Home  >  Article  >  Web Front-end  >  How to solve the problem using a vulnerable version of JQuery

How to solve the problem using a vulnerable version of JQuery

小云云
小云云Original
2018-05-26 15:18:5910992browse

Today I used 360 to detect the website, and it showed high risk] Using a vulnerable version of JQuery, it was said that there was a problem with this file jquery.min.js, and found the website: Using a vulnerable version of JQuery, hackers can use it This vulnerability breaks into your website. Here the editor of Script House will share the solution with you, hoping to help you.

Then I went to 360 Detection to check the solution

How to solve the problem using a vulnerable version of JQuery

But I felt it was of no use, and the solution of option 2 requires adding a group,

How to solve the problem using a vulnerable version of JQuery

The blogger feels that this is a trap of 360, it depends on you whether you jump or not.

The blogger has released 2 solutions here, both of which can be solved.

The first type: This can only be hidden from 360, but the loophole still exists, that is

How to solve the problem using a vulnerable version of JQuery

The version that deletes JQ No., 360 is not that smart yet, and can only query the version number through annotation information, and cannot scan the JQ content to determine the JQ version number.

The second type: It can also be solved with the latest version of JQ. The blogger here recommends using the second type, which can solve the JQ vulnerability.

Note the version selection: jquery-2.1.4 (Note: jquery-2.0 or above no longer supports IE 6/7/8)

We are using version 1.10.2, so you can choose version 1.11. If your website uses some special functions of jquery, please note that the code may need to be modified.

How to solve the problem using a vulnerable version of JQuery

#You can look at the time, which shows that the second problem can be solved.

According to the tips from netizens, using JQ3.2.1 (currently the latest version) still cannot solve the problem.

On the contrary, when using JQ3.1.1, there is no prompt that there is a vulnerability. I don’t know if it is due to 360 or JQ. Anyway, the blogger is speechless here.

If you don’t have JQ3.1.1, you can use the JQ version of this site, which can solve the 360 ​​vulnerability.

Related recommendations:

Detailed explanation of PHP's session deserialization vulnerability

Summary of common vulnerabilities in JavaScript and introduction to automated detection technology

Recommended 9 articles about file vulnerabilities

The above is the detailed content of How to solve the problem using a vulnerable version of JQuery. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn