JOIN BREACHFORUMS TELEGRAM
African bank vulnrable jquery
by Mummified6837 - Monday January 6, 2025 at 11:02 AM
Breached
Member
Posts: 23
Threads: 10
Joined: May 2024
Reputation: 0
#1
Jan 06, 2025, 11:02 AM
https://www.fnb.co.za/
https://security.snyk.io/package/npm/jquery/3.3.1
Reply
Pandemonic HyperPoster
God
Posts: 11,479
Threads: 226
Joined: Jun 2023
Reputation: 2,078

ActiveGOD
#2
Jan 07, 2025, 11:06 AM
Could you explain what you're sharing here?
"Universal appeal is poison masquerading as medicine. Horror is not meant to be universal. It's meant to be personal, private, animal"
Reply
Ruler

Posts: 186
Threads: 7
Joined: Aug 2024
Reputation: 1,535
#3
Jan 07, 2025, 06:17 PM
(Jan 07, 2025, 11:06 AM)DredgenSun Wrote: Could you explain what you're sharing here?

If I had to guess, this African Bank is using a vulnerable version of jQuery. The vulnerability is XSS, which allows the execution of JavaScript on the client side. This is most likely a reflective XSS vulnerability, meaning that if you craft a link containing malicious JavaScript code, you could potentially perform actions on behalf of the user who clicks the link. Additionally, you might obtain the victim's IP address by having the JavaScript call back to your server upon execution.
 
 
~~ Zixshore ~~

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Self-Ban | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you wish to be unbanned in the future.
Reply
Pandemonic HyperPoster
God
Posts: 11,479
Threads: 226
Joined: Jun 2023
Reputation: 2,078

ActiveGOD
#4
Jan 09, 2025, 10:52 AM
(Jan 07, 2025, 06:17 PM)Zixshore Wrote:
(Jan 07, 2025, 11:06 AM)DredgenSun Wrote: Could you explain what you're sharing here?

If I had to guess, this African Bank is using a vulnerable version of jQuery. The vulnerability is XSS, which allows the execution of JavaScript on the client side. This is most likely a reflective XSS vulnerability, meaning that if you craft a link containing malicious JavaScript code, you could potentially perform actions on behalf of the user who clicks the link. Additionally, you might obtain the victim's IP address by having the JavaScript call back to your server upon execution.
 
 
~~ Zixshore ~~

Thank you for the explanation kind sir, it's most appreciated Smile
"Universal appeal is poison masquerading as medicine. Horror is not meant to be universal. It's meant to be personal, private, animal"
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Top Telegram Channels list [2025] j3n1n 3,156 72,473 1 minute ago
Last Post: bgther
  x2931 ChatGPT Accounts swag 87 3,304 23 minutes ago
Last Post: ahwuoc
  ChatGPT Unethical Prompt WORMGPT PROMPT Blach-Hat 1,216 40,846 24 minutes ago
Last Post: ahwuoc
  (UPDATED) Top Telegram Channels list [2025] rpirate 1,299 42,396 27 minutes ago
Last Post: bgther
  Dark and deep web course 2023 leak23 433 39,594 27 minutes ago
Last Post: breacher_boss

Forum Jump:


 Users browsing this forum: 1 Guest(s)