專案名稱 PDF10603 掃描報告
掃描開始
預設集合 PDF10603
掃描時間 2018年11月14日 下午 05:05:46
被掃描的程式行數 OWASP TOP 10 - 2013
被掃描的檔案數 02h:57m:43s
報告建立時間 159608
864
線上結果 2018年11月15日 下午 04:45:30
http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid=7
團隊 7
Checkmarx版本 CxServer
掃描類別 8.6.0 HF5
來源 完整的
漏洞密度
可見性 LocalPath
3/10000 (漏洞/LOC)
公開
過濾器設置
嚴重程度:
包含在內: 高風險, 中風險
排除在外: 低風險, 資訊
結果狀態:
包含在內: 確認, 不可利用, 校驗, 緊急, 推薦不可用
排除在外: 無
被分配給
包含在內: 全部
類別
包含在內:
未分類 全部
Custom 全部
PCI DSS v3.2 全部
OWASP Top 10 2013 全部
FISMA 2014 全部
NIST SP 800-53 全部
OWASP Top 10 2017 全部
排除在外: 無
未分類
Custom 無
PCI DSS v3.2 無
OWASP Top 10 2013 無
FISMA 2014 無
NIST SP 800-53 無
PAGE 1 OF 77
OWASP Top 10 2017 無
結果限制
每次問詢的結果限制設置為 50
選中的問詢
選中的問詢列出在 掃描結果摘要
PAGE 2 OF 77
掃描結果摘要 最容易受攻擊的檔案
高風險 main.js
中風險 actionhtmlwindow.js
低風險 swfobject.js
index.html
數量最多的前5類漏洞
PAGE 3 OF 77
掃描總結 - OWASP Top 10 2017
有關可見性和風險的詳細資訊及闡述參見: OWASP Top 10 2017
Category Threat Exploitability Weakness Weakness Technical Business Issues Best Fix
Agent Prevalence Detectability Impact Impact Found Locations*
A1-Injection
App. EASY COMMON EASY SEVERE App. 16 9
A2-Broken Specific Specific 00
Authentication 33
App. EASY COMMON AVERAGE SEVERE App. 00
A3-Sensitive Specific Specific 00
Data Exposure** 00
App. AVERAGE WIDESPREAD AVERAGE SEVERE App. 22 7
A4-XML External Specific Specific 00
Entities (XXE)
App. AVERAGE COMMON EASY SEVERE App. 11
A5-Broken Specific Specific
Access Control 00
App. AVERAGE COMMON AVERAGE SEVERE App.
A6-Security Specific Specific
Misconfiguration
** App. EASY WIDESPREAD EASY MODERATE App.
Specific Specific
A7-Cross-Site
Scripting (XSS)** App. EASY WIDESPREAD EASY MODERATE App.
Specific AVERAGE SEVERE Specific
A8-Insecure DIFFICULT COMMON
Deserialization App. App.
Specific Specific
A9-Using
Components App. AVERAGE WIDESPREAD AVERAGE MODERATE App.
with Known Specific Specific
Vulnerabilities
App. AVERAGE WIDESPREAD DIFFICULT MODERATE App.
A10-Insufficient Specific Specific
Logging &
Monitoring
* 最佳修復位值是來源於檢測到的整個漏洞的絕對值。
** 專案掃描結果不包括所有相關的查詢。應該變更預設和/或篩選器以包括所有相關的標準查詢。
PAGE 4 OF 77
掃描總結 - OWASP Top 10 2013
有關可見性和風險的詳細資訊及闡述參見: OWASP Top 10 2013
Category Threat Attack Weakness Weakness Technical Business Issues Best Fix
Agent Vectors Prevalence Detectability Impact Impact Found Locations*
A1-Injection EXTERNAL, EASY COMMON AVERAGE SEVERE ALL DATA 12 7
INTERNAL,
ADMIN USERS
A2-Broken EXTERNAL, AVERAGE WIDESPREAD AVERAGE SEVERE AFFECTED 0 0
Authentication INTERNAL DATA AND
and Session FUNCTIONS
Management USERS
A3-Cross-Site EXTERNAL, AVERAGE VERY EASY MODERATE AFFECTED 22 7
Scripting (XSS)** INTERNAL, WIDESPREAD DATA AND
ADMIN USERS
SYSTEM
A4-Insecure SYSTEM EASY COMMON EASY MODERATE EXPOSED 0 0
Direct Object USERS DATA
References
A5-Security EXTERNAL, ALL DATA
AND SYSTEM
Misconfiguration INTERNAL, EASY COMMON EASY MODERATE 0 0
** ADMIN USERS
A6-Sensitive EXTERNAL, DIFFICULT UNCOMMON AVERAGE SEVERE EXPOSED 3 3
Data Exposure** INTERNAL, DATA
ADMIN
USERS, USERS
BROWSERS
A7-Missing EXTERNAL, EASY COMMON AVERAGE MODERATE EXPOSED 0 0
Function Level INTERNAL DATA AND
Access Control FUNCTIONS
USERS
A8-Cross-Site USERS AVERAGE COMMON EASY MODERATE AFFECTED 0 0
Request Forgery BROWSERS DATA AND
(CSRF) FUNCTIONS
A9-Using EXTERNAL AVERAGE WIDESPREAD DIFFICULT MODERATE AFFECTED 1 1
Components USERS, DATA AND
with Known FUNCTIONS
Vulnerabilities AUTOMATED
TOOLS
A10-Unvalidated USERS AVERAGE WIDESPREAD DIFFICULT MODERATE AFFECTED 0 0
Redirects and BROWSERS DATA AND
Forwards** FUNCTIONS
* 最佳修復位值是來源於檢測到的整個漏洞的絕對值。
** 專案掃描結果不包括所有相關的查詢。應該變更預設和/或篩選器以包括所有相關的標準查詢。
PAGE 5 OF 77
掃描總結 - PCI DSS v3.2 Issues Best Fix
Found Locations*
Category
12 7
PCI DSS (3.2) - 6.5.1 - Injection flaws - particularly SQL injection 0 0
PCI DSS (3.2) - 6.5.2 - Buffer overflows 0 0
PCI DSS (3.2) - 6.5.3 - Insecure cryptographic storage** 0 0
PCI DSS (3.2) - 6.5.4 - Insecure communications 0 0
PCI DSS (3.2) - 6.5.5 - Improper error handling 22 7
PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS) 2 2
PCI DSS (3.2) - 6.5.8 - Improper access control 0 0
PCI DSS (3.2) - 6.5.9 - Cross-site request forgery 3 2
PCI DSS (3.2) - 6.5.10 - Broken authentication and session management**
* 最佳修復位值是來源於檢測到的整個漏洞的絕對值。
** 專案掃描結果不包括所有相關的查詢。應該變更預設和/或篩選器以包括所有相關的標準查詢。
PAGE 6 OF 77
掃描總結 - FISMA 2014
Category Description Issues Best Fix
Found Locations*
Access Control** Organizations must limit information system access
Audit And Accountability to authorized users, processes acting on behalf of 22 7
Configuration Management** authorized users, or devices (including other 0 0
Identification And Authentication information systems) and to the types of
Media Protection** 12 7
System And Communications Protection** transactions and functions that authorized users are
System And Information Integrity** permitted to exercise. 0 0
5 4
Organizations must: (i) create, protect, and retain
information system audit records to the extent 0 0
needed to enable the monitoring, analysis,
investigation, and reporting of unlawful, 0 0
unauthorized, or inappropriate information system
activity; and (ii) ensure that the actions of individual
information system users can be uniquely traced to
those users so they can be held accountable for
their actions.
Organizations must: (i) establish and maintain
baseline configurations and inventories of
organizational information systems (including
hardware, software, firmware, and documentation)
throughout the respective system development life
cycles; and (ii) establish and enforce security
configuration settings for information technology
products employed in organizational information
systems.
