JOIN BREACHFORUMS TELEGRAM
Looking for advanced penetration testing? What takes others days or weeks, we find in hours.
African bank vulnrable jquery
by Mummified6837 - Monday January 6, 2025 at 11:02 AM
Breached
Member
Posts: 23
Threads: 10
Joined: May 2024
Reputation: 0
#1
Jan 06, 2025, 11:02 AM
https://www.fnb.co.za/
https://security.snyk.io/package/npm/jquery/3.3.1
Reply
Pandemonic HyperPoster
God
Posts: 11,479
Threads: 226
Joined: Jun 2023
Reputation: 2,078

ActiveGOD
#2
Jan 07, 2025, 11:06 AM
Could you explain what you're sharing here?
"Universal appeal is poison masquerading as medicine. Horror is not meant to be universal. It's meant to be personal, private, animal"
Reply
Ruler

Posts: 186
Threads: 7
Joined: Aug 2024
Reputation: 1,535
#3
Jan 07, 2025, 06:17 PM
(Jan 07, 2025, 11:06 AM)DredgenSun Wrote: Could you explain what you're sharing here?

If I had to guess, this African Bank is using a vulnerable version of jQuery. The vulnerability is XSS, which allows the execution of JavaScript on the client side. This is most likely a reflective XSS vulnerability, meaning that if you craft a link containing malicious JavaScript code, you could potentially perform actions on behalf of the user who clicks the link. Additionally, you might obtain the victim's IP address by having the JavaScript call back to your server upon execution.
 
 
~~ Zixshore ~~

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Self-Ban | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you wish to be unbanned in the future.
Reply
Pandemonic HyperPoster
God
Posts: 11,479
Threads: 226
Joined: Jun 2023
Reputation: 2,078

ActiveGOD
#4
Jan 09, 2025, 10:52 AM
(Jan 07, 2025, 06:17 PM)Zixshore Wrote:
(Jan 07, 2025, 11:06 AM)DredgenSun Wrote: Could you explain what you're sharing here?

If I had to guess, this African Bank is using a vulnerable version of jQuery. The vulnerability is XSS, which allows the execution of JavaScript on the client side. This is most likely a reflective XSS vulnerability, meaning that if you craft a link containing malicious JavaScript code, you could potentially perform actions on behalf of the user who clicks the link. Additionally, you might obtain the victim's IP address by having the JavaScript call back to your server upon execution.
 
 
~~ Zixshore ~~

Thank you for the explanation kind sir, it's most appreciated Smile
"Universal appeal is poison masquerading as medicine. Horror is not meant to be universal. It's meant to be personal, private, animal"
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  (FREE) OSINT TOOLS + DATABASE SEARCH ENGINES xpjelly 841 19,555 1 hour ago
Last Post: tkn
  [FREE] SANS SEC488 Cloud Security Essentials 2022 - complete course Tamarisk 312 31,495 1 hour ago
Last Post: gugugaga6969
  DarkWeb Onion Link kopigig 314 8,425 1 hour ago
Last Post: Sallyot
  HACKING RESOURCES DETAILED LIST BY Secur3ra8 secur3ra8 355 37,803 1 hour ago
Last Post: aminosninatos
  Top Telegram Channels list [2025] j3n1n 3,143 70,163 3 hours ago
Last Post: kepler3

Forum Jump:


 Users browsing this forum: 1 Guest(s)