JavaScript Hijacking: Vulnerable Framework

Question

JavaScript Hijacking: Vulnerable Framework

AbstractAlao opened this issue 3 years ago · comments

Subject of the issue

Fortify scans identify that the ajax calls can be subject to JavaScript Hijacking. On line number 1585 is what is being called out the call to Ajax seems to be a possible issue. This is what Fortify says about it.

Applications that use JavaScript notation to transport sensitive data can be vulnerable to JavaScript hijacking, which allows an unauthorized attacker to read confidential data from a vulnerable application.

Your environment

v1.19.3

Steps to reproduce

N/A

Expected behavior

N/A

Actual behavior

N/A

`
$.ajax( $.extend( true, {
mode: "abort",
port: "validate" + element.name,
dataType: "json",
data: data,
context: validator.currentForm,
success: function( response ) {
var valid = response === true || response === "true",
errors, message, submitted;

				validator.settings.messages[ element.name ][ method ] = previous.originalMessage;
				if ( valid ) {
					submitted = validator.formSubmitted;
					validator.resetInternals();
					validator.toHide = validator.errorsFor( element );
					validator.formSubmitted = submitted;
					validator.successList.push( element );
					validator.invalid[ element.name ] = false;
					validator.showErrors();
				} else {
					errors = {};
					message = response || validator.defaultMessage( element, { method: method, parameters: value } );
					errors[ element.name ] = previous.message = message;
					validator.invalid[ element.name ] = true;
					validator.showErrors( errors );
				}
				previous.valid = valid;
				validator.stopRequest( element, valid );
			}
		}, param ) );

`

Boa2 · Answer 1 · Tue Jan 25 2022 23:17:31 GMT+0800 (China Standard Time)

How severe is this security issue?
Could someone elaborate on this please?

Arelowo Alao · Answer 2 · Thu Jan 27 2022 04:45:45 GMT+0800 (China Standard Time)

I'm not sure how server this issue is. I'm maintaining an application where the security team identifies code that may be vulnerable. From the research I've done on Javascript Hijacking seems the problem is using a get instead of a post. An attacker could references json using a script tag.

<script type="module" src="pageurl.json"></script>

I'm not sure how it is being used in the current context with the validation.

Boa2 · Answer 3 · Fri Jan 28 2022 15:21:50 GMT+0800 (China Standard Time)

Thanks for this explanation.
To the developers: Do you plan to fix this?

github-actions · Answer 4 · Thu Apr 14 2022 13:14:17 GMT+0800 (China Standard Time)

This issue/proposal has been automatically marked as idle and stale because it hasn't had any recent activity. It will be automatically closed if no further activity occurs. If you think this is wrong, or the problem still persists, just pop a reply in the comments and one of the maintainers will (try!) to follow up.
Thank you for contributing :)