Organizations must identify information system
users, processes acting on behalf of users, or
devices and authenticate (or verify) the identities of
those users, processes, or devices, as a prerequisite
to allowing access to organizational information
systems.
Organizations must: (i) protect information system
media, both paper and digital; (ii) limit access to
information on information system media to
authorized users; and (iii) sanitize or destroy
information system media before disposal or release
for reuse.
Organizations must: (i) monitor, control, and protect
organizational communications (i.e., information
transmitted or received by organizational
information systems) at the external boundaries and
key internal boundaries of the information systems;
and (ii) employ architectural designs, software
development techniques, and systems engineering
principles that promote effective information
security within organizational information systems.
Organizations must: (i) identify, report, and correct
information and information system flaws in a
timely manner; (ii) provide protection from
malicious code at appropriate locations within
organizational information systems; and (iii) monitor
information system security alerts and advisories
and take appropriate actions in response.
* 最佳修復位值是來源於檢測到的整個漏洞的絕對值。
PAGE 7 OF 77
** 專案掃描結果不包括所有相關的查詢。應該變更預設和/或篩選器以包括所有相關的標準查詢。
PAGE 8 OF 77
掃描總結 - NIST SP 800-53 Issues Best Fix
Found Locations*
Category
0 0
AC-12 Session Termination (P2) 0 0
AC-3 Access Enforcement (P1)** 0 0
AC-4 Information Flow Enforcement (P1) 0 0
AC-6 Least Privilege (P1) 0 0
AU-9 Protection of Audit Information (P1)** 0 0
CM-6 Configuration Settings (P2) 0 0
IA-5 Authenticator Management (P1) 0 0
IA-6 Authenticator Feedback (P2) 0 0
IA-8 Identification and Authentication (Non-Organizational Users) (P1) 0 0
SC-12 Cryptographic Key Establishment and Management (P1) 0 0
SC-13 Cryptographic Protection (P1) 0 0
SC-17 Public Key Infrastructure Certificates (P1) 0 0
SC-18 Mobile Code (P2)** 0 0
SC-23 Session Authenticity (P1)** 5 4
SC-28 Protection of Information at Rest (P1)** 0 0
SC-4 Information in Shared Resources (P1) 0 0
SC-5 Denial of Service Protection (P1) 0 0
SC-8 Transmission Confidentiality and Integrity (P1)** 12 7
SI-10 Information Input Validation (P1)** 0 0
SI-11 Error Handling (P2) 22 7
SI-15 Information Output Filtering (P0)** 0 0
SI-16 Memory Protection (P1)
* 最佳修復位值是來源於檢測到的整個漏洞的絕對值。
** 專案掃描結果不包括所有相關的查詢。應該變更預設和/或篩選器以包括所有相關的標準查詢。
PAGE 9 OF 77
掃描總結 - Custom
Category Issues Best Fix
Found Locations*
Must audit
Check 0 0
Optional 0 0
0 0
* 最佳修復位值是來源於檢測到的整個漏洞的絕對值。
PAGE 10 OF 77
掃描結果分佈 專案的首次掃描 中風險 低風險 資訊 總共
高風險 11 0 0 42
0 0 0 0
新問題 31 11 0 0 42
反覆出現的問題 0 0 0
總共 31
已修復的問題 000
新掃描
之前掃描
掃描結果分佈 高風險 中風險 低風險 資訊 總共
確認 0 0 0 0 0
不可利用 0 0 0 0 0
校驗 31 11 0 0 42
緊急 0 0 0 0 0
推薦不可用 0 0 0 0 0
總共 31 11 0 0 42
掃描結果摘要
漏洞類別 事件 嚴重程度:
Client DOM XSS 19 高風險
Client DOM Stored Code Injection 9 高風險
Client DOM Code Injection 3 高風險
Client Potential XSS 3 中風險
Client DOM Cookie Poisoning 2 中風險
Client HTML5 Insecure Storage 2 中風險
PAGE 11 OF 77
Client Reflected File Download 2 中風險
Client HTML5 Store Sensitive data In Web Storage 1 中風險
Client Use Of JQuery Outdated Version 1 中風險
10個最容易受攻擊的檔案 找到的問題
高級和中級漏洞 38
2
檔案名稱 1
1
PDF/mobile/javascript/main.js
PDF/js/actionhtmlwindow.js
PDF/js/swfobject.js
PDF/mobile/index.html
PAGE 12 OF 77
掃描結果詳細資料
Client DOM XSS
查詢路徑:
JavaScript\Cx\JavaScript High Risk\Client DOM XSS 版本:1
類別
PCI DSS v3.2: PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS)
OWASP Top 10 2013: A3-Cross-Site Scripting (XSS)
FISMA 2014: Access Control
NIST SP 800-53: SI-15 Information Output Filtering (P0)
OWASP Top 10 2017: A7-Cross-Site Scripting (XSS)
描述
Client DOM XSS\路徑 1:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=13
狀態 新的
方法!b.hasVersionFail)return!1;if於PDF/mobile/javascript/main.js的第234行得到了使用者輸入的href元素。
該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第233
行p=m.match方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 234 235
物件 href innerHTML
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 !b.hasVersionFail)return!1;if(!this.hasVersion(b.hasVersion||1)){this.expressInst
allIsActive=!0;if("function"==typeof
b.hasVersionFail&&!b.hasVersionFail.apply(b))return!1;b={swf:b.expressInstall||t
his.expressInstall,height:137,width:214,flashvars:{MMredirectURL:location.href,
MMplayerType:this.activeX?"ActiveX":"PlugIn",MMdoctitle:document.title.slice(0,4
7)+" - Flash Player Installation"}}}attrs={data:b.swf,type:"application/x-
shockwave-flash",id:b.id||"flash_"+Math.floor(999999999*Math.random()),
....
234.
!b.hasVersionFail)return!1;if(!this.hasVersion(b.hasVersion||1)){this.ex
pressInstallIsActive=!0;if("function"==typeof
b.hasVersionFail&&!b.hasVersionFail.apply(b))return!1;b={swf:b.expressIn
stall||this.expressInstall,height:137,width:214,flashvars:{MMredirectURL
:location.href,MMplayerType:this.activeX?"ActiveX":"PlugIn",MMdoctitle:d
ocument.title.slice(0,47)+" - Flash Player
Installation"}}}attrs={data:b.swf,type:"application/x-shockwave-
flash",id:b.id||"flash_"+Math.floor(999999999*Math.random()),
PAGE 13 OF 77
檔案名稱 PDF/mobile/javascript/main.js
方法
"Unavailable"}var
p=m.match(/\d+/g)||[0];b[c]={available:0<p[0],activeX:d&&!d.name,version:{
original:m,array:p,string:p.join("."),major:parseInt(p[0],10)||0,minor:parseInt(p
[1],10)||0,release:parseInt(p[2],10)||0},hasVersion:function(b){b=/string|numb
er/.test(typeof b)?b.toString().split("."):/object/.test(typeof
b)?[b.major,b.minor]:b||[0,0];return
f(p,b)},encodeParams:!0,expressInstall:"expressInstall.swf",expressInstallIsActiv
e:!1,create:function(b){if(!b.swf||this.expressInstallIsActive||!this.available&&
....
