS) Vulnerability in the posts list table
94.31.29.54 0 vv wordpress-cve-2017-6817 CVE-2017-6817 4 Wordpress: CVE-2017-6817: Cross-Site Scripting (XSS) Vulnerability via video URL in YouTube Embeds
94.31.29.54 0 vv wordpress-cve-2017-6816 CVE-2017-6816 4 Wordpress: CVE-2017-6816: Unintended files can be deleted by administrators using the plugin deletion functionality
94.31.29.54 443 ve tlsv1_0-enabled   4 TLS Server Supports TLS version 1.0
94.31.29.54 0 vv wordpress-cve-2017-9061 CVE-2017-9061 4 Wordpress: CVE-2017-9061: Cross-Site Scripting (XSS) vulnerability when attempting to upload very large files
94.31.29.54 0 vv wordpress-cve-2017-5490 CVE-2017-5490 4 Wordpress: CVE-2017-5490: Cross-Site Scripting (XSS) Vulnerability via theme name fallback
94.31.29.54 0 vv wordpress-cve-2017-6819 CVE-2017-6819 4 Wordpress: CVE-2017-6819: Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources
94.31.29.54 0 vv wordpress-cve-2017-6818 CVE-2017-6818 4 Wordpress: CVE-2017-6818: Cross-Site Scripting (XSS) Vulnerability via taxonomy term names
94.31.29.54 443 ve ssl-static-key-ciphers   3 TLS/SSL Server Supports The Use of Static Key Ciphers
94.31.29.54 443 vp ssl-cbc-ciphers CVE-2013-0169 3 TLS/SSL Timing Side-Channel Attacks, aka the "Lucky Thirteen" Attack
94.31.29.54 0 vv wordpress-cve-2016-9263 CVE-2016-9263 3 Wordpress: CVE-2016-9263: A cross-domain Flash injection vulnerability found in flashmediaelement.swf
94.31.29.54 443 ve tlsv1_1-enabled   3 TLS Server Supports TLS version 1.1
94.31.29.54 0 ve generic-icmp-timestamp CVE-1999-0524 1 ICMP timestamp response

I tried to upload in PDF format the report, but appear this error: Something went really wrong, and we can’t process that file.

I put the vulnerabilities directly in the issue.

dmethvin commented 6 years ago

We don't have a bug bounty program or a budget for one. jQuery team members are all volunteers. Responsible disclosure would start with a private email to security@jquery.com .

timmywil commented 6 years ago

Thank you for your interest, but as @dmethvin said, we don't have a budget for bug bounties. Also, often what is perceived as a vulnerability is really not. But, if there is a bug or vulnerability we can address, feel free to open separate issues, including a test case for each one so we can evaluate more readily. Thanks.