0
Guys I made a code and then I performed a scanner and gave that the code leaves the site with a gap, I’m not able to find where the error is and whether it is serious or not. That is the code:
var $K2 = jQuery.noConflict();
$K2(document).ready(function(){
// Generic function to get URL params passed in .js script include
function getUrlParams(targetScript, varName) {
var scripts = document.getElementsByTagName('script');
var scriptCount = scripts.length;
for (var a = 0; a < scriptCount; a++) {
var scriptSrc = scripts[a].src;
if (scriptSrc.indexOf(targetScript) >= 0) {
varName = varName.replace(/[\[]/, "\\\[").replace(/[\]]/, "\\\]");
var re = new RegExp("[\\?&]" + varName + "=([^&#]*)");
var parsedVariables = re.exec(scriptSrc);
if (parsedVariables !== null) {
return parsedVariables[1];
}
}
}
}
Which breach ?
– NoobSaibot
The Scanner alerted me about a possible loophole that allows someone to hack the site through this code, and also says that Jquery is not set. I wanted to know if the code is correct or not? If you need some adjustments or the scanner gave me the wrong information, unfortunately I don’t know what the loophole is either, only the question is if the code is correct.
– Fabio Canedo Leão
In relation to the jQuery not being set, it is because it lacks to import it:
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>– NoobSaibot
thank you even vlw
– Fabio Canedo Leão
@wmsouza Tagged the answer that has nothing to do with the question.
– Sam
Which scanner did you use? What is the entire error message? Copy and paste everything here, we need details.
– Guilherme Nascimento
Guilherme used the Shadow Security Scanner. First it informs me the script with error with a link, it says q the error is on line 9 whose and the first line of the code I posted, also comes with character 1. ERROR:'jQuery' is not defined Code: 800A1391 Origin: Error at Microsoft Jscript execution time. That’s the information he gives me
– Fabio Canedo Leão