235.
width:b.width||320,height:b.height||180,style:b.style||""};l="undefined"
!==typeof
b.useEncode?b.useEncode:this.encodeParams;b.movie=b.swf;b.wmode=b.wmode|
|"opaque";delete b.fallback;delete b.hasVersion;delete
b.hasVersionFail;delete b.height;delete b.id;delete b.swf;delete
b.useEncode;delete b.width;var
c=document.createElement("div"),d;d=attrs;var f=[],g;for(g in
d)d[g]&&f.push([g,'="',d[g],'"'].join(""));d=f.join("
");c.innerHTML=["<object ",d,">",h(b),"</object>"].join("");return
c.firstChild}};
Client DOM XSS\路徑 2:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=14
狀態 新的
方法p=m.match於PDF/mobile/javascript/main.js的第233行得到了使用者輸入的location元素。該元素的值
於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第233行p=m.matc
h方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 234 235
物件 location innerHTML
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 "Unavailable"}var
p=m.match(/\d+/g)||[0];b[c]={available:0<p[0],activeX:d&&!d.name,version:{
original:m,array:p,string:p.join("."),major:parseInt(p[0],10)||0,minor:parseInt(p
[1],10)||0,release:parseInt(p[2],10)||0},hasVersion:function(b){b=/string|numb
er/.test(typeof b)?b.toString().split("."):/object/.test(typeof
b)?[b.major,b.minor]:b||[0,0];return
f(p,b)},encodeParams:!0,expressInstall:"expressInstall.swf",expressInstallIsActiv
e:!1,create:function(b){if(!b.swf||this.expressInstallIsActive||!this.available&&
PAGE 14 OF 77
....
234.
!b.hasVersionFail)return!1;if(!this.hasVersion(b.hasVersion||1)){this.ex
pressInstallIsActive=!0;if("function"==typeof
b.hasVersionFail&&!b.hasVersionFail.apply(b))return!1;b={swf:b.expressIn
stall||this.expressInstall,height:137,width:214,flashvars:{MMredirectURL
:location.href,MMplayerType:this.activeX?"ActiveX":"PlugIn",MMdoctitle:d
ocument.title.slice(0,47)+" - Flash Player
Installation"}}}attrs={data:b.swf,type:"application/x-shockwave-
flash",id:b.id||"flash_"+Math.floor(999999999*Math.random()),
235.
width:b.width||320,height:b.height||180,style:b.style||""};l="undefined"
!==typeof
b.useEncode?b.useEncode:this.encodeParams;b.movie=b.swf;b.wmode=b.wmode|
|"opaque";delete b.fallback;delete b.hasVersion;delete
b.hasVersionFail;delete b.height;delete b.id;delete b.swf;delete
b.useEncode;delete b.width;var
c=document.createElement("div"),d;d=attrs;var f=[],g;for(g in
d)d[g]&&f.push([g,'="',d[g],'"'].join(""));d=f.join("
");c.innerHTML=["<object ",d,">",h(b),"</object>"].join("");return
c.firstChild}};
Client DOM XSS\路徑 3:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=15
狀態 新的
方法P於PDF/js/swfobject.js的第279行得到了使用者輸入的toString元素。該元素的值於程式流程中沒有
被正確地過濾(Filter)或驗證,最終於PDF/js/swfobject.js的第364行u方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/js/swfobject.js PDF/js/swfobject.js
行 304 396
物件 toString outerHTML
代碼片斷 PDF/js/swfobject.js
檔案名稱 function P(aa, ab, X, Z) {
方法
....
304. ac = "MMredirectURL=" +
O.location.toString().replace(/&/g, "%26") + "&MMplayerType=" + ad +
"&MMdoctitle=" + j.title;
檔案名稱 PDF/js/swfobject.js
方法 function u(ai, ag, Y) {
PAGE 15 OF 77
....
396. aa.outerHTML = '<object classid="clsid:D27CDB6E-
AE6D-11cf-96B8-444553540000"' + ah + ">" + af + "</object>";
Client DOM XSS\路徑 4:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=16
新的
方法show:function於PDF/mobile/javascript/main.js的第1265行得到了使用者輸入的width元素。該元素的
值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第1259行Class
方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1265 1262
物件 width append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 show:function(){this.content.show()},showAnimate:function(){if(this.config.anim
ation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:c.nam
e+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animation:""})}.b
ind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,x:
b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflection,
....
1265.
show:function(){this.content.show()},showAnimate:function(){if(this.conf
ig.animation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:
c.name+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animatio
n:""})}.bind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.locatio
n.reflection,
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("Video",{Package:"PageItem",create:function(b,c,d,f,g){this.config=this.pa
rseConfig(c);this.animateConfig();this.parent=b;this.pageWidth=d;this.pageHeig
ht=f;this.width=this.config.width*this.pageWidth;this.height=this.config.height*t
his.pageHeight;this.x=this.config.x*this.pageWidth;this.y=this.config.y*this.page
Height;this.playCount=0;this.content=$("<div class='flip-
action'></div>");this.content.css({position:"absolute",overflow:"hidden",left:this
.x+"px",top:this.y+"px",width:this.width+"px",
PAGE 16 OF 77
....
1262.
width:"100%",height:"100%",opacity:this.config.alpha});this.config.previ
ewSrc&&this.video.$media.attr("poster",this.config.previewSrc);this.cont
ent.append(this.video.$media);void
0!=this.video.$media[0].play&&(this.videoSkin=this.content.addVideoSkin(
g,this.video),this.video.$media.removeAttr("controls"));this.content.bin
d(_event._down,function(b){b.stopPropagation()});this.video.$media.bind(
_event._down,function(b){b.stopPropagation()});parseBool(this.config.ref
lection)&&this.imageReflection(this.video.$media,
Client DOM XSS\路徑 5:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=17
狀態 新的
方法show:function於PDF/mobile/javascript/main.js的第1265行得到了使用者輸入的height元素。該元素的
值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第1259行Class
方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1265 1262
物件 height append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 show:function(){this.content.show()},showAnimate:function(){if(this.config.anim
ation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:c.nam
e+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animation:""})}.b
ind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,x:
b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflection,
....
1265.
show:function(){this.content.show()},showAnimate:function(){if(this.conf
ig.animation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:
c.name+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animatio
n:""})}.bind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.locatio
n.reflection,
檔案名稱 PDF/mobile/javascript/main.js
PAGE 17 OF 77
方法 Class("Video",{Package:"PageItem",create:function(b,c,d,f,g){this.config=this.pa
rseConfig(c);this.animateConfig();this.parent=b;this.pageWidth=d;this.pageHeig
ht=f;this.width=this.config.width*this.pageWidth;this.height=this.config.height*t
his.pageHeight;this.x=this.config.x*this.pageWidth;this.y=this.config.y*this.page
Height;this.playCount=0;this.content=$("<div class='flip-
action'></div>");this.content.css({position:"absolute",overflow:"hidden",left:this
.x+"px",top:this.y+"px",width:this.width+"px",
....
1262.
width:"100%",height:"100%",opacity:this.config.alpha});this.config.previ
ewSrc&&this.video.$media.attr("poster",this.config.previewSrc);this.cont
ent.append(this.video.$media);void
0!=this.video.$media[0].play&&(this.videoSkin=this.content.addVideoSkin(
g,this.video),this.video.$media.removeAttr("controls"));this.content.bin
d(_event._down,function(b){b.stopPropagation()});this.video.$media.bind(
_event._down,function(b){b.stopPropagation()});parseBool(this.config.ref
lection)&&this.imageReflection(this.video.$media,
Client DOM XSS\路徑 6:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=18
狀態 新的
方法show:function於PDF/mobile/javascript/main.js的第1265行得到了使用者輸入的rotation元素。該元素
的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第1259行Clas
s方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1265 1262
物件 rotation append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 show:function(){this.content.show()},showAnimate:function(){if(this.config.anim
ation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:c.nam
e+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animation:""})}.b
ind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,x:
b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflection,
PAGE 18 OF 77
....
1265.
show:function(){this.content.show()},showAnimate:function(){if(this.conf
ig.animation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:
c.name+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animatio
n:""})}.bind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.locatio
n.reflection,
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("Video",{Package:"PageItem",create:function(b,c,d,f,g){this.config=this.pa
rseConfig(c);this.animateConfig();this.parent=b;this.pageWidth=d;this.pageHeig
ht=f;this.width=this.config.width*this.pageWidth;this.height=this.config.height*t
his.pageHeight;this.x=this.config.x*this.pageWidth;this.y=this.config.y*this.page
Height;this.playCount=0;this.content=$("<div class='flip-
action'></div>");this.content.css({position:"absolute",overflow:"hidden",left:this
.x+"px",top:this.y+"px",width:this.width+"px",
....
