Author Topic: Script with errors - is it suspicious?  (Read 708 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Script with errors - is it suspicious?
« on: October 06, 2017, 12:11:57 AM »
Given as clean here: https://www.virustotal.com/#/url/42283bcc75ad0ac80116c8cf7b2639bb1df1d059047a67f33a887257874272d7/detection
See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fcdnjs.cloudflare.com%2Fajax%2Flibs%2Ffullcalendar%2F1.6.4%2Ffullcalendar.min.js%3Fver%3D794769edbc82b255e29499ca120300ed
errors:
Quote
-cdnjs.cloudflare.com/ajax/libs/fullcalendar/1.6.4/fullcalendar.min.js?ver=794769edbc82b255e29499ca120300ed
     saved 51213 bytes 36b3047dbffab5da0863d81d30b4988f0cde0b03
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable t.fn
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var t.fn = 1;
          error: line:1: ....^
undefined variable t.fn - When one creates an anonymous function/closure that you later pass to Cache::remember() one needs to explicitely list all the variables from the parent scope that should be available in that function's scope.
Info credits go to StackOverflow's Jedrzej.kurylo

Open to XSS attack according to Netscape.

Consider also to read on events: https://stackoverflow.com/questions/22659586/jquery-fullcalendar-v1-6-4-some-events-does-not-show-end-date - fixed bug with agenda event dropping in wrong column -
https://github.com/ynjia/fullcalendar-1.6.4/blob/master/changelog.txt

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!