Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on October 06, 2017, 12:11:57 AM

Title: Script with errors - is it suspicious?
Post by: polonus on October 06, 2017, 12:11:57 AM

Given as clean here: https://www.virustotal.com/#/url/42283bcc75ad0ac80116c8cf7b2639bb1df1d059047a67f33a887257874272d7/detection
See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fcdnjs.cloudflare.com%2Fajax%2Flibs%2Ffullcalendar%2F1.6.4%2Ffullcalendar.min.js%3Fver%3D794769edbc82b255e29499ca120300ed
errors:

Quote

-cdnjs.cloudflare.com/ajax/libs/fullcalendar/1.6.4/fullcalendar.min.js?ver=794769edbc82b255e29499ca120300ed
     saved 51213 bytes 36b3047dbffab5da0863d81d30b4988f0cde0b03
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable t.fn
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var t.fn = 1;
          error: line:1: ....^

undefined variable t.fn - When one creates an anonymous function/closure that you later pass to Cache::remember() one needs to explicitely list all the variables from the parent scope that should be available in that function's scope.
Info credits go to StackOverflow's Jedrzej.kurylo

Open to XSS attack according to Netscape.

Consider also to read on events: https://stackoverflow.com/questions/22659586/jquery-fullcalendar-v1-6-4-some-events-does-not-show-end-date - fixed bug with agenda event dropping in wrong column -
https://github.com/ynjia/fullcalendar-1.6.4/blob/master/changelog.txt

polonus (volunteer website security analyst and website error-hunter)