1262.
width:"100%",height:"100%",opacity:this.config.alpha});this.config.previ
ewSrc&&this.video.$media.attr("poster",this.config.previewSrc);this.cont
ent.append(this.video.$media);void
0!=this.video.$media[0].play&&(this.videoSkin=this.content.addVideoSkin(
g,this.video),this.video.$media.removeAttr("controls"));this.content.bin
d(_event._down,function(b){b.stopPropagation()});this.video.$media.bind(
_event._down,function(b){b.stopPropagation()});parseBool(this.config.ref
lection)&&this.imageReflection(this.video.$media,
Client DOM XSS\路徑 7:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=19
狀態 新的
方法show:function於PDF/mobile/javascript/main.js的第1265行得到了使用者輸入的x元素。該元素的值於
程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第1259行Class方法
。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1265 1262
物件 x append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
PAGE 19 OF 77
方法 show:function(){this.content.show()},showAnimate:function(){if(this.config.anim
ation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:c.nam
e+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animation:""})}.b
ind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,x:
b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflection,
....
1265.
show:function(){this.content.show()},showAnimate:function(){if(this.conf
ig.animation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:
c.name+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animatio
n:""})}.bind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.locatio
n.reflection,
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("Video",{Package:"PageItem",create:function(b,c,d,f,g){this.config=this.pa
rseConfig(c);this.animateConfig();this.parent=b;this.pageWidth=d;this.pageHeig
ht=f;this.width=this.config.width*this.pageWidth;this.height=this.config.height*t
his.pageHeight;this.x=this.config.x*this.pageWidth;this.y=this.config.y*this.page
Height;this.playCount=0;this.content=$("<div class='flip-
action'></div>");this.content.css({position:"absolute",overflow:"hidden",left:this
.x+"px",top:this.y+"px",width:this.width+"px",
....
1262.
width:"100%",height:"100%",opacity:this.config.alpha});this.config.previ
ewSrc&&this.video.$media.attr("poster",this.config.previewSrc);this.cont
ent.append(this.video.$media);void
0!=this.video.$media[0].play&&(this.videoSkin=this.content.addVideoSkin(
g,this.video),this.video.$media.removeAttr("controls"));this.content.bin
d(_event._down,function(b){b.stopPropagation()});this.video.$media.bind(
_event._down,function(b){b.stopPropagation()});parseBool(this.config.ref
lection)&&this.imageReflection(this.video.$media,
Client DOM XSS\路徑 8:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=20
新的
方法show:function於PDF/mobile/javascript/main.js的第1265行得到了使用者輸入的y元素。該元素的值於
程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第1259行Class方法
。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
PAGE 20 OF 77
行 1265 1262
物件 y append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 show:function(){this.content.show()},showAnimate:function(){if(this.config.anim
ation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:c.nam
e+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animation:""})}.b
ind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,x:
b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflection,
....
1265.
show:function(){this.content.show()},showAnimate:function(){if(this.conf
ig.animation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:
c.name+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animatio
n:""})}.bind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.locatio
n.reflection,
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("Video",{Package:"PageItem",create:function(b,c,d,f,g){this.config=this.pa
rseConfig(c);this.animateConfig();this.parent=b;this.pageWidth=d;this.pageHeig
ht=f;this.width=this.config.width*this.pageWidth;this.height=this.config.height*t
his.pageHeight;this.x=this.config.x*this.pageWidth;this.y=this.config.y*this.page
Height;this.playCount=0;this.content=$("<div class='flip-
action'></div>");this.content.css({position:"absolute",overflow:"hidden",left:this
.x+"px",top:this.y+"px",width:this.width+"px",
....
1262.
width:"100%",height:"100%",opacity:this.config.alpha});this.config.previ
ewSrc&&this.video.$media.attr("poster",this.config.previewSrc);this.cont
ent.append(this.video.$media);void
0!=this.video.$media[0].play&&(this.videoSkin=this.content.addVideoSkin(
g,this.video),this.video.$media.removeAttr("controls"));this.content.bin
d(_event._down,function(b){b.stopPropagation()});this.video.$media.bind(
_event._down,function(b){b.stopPropagation()});parseBool(this.config.ref
lection)&&this.imageReflection(this.video.$media,
Client DOM XSS\路徑 9:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=21
狀態 新的
PAGE 21 OF 77
方法show:function於PDF/mobile/javascript/main.js的第1265行得到了使用者輸入的reflection元素。該元素
的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第1259行Clas
s方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1265 1262
物件 reflection append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 show:function(){this.content.show()},showAnimate:function(){if(this.config.anim
ation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:c.nam
e+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animation:""})}.b
ind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,x:
b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflection,
....
1265.
show:function(){this.content.show()},showAnimate:function(){if(this.conf
ig.animation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:
c.name+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animatio
n:""})}.bind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.locatio
n.reflection,
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("Video",{Package:"PageItem",create:function(b,c,d,f,g){this.config=this.pa
rseConfig(c);this.animateConfig();this.parent=b;this.pageWidth=d;this.pageHeig
ht=f;this.width=this.config.width*this.pageWidth;this.height=this.config.height*t
his.pageHeight;this.x=this.config.x*this.pageWidth;this.y=this.config.y*this.page
Height;this.playCount=0;this.content=$("<div class='flip-
action'></div>");this.content.css({position:"absolute",overflow:"hidden",left:this
.x+"px",top:this.y+"px",width:this.width+"px",
....
1262.
width:"100%",height:"100%",opacity:this.config.alpha});this.config.previ
ewSrc&&this.video.$media.attr("poster",this.config.previewSrc);this.cont
ent.append(this.video.$media);void
0!=this.video.$media[0].play&&(this.videoSkin=this.content.addVideoSkin(
g,this.video),this.video.$media.removeAttr("controls"));this.content.bin
d(_event._down,function(b){b.stopPropagation()});this.video.$media.bind(
_event._down,function(b){b.stopPropagation()});parseBool(this.config.ref
lection)&&this.imageReflection(this.video.$media,
Client DOM XSS\路徑 10:
PAGE 22 OF 77
嚴重程度: 高風險
結果狀態: 校驗
線上結果
http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=22
新的
方法show:function於PDF/mobile/javascript/main.js的第1265行得到了使用者輸入的reflectionType元素。該
元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第1259
行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1266 1262
物件 reflectionType append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 show:function(){this.content.show()},showAnimate:function(){if(this.config.anim
ation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:c.nam
e+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animation:""})}.b
ind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,x:
b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflection,
....
1266.
reflectionType:b.location.reflectionType,reflectionAlpha:b.location.refl
ectionAlpha,previewSrc:b.previewUrl,moviePlayTriggerEvt:b.moviePlayTrigg
erEvt?b.moviePlayTriggerEvt:b.PlayTriggerEvt,movieStopTriggerEvt:b.movie
StopTriggerEvt?b.movieStopTriggerEvt:b.StopTriggerEvt,replayWhenPlayEven
tTrigger:b.replayWhenPlayEventTrigger,animation:b.animation};b.H5Playbac
kNumber&&(c.H5PlaybackNumber=parseInt(b.H5PlaybackNumber));b.H5Replay&&(
c.H5Replay=parseBool(b.H5Replay));b.componentData&&(c.moviePlayTriggerEv
t=
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("Video",{Package:"PageItem",create:function(b,c,d,f,g){this.config=this.pa
rseConfig(c);this.animateConfig();this.parent=b;this.pageWidth=d;this.pageHeig
ht=f;this.width=this.config.width*this.pageWidth;this.height=this.config.height*t
his.pageHeight;this.x=this.config.x*this.pageWidth;this.y=this.config.y*this.page
Height;this.playCount=0;this.content=$("<div class='flip-
action'></div>");this.content.css({position:"absolute",overflow:"hidden",left:this
.x+"px",top:this.y+"px",width:this.width+"px",
PAGE 23 OF 77
....
1262.
width:"100%",height:"100%",opacity:this.config.alpha});this.config.previ
ewSrc&&this.video.$media.attr("poster",this.config.previewSrc);this.cont
ent.append(this.video.$media);void
0!=this.video.$media[0].play&&(this.videoSkin=this.content.addVideoSkin(
g,this.video),this.video.$media.removeAttr("controls"));this.content.bin
d(_event._down,function(b){b.stopPropagation()});this.video.$media.bind(
_event._down,function(b){b.stopPropagation()});parseBool(this.config.ref
lection)&&this.imageReflection(this.video.$media,
Client DOM XSS\路徑 11:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=23
狀態 新的
方法show:function於PDF/mobile/javascript/main.js的第1265行得到了使用者輸入的reflectionAlpha元素。
該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/main.js的第125
9行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1266 1262
物件 reflectionAlpha append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 show:function(){this.content.show()},showAnimate:function(){if(this.config.anim
ation&&this.config.animation.name){var
b=getAnimationEnd(),c=this.config.animation;this.content.css({animation:c.nam
e+" "+c.duration+"s "+c.timeFun+" "+c.delay+"s "+c.count+"
"+c.direction});this.content.one(b,function(){this.content.css({animation:""})}.b
ind(this))}},parseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,x:
b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflection,
....
1266.
reflectionType:b.location.reflectionType,reflectionAlpha:b.location.refl
ectionAlpha,previewSrc:b.previewUrl,moviePlayTriggerEvt:b.moviePlayTrigg
erEvt?b.moviePlayTriggerEvt:b.PlayTriggerEvt,movieStopTriggerEvt:b.movie
StopTriggerEvt?b.movieStopTriggerEvt:b.StopTriggerEvt,replayWhenPlayEven
tTrigger:b.replayWhenPlayEventTrigger,animation:b.animation};b.H5Playbac
kNumber&&(c.H5PlaybackNumber=parseInt(b.H5PlaybackNumber));b.H5Replay&&(
c.H5Replay=parseBool(b.H5Replay));b.componentData&&(c.moviePlayTriggerEv
t=
檔案名稱 PDF/mobile/javascript/main.js
PAGE 24 OF 77
方法 Class("Video",{Package:"PageItem",create:function(b,c,d,f,g){this.config=this.pa
rseConfig(c);this.animateConfig();this.parent=b;this.pageWidth=d;this.pageHeig
ht=f;this.width=this.config.width*this.pageWidth;this.height=this.config.height*t
his.pageHeight;this.x=this.config.x*this.pageWidth;this.y=this.config.y*this.page
Height;this.playCount=0;this.content=$("<div class='flip-
action'></div>");this.content.css({position:"absolute",overflow:"hidden",left:this
.x+"px",top:this.y+"px",width:this.width+"px",
....
1262.
width:"100%",height:"100%",opacity:this.config.alpha});this.config.previ
ewSrc&&this.video.$media.attr("poster",this.config.previewSrc);this.cont
ent.append(this.video.$media);void
0!=this.video.$media[0].play&&(this.videoSkin=this.content.addVideoSkin(
g,this.video),this.video.$media.removeAttr("controls"));this.content.bin
d(_event._down,function(b){b.stopPropagation()});this.video.$media.bind(
_event._down,function(b){b.stopPropagation()});parseBool(this.config.ref
lection)&&this.imageReflection(this.video.$media,
Client DOM XSS\路徑 12:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=24
狀態 新的
方法this.config.previewSrc);this.parent.append於PDF/mobile/javascript/main.js的第2365行得到了使用者輸
入的width元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript
/main.js的第2362行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 2365 2365
物件 width append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 this.config.previewSrc);this.parent.append(this.content);this.content.append(this
.video.$media);this.content.append(this.control);this.control.append(this.canvas
Div);this.canvasDiv.append(this.loopControl);this.control.append(this.playBtn);th
is.control.append(this.volume);this.control.append(this.time);this.control.append
(this.fullscreen);this.canvasDiv.append(this.time);this.setCss();this.initEvent()},p
arseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,
PAGE 25 OF 77
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("LoopControlVideo",{Package:"PageItem",create:function(b,c,d,f){this.confi
g=this.parseConfig(c);this.animateConfig();this.playCount=0;this.parent=b;this.
pageWidth=d;this.pageHeight=f;this.width=this.config.width*this.pageWidth;this
.height=this.config.height*this.pageHeight;this.x=this.config.x*this.pageWidth;th
is.y=this.config.y*this.pageHeight;this.cvsWidth=0.54*this.width;this.cvsHeight
=this.height;this.content=$("<div class='flip-action'
style='overflow:hidden;'></div>");this.control=$("<div class='video-circle-
controls'></div>");
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
Client DOM XSS\路徑 13:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=25
狀態 新的
方法this.config.previewSrc);this.parent.append於PDF/mobile/javascript/main.js的第2365行得到了使用者輸
入的height元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascrip
t/main.js的第2362行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 2365 2365
物件 height append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
PAGE 26 OF 77
方法 this.config.previewSrc);this.parent.append(this.content);this.content.append(this
.video.$media);this.content.append(this.control);this.control.append(this.canvas
Div);this.canvasDiv.append(this.loopControl);this.control.append(this.playBtn);th
is.control.append(this.volume);this.control.append(this.time);this.control.append
(this.fullscreen);this.canvasDiv.append(this.time);this.setCss();this.initEvent()},p
arseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("LoopControlVideo",{Package:"PageItem",create:function(b,c,d,f){this.confi
g=this.parseConfig(c);this.animateConfig();this.playCount=0;this.parent=b;this.
pageWidth=d;this.pageHeight=f;this.width=this.config.width*this.pageWidth;this
.height=this.config.height*this.pageHeight;this.x=this.config.x*this.pageWidth;th
is.y=this.config.y*this.pageHeight;this.cvsWidth=0.54*this.width;this.cvsHeight
=this.height;this.content=$("<div class='flip-action'
style='overflow:hidden;'></div>");this.control=$("<div class='video-circle-
controls'></div>");
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
Client DOM XSS\路徑 14:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=26
狀態 新的
方法this.config.previewSrc);this.parent.append於PDF/mobile/javascript/main.js的第2365行得到了使用者輸
入的rotation元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascri
pt/main.js的第2362行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
PAGE 27 OF 77
行 2365 2365
物件 rotation append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 this.config.previewSrc);this.parent.append(this.content);this.content.append(this
.video.$media);this.content.append(this.control);this.control.append(this.canvas
Div);this.canvasDiv.append(this.loopControl);this.control.append(this.playBtn);th
is.control.append(this.volume);this.control.append(this.time);this.control.append
(this.fullscreen);this.canvasDiv.append(this.time);this.setCss();this.initEvent()},p
arseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("LoopControlVideo",{Package:"PageItem",create:function(b,c,d,f){this.confi
g=this.parseConfig(c);this.animateConfig();this.playCount=0;this.parent=b;this.
pageWidth=d;this.pageHeight=f;this.width=this.config.width*this.pageWidth;this
.height=this.config.height*this.pageHeight;this.x=this.config.x*this.pageWidth;th
is.y=this.config.y*this.pageHeight;this.cvsWidth=0.54*this.width;this.cvsHeight
=this.height;this.content=$("<div class='flip-action'
style='overflow:hidden;'></div>");this.control=$("<div class='video-circle-
controls'></div>");
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
Client DOM XSS\路徑 15:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=27
新的
PAGE 28 OF 77
方法this.config.previewSrc);this.parent.append於PDF/mobile/javascript/main.js的第2365行得到了使用者輸
入的x元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/mai
n.js的第2362行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 2366 2365
物件 x append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 this.config.previewSrc);this.parent.append(this.content);this.content.append(this
.video.$media);this.content.append(this.control);this.control.append(this.canvas
Div);this.canvasDiv.append(this.loopControl);this.control.append(this.playBtn);th
is.control.append(this.volume);this.control.append(this.time);this.control.append
(this.fullscreen);this.canvasDiv.append(this.time);this.setCss();this.initEvent()},p
arseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,
....
2366.
x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflec
tion,reflectionType:b.location.reflectionType,reflectionAlpha:b.location
.reflectionAlpha,previewSrc:b.previewURL,moviePlayTriggerEvt:b.moviePlay
TriggerEvt?b.moviePlayTriggerEvt:b.PlayTriggerEvt,movieStopTriggerEvt:b.
StopTriggerEvt,replayWhenPlayEventTrigger:b.replayWhenPlayEventTrigger,a
nimation:b.animation};b.H5PlaybackNumber&&(c.H5PlaybackNumber=parseInt(b
.H5PlaybackNumber));b.H5Replay&&(c.H5Replay=parseBool(b.H5Replay));void
0!=
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("LoopControlVideo",{Package:"PageItem",create:function(b,c,d,f){this.confi
g=this.parseConfig(c);this.animateConfig();this.playCount=0;this.parent=b;this.
pageWidth=d;this.pageHeight=f;this.width=this.config.width*this.pageWidth;this
.height=this.config.height*this.pageHeight;this.x=this.config.x*this.pageWidth;th
is.y=this.config.y*this.pageHeight;this.cvsWidth=0.54*this.width;this.cvsHeight
=this.height;this.content=$("<div class='flip-action'
style='overflow:hidden;'></div>");this.control=$("<div class='video-circle-
controls'></div>");
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
Client DOM XSS\路徑 16:
PAGE 29 OF 77
嚴重程度: 高風險
結果狀態: 校驗
線上結果
http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=28
新的
方法this.config.previewSrc);this.parent.append於PDF/mobile/javascript/main.js的第2365行得到了使用者輸
入的y元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javascript/mai
n.js的第2362行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 2366 2365
物件 y append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 this.config.previewSrc);this.parent.append(this.content);this.content.append(this
.video.$media);this.content.append(this.control);this.control.append(this.canvas
Div);this.canvasDiv.append(this.loopControl);this.control.append(this.playBtn);th
is.control.append(this.volume);this.control.append(this.time);this.control.append
(this.fullscreen);this.canvasDiv.append(this.time);this.setCss();this.initEvent()},p
arseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,
....
2366.
x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflec
tion,reflectionType:b.location.reflectionType,reflectionAlpha:b.location
.reflectionAlpha,previewSrc:b.previewURL,moviePlayTriggerEvt:b.moviePlay
TriggerEvt?b.moviePlayTriggerEvt:b.PlayTriggerEvt,movieStopTriggerEvt:b.
StopTriggerEvt,replayWhenPlayEventTrigger:b.replayWhenPlayEventTrigger,a
nimation:b.animation};b.H5PlaybackNumber&&(c.H5PlaybackNumber=parseInt(b
.H5PlaybackNumber));b.H5Replay&&(c.H5Replay=parseBool(b.H5Replay));void
0!=
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("LoopControlVideo",{Package:"PageItem",create:function(b,c,d,f){this.confi
g=this.parseConfig(c);this.animateConfig();this.playCount=0;this.parent=b;this.
pageWidth=d;this.pageHeight=f;this.width=this.config.width*this.pageWidth;this
.height=this.config.height*this.pageHeight;this.x=this.config.x*this.pageWidth;th
is.y=this.config.y*this.pageHeight;this.cvsWidth=0.54*this.width;this.cvsHeight
=this.height;this.content=$("<div class='flip-action'
style='overflow:hidden;'></div>");this.control=$("<div class='video-circle-
controls'></div>");
PAGE 30 OF 77
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
Client DOM XSS\路徑 17:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=29
狀態 新的
方法this.config.previewSrc);this.parent.append於PDF/mobile/javascript/main.js的第2365行得到了使用者輸
入的reflection元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/javas
cript/main.js的第2362行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 2366 2365
物件 reflection append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 this.config.previewSrc);this.parent.append(this.content);this.content.append(this
.video.$media);this.content.append(this.control);this.control.append(this.canvas
Div);this.canvasDiv.append(this.loopControl);this.control.append(this.playBtn);th
is.control.append(this.volume);this.control.append(this.time);this.control.append
(this.fullscreen);this.canvasDiv.append(this.time);this.setCss();this.initEvent()},p
arseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,
....
2366.
x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflec
tion,reflectionType:b.location.reflectionType,reflectionAlpha:b.location
.reflectionAlpha,previewSrc:b.previewURL,moviePlayTriggerEvt:b.moviePlay
TriggerEvt?b.moviePlayTriggerEvt:b.PlayTriggerEvt,movieStopTriggerEvt:b.
StopTriggerEvt,replayWhenPlayEventTrigger:b.replayWhenPlayEventTrigger,a
nimation:b.animation};b.H5PlaybackNumber&&(c.H5PlaybackNumber=parseInt(b
.H5PlaybackNumber));b.H5Replay&&(c.H5Replay=parseBool(b.H5Replay));void
0!=
檔案名稱 PDF/mobile/javascript/main.js
PAGE 31 OF 77
方法 Class("LoopControlVideo",{Package:"PageItem",create:function(b,c,d,f){this.confi
g=this.parseConfig(c);this.animateConfig();this.playCount=0;this.parent=b;this.
pageWidth=d;this.pageHeight=f;this.width=this.config.width*this.pageWidth;this
.height=this.config.height*this.pageHeight;this.x=this.config.x*this.pageWidth;th
is.y=this.config.y*this.pageHeight;this.cvsWidth=0.54*this.width;this.cvsHeight
=this.height;this.content=$("<div class='flip-action'
style='overflow:hidden;'></div>");this.control=$("<div class='video-circle-
controls'></div>");
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
Client DOM XSS\路徑 18:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=30
狀態 新的
方法this.config.previewSrc);this.parent.append於PDF/mobile/javascript/main.js的第2365行得到了使用者輸
入的reflectionType元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/j
avascript/main.js的第2362行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 2366 2365
物件 reflectionType append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 this.config.previewSrc);this.parent.append(this.content);this.content.append(this
.video.$media);this.content.append(this.control);this.control.append(this.canvas
Div);this.canvasDiv.append(this.loopControl);this.control.append(this.playBtn);th
is.control.append(this.volume);this.control.append(this.time);this.control.append
(this.fullscreen);this.canvasDiv.append(this.time);this.setCss();this.initEvent()},p
arseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,
PAGE 32 OF 77
....
2366.
x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflec
tion,reflectionType:b.location.reflectionType,reflectionAlpha:b.location
.reflectionAlpha,previewSrc:b.previewURL,moviePlayTriggerEvt:b.moviePlay
TriggerEvt?b.moviePlayTriggerEvt:b.PlayTriggerEvt,movieStopTriggerEvt:b.
StopTriggerEvt,replayWhenPlayEventTrigger:b.replayWhenPlayEventTrigger,a
nimation:b.animation};b.H5PlaybackNumber&&(c.H5PlaybackNumber=parseInt(b
.H5PlaybackNumber));b.H5Replay&&(c.H5Replay=parseBool(b.H5Replay));void
0!=
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("LoopControlVideo",{Package:"PageItem",create:function(b,c,d,f){this.confi
g=this.parseConfig(c);this.animateConfig();this.playCount=0;this.parent=b;this.
pageWidth=d;this.pageHeight=f;this.width=this.config.width*this.pageWidth;this
.height=this.config.height*this.pageHeight;this.x=this.config.x*this.pageWidth;th
is.y=this.config.y*this.pageHeight;this.cvsWidth=0.54*this.width;this.cvsHeight
=this.height;this.content=$("<div class='flip-action'
style='overflow:hidden;'></div>");this.control=$("<div class='video-circle-
controls'></div>");
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
Client DOM XSS\路徑 19:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=31
新的
方法this.config.previewSrc);this.parent.append於PDF/mobile/javascript/main.js的第2365行得到了使用者輸
入的reflectionAlpha元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,最終於PDF/mobile/
javascript/main.js的第2362行Class方法 。這可能發生DOM XSS攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 2366 2365
物件 reflectionAlpha append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
PAGE 33 OF 77
方法 this.config.previewSrc);this.parent.append(this.content);this.content.append(this
.video.$media);this.content.append(this.control);this.control.append(this.canvas
Div);this.canvasDiv.append(this.loopControl);this.control.append(this.playBtn);th
is.control.append(this.volume);this.control.append(this.time);this.control.append
(this.fullscreen);this.canvasDiv.append(this.time);this.setCss();this.initEvent()},p
arseConfig:function(b){var
c={width:b.location.width,height:b.location.height,rotation:b.location.rotation,
....
2366.
x:b.location.x,y:b.location.y,alpha:b.alpha,reflection:b.location.reflec
tion,reflectionType:b.location.reflectionType,reflectionAlpha:b.location
.reflectionAlpha,previewSrc:b.previewURL,moviePlayTriggerEvt:b.moviePlay
TriggerEvt?b.moviePlayTriggerEvt:b.PlayTriggerEvt,movieStopTriggerEvt:b.
StopTriggerEvt,replayWhenPlayEventTrigger:b.replayWhenPlayEventTrigger,a
nimation:b.animation};b.H5PlaybackNumber&&(c.H5PlaybackNumber=parseInt(b
.H5PlaybackNumber));b.H5Replay&&(c.H5Replay=parseBool(b.H5Replay));void
0!=
檔案名稱 PDF/mobile/javascript/main.js
方法
Class("LoopControlVideo",{Package:"PageItem",create:function(b,c,d,f){this.confi
g=this.parseConfig(c);this.animateConfig();this.playCount=0;this.parent=b;this.
pageWidth=d;this.pageHeight=f;this.width=this.config.width*this.pageWidth;this
.height=this.config.height*this.pageHeight;this.x=this.config.x*this.pageWidth;th
is.y=this.config.y*this.pageHeight;this.cvsWidth=0.54*this.width;this.cvsHeight
=this.height;this.content=$("<div class='flip-action'
style='overflow:hidden;'></div>");this.control=$("<div class='video-circle-
controls'></div>");
....
2365.
this.config.previewSrc);this.parent.append(this.content);this.content.ap
pend(this.video.$media);this.content.append(this.control);this.control.a
ppend(this.canvasDiv);this.canvasDiv.append(this.loopControl);this.contr
ol.append(this.playBtn);this.control.append(this.volume);this.control.ap
pend(this.time);this.control.append(this.fullscreen);this.canvasDiv.appe
nd(this.time);this.setCss();this.initEvent()},parseConfig:function(b){va
r
c={width:b.location.width,height:b.location.height,rotation:b.location.r
otation,
Client DOM Stored Code Injection
查詢路徑:
JavaScript\Cx\JavaScript High Risk\Client DOM Stored Code Injection 版本:1
類別
PCI DSS v3.2: PCI DSS (3.2) - 6.5.1 - Injection flaws - particularly SQL injection
OWASP Top 10 2013: A1-Injection
FISMA 2014: Configuration Management
NIST SP 800-53: SI-10 Information Input Validation (P1)
OWASP Top 10 2017: A1-Injection
描述
Client DOM Stored Code Injection\路徑 1:
嚴重程度: 高風險
PAGE 34 OF 77
結果狀態: 校驗
線上結果
http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=4
新的
方法c+"]"}},delArrayOrderKey:function在PDF/mobile/javascript/main.js第729
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為cookie元
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第690行uiBaseURL;this.noteButtonIsShow=!0;this.createNote方法於瀏覽器中
執行。這可能為DOM存儲的程式碼注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 730 694
物件 cookie eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 c.length-1);return c+"]"}},delArrayOrderKey:function(b,c){if(b)for(var
d=0;d<b.length;d++)b[d].key&&b[d].key==c&&b.remove(d)},updateArrayOrder
Key:function(b,c,d){if(b)for(var
f=0;f<b.length;f++)b[f].key&&b[f].key==c&&$.extend(b[f],d)},downJSonArrByK
ey:function(b,c){b.sort(function(b,f){return
parseInt(b[c])>parseInt(f[c])?1:parseInt(b[c])==parseInt(f[c])?0:-
1})},isArray:function(b){return"[object
Array]"==Object.prototype.toString.call(b)},getLocalStorage:function(b){try{if(w
indow.localStorage)return window.localStorage.getItem(b);
....
730. for(var c=document.cookie.split("; "),d=0;d<c.length;d++){var
f=c[d].split("=");if(f[0]==b)return
unescape(f[1])}return""}catch(g){}},addLocalStorage:function(b,c){try{if
(window.localStorage)window.localStorage.setItem(b,c);else{var
d=b+"="+escape(c),f=new Date;f.setTime(f.getTime()+864E8);d+=";
expires="+f.toGMTString();document.cookie=d}}catch(g){}},createScrollBar
:function(b){b=$("<div>",{"class":"ScrollBar",css:{position:"absolute",w
idth:6,height:"100%",backgroundColor:"#a8a8a8",borderRadius:0,
檔案名稱 PDF/mobile/javascript/main.js
方法
uiBaseURL;this.noteButtonIsShow=!0;this.createNote(b);this.bindEvents()},creat
eNote:function(b){var c=this;this.note=$("<div class='noteCookie-
note'></div>").css({left:"40%"}).appendTo(b).hide();this.noteTitle=$("<div
class='noteCookie-noteTitle'></div>").append($("<span class='noteCookie-
noteTitle-
text'></span>").html("Notes")).appendTo(this.note);this.noteTitleShowBtn=$("
<div class='noteCookie-noteTitle-
showBtn'></div>").css({right:32}).attr("title","Minimize").append($("<img
style='margin-left: 3px;margin-top: 3px;'/>").attr("src",
PAGE 35 OF 77
....
694.
d.append(f).append(g);this.noteLists.append(d);this.noteTable=$("<div
class='noteCookie-
noteTable'></div>").css({maxHeight:188}).appendTo(this.noteLists);this.n
oteTableInner=$("<div class='noteCookie-noteTable-
inner'></div>").appendTo(this.noteTable);isTouch||this.note.transition3D
();this.createScrollBar(this.noteTable);try{var
h=this.getLocalStorage(this.cookieName),k=eval(h);if(k)for(this.downJSon
ArrByKey(k,"page"),h=0;h<k.length;h++)this.addListData($.extend(k[h],{fi
rstDown:!0}))}catch(l){}for(h=
Client DOM Stored Code Injection\路徑 2:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=5
狀態 新的
方法n=m.getContext在PDF/mobile/javascript/main.js第808
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為cookie元
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第744行k.on方法於瀏覽器中執行。這可能為DOM存儲的程式碼注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 808 746
物件 cookie eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 left:0,top:-16});var
n=m.getContext("2d"),p=f.data.concat(),q=p.pop();this.draw(m,n,p,q.color,1);m
=this.trimCanvas(m);n=this.parseData({left:g,top:h,width:m.width,height:m.hei
ght},c[0].offsetWidth,c[0].offsetHeight)}this.oldData[k]=$.extend({},m,{width:
n.width,height:n.height});m=$.extend({},m,{width:f.width,height:f.height});thi
s.createSignatureImg(c,m,f.page,g,h,k,l)}}},getLocalStorage:function(b){try{if(
window.localStorage)return window.localStorage.getItem(b);for(var
c=document.cookie.split("; "),
....
808. left:0,top:-16});var
n=m.getContext("2d"),p=f.data.concat(),q=p.pop();this.draw(m,n,p,q.color
,1);m=this.trimCanvas(m);n=this.parseData({left:g,top:h,width:m.width,he
ight:m.height},c[0].offsetWidth,c[0].offsetHeight)}this.oldData[k]=$.ext
end({},m,{width:n.width,height:n.height});m=$.extend({},m,{width:f.width
,height:f.height});this.createSignatureImg(c,m,f.page,g,h,k,l)}}},getLoc
alStorage:function(b){try{if(window.localStorage)return
window.localStorage.getItem(b);for(var c=document.cookie.split("; "),
檔案名稱 PDF/mobile/javascript/main.js
PAGE 36 OF 77
方法 k.on("click touchend",function(){var b=c.currentObj.attr("data-
key");c.showTimeFalg[b]?(c.currentObj.find(".flipHTML5Signature-
eachDate").hide(),c.showTimeFalg[b]=!1):(c.reviseDateTag(),c.currentObj.find(".
flipHTML5Signature-
eachDate").show(),c.showTimeFalg[b]=!0)});d.on("mousedown
touchstart",function(b){b.preventDefault();b.stopPropagation();return!1});this.c
ontainer.add($(document)).add(BookInfo.container()).on("mousedown.hideToolB
ar touchstart.hideToolBar",function(){d.hide()});return
d},createSignature:function(b){var c=
....
746. "signature_close.png")).appendTo(this.$signatureTitle);try{var
d=this.getLocalStorage(this.signatureName);this.signatureCookies=d&&"und
efined"!=d?eval(d):[]}catch(f){}var
g,h;this.$signatureTitle.on("mousedown
touchstart",function(d){d.preventDefault();d.stopPropagation();d=d.origi
nalEvent.touches?d.originalEvent.touches[0]:d;g=d.clientX-
c.$signature.position().left;h=d.clientY-
c.$signature.position().top;b.add($(document)).add(c.signatureContexts[B
ookInfo.getBookType()][BookInfo.getCurrentPages()[0]]).add(c.signatureCo
ntexts[BookInfo.getBookType()][BookInfo.getCurrentPages()[1]]).on("mouse
move.signatureMove touchmove.signatureMove",
Client DOM Stored Code Injection\路徑 3:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=6
狀態 新的
方法getLocalStorage:function在PDF/mobile/javascript/main.js第1130
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為cookie元
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第1107行$方法於瀏覽器中執行。這可能為DOM存儲的程式碼注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1130 1108
物件 cookie eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 getLocalStorage:function(b){try{if(window.localStorage)return
window.localStorage.getItem(b);for(var c=document.cookie.split(";
"),d=0;d<c.length;d++){var f=c[d].split("=");if(f[0]==b)return
unescape(f[1])}return""}catch(g){}},addLocalStorage:function(b,c){try{if(windo
w.localStorage)window.localStorage.setItem(b,c);else{var
d=b+"="+escape(c),f=new Date;f.setTime(f.getTime()+864E8);d+=";
expires="+f.toGMTString();document.cookie=d}}catch(g){}},delArrayOrderKey:
function(b,c){if(b)for(var d=0;d<b.length;d++)b[d].key&&
PAGE 37 OF 77
....
1130. getLocalStorage:function(b){try{if(window.localStorage)return
window.localStorage.getItem(b);for(var c=document.cookie.split(";
"),d=0;d<c.length;d++){var f=c[d].split("=");if(f[0]==b)return
unescape(f[1])}return""}catch(g){}},addLocalStorage:function(b,c){try{if
(window.localStorage)window.localStorage.setItem(b,c);else{var
d=b+"="+escape(c),f=new Date;f.setTime(f.getTime()+864E8);d+=";
expires="+f.toGMTString();document.cookie=d}}catch(g){}},delArrayOrderKe
y:function(b,c){if(b)for(var d=0;d<b.length;d++)b[d].key&&
檔案名稱 PDF/mobile/javascript/main.js
方法
$("<div></div>").addClass("flipHTML5Point
flipHTML5ZoomPoint"+d).appendTo(b);c.push(f)}this.westZoom(c[7]);this.north
Zoom(c[1]);this.southZoom(c[5]);this.eastZoom(c[3]);this.westZoom(c[0]).nort
hZoom(c[0]);this.northZoom(c[2]).eastZoom(c[2]);this.westZoom(c[6]).southZo
om(c[6]);this.southZoom(c[4]).eastZoom(c[4]);this.container.add($(document))
.add(BookInfo.container()).on("mousedown.hideToolBar
touchstart.hideToolBar",function(){b.hide()})},getCookieFile:function(){try{var
b=this.getLocalStorage(this.fileName),
....
1108. c=eval(b)}catch(d){}if(c)for(b=0;b<c.length;b++){var
f=c[b];this.fileCookies.push({key:f.key,page:f.page,fileLeft:f.fL,fileTo
p:f.fT,fileWidth:f.fW,fileHeight:f.fH,imgWidth:f.iW,imgHeight:f.iH,src:f
.src});this.imageDatas[f.key]={width:f.iW,height:f.iH}}},addFile:functio
n(b,c){var d=b.src,f=b.imgWidth,g=b.imgHeight,h=b.key,k=$("<div
class='flipHTML5AddFile' style='position: absolute;cursor:
move;'></div>").css({width:b.fileWidth,height:b.fileHeight,left:b.fileLe
ft,top:b.fileTop}).attr("data-key",h).append($("<input type='file'
class='TextFile' style='position: absolute;left: 0px;top: 0px;width:
100%;height: 100%;cursor: move;z-index:
2;'/>").css({opacity:0})).appendTo(c);
Client DOM Stored Code Injection\路徑 4:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=7
新的
方法c+"]"}},delArrayOrderKey:function在PDF/mobile/javascript/main.js第729
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為getItem元
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第690行uiBaseURL;this.noteButtonIsShow=!0;this.createNote方法於瀏覽器中
執行。這可能為DOM存儲的程式碼注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 729 694
物件 getItem eval
代碼片斷
PAGE 38 OF 77
檔案名稱 PDF/mobile/javascript/main.js
方法
c.length-1);return c+"]"}},delArrayOrderKey:function(b,c){if(b)for(var
d=0;d<b.length;d++)b[d].key&&b[d].key==c&&b.remove(d)},updateArrayOrder
Key:function(b,c,d){if(b)for(var
f=0;f<b.length;f++)b[f].key&&b[f].key==c&&$.extend(b[f],d)},downJSonArrByK
ey:function(b,c){b.sort(function(b,f){return
parseInt(b[c])>parseInt(f[c])?1:parseInt(b[c])==parseInt(f[c])?0:-
1})},isArray:function(b){return"[object
Array]"==Object.prototype.toString.call(b)},getLocalStorage:function(b){try{if(w
indow.localStorage)return window.localStorage.getItem(b);
....
729. c.length-1);return
c+"]"}},delArrayOrderKey:function(b,c){if(b)for(var
d=0;d<b.length;d++)b[d].key&&b[d].key==c&&b.remove(d)},updateArrayOrderK
ey:function(b,c,d){if(b)for(var
f=0;f<b.length;f++)b[f].key&&b[f].key==c&&$.extend(b[f],d)},downJSonArrB
yKey:function(b,c){b.sort(function(b,f){return
parseInt(b[c])>parseInt(f[c])?1:parseInt(b[c])==parseInt(f[c])?0:-
1})},isArray:function(b){return"[object
Array]"==Object.prototype.toString.call(b)},getLocalStorage:function(b){
try{if(window.localStorage)return window.localStorage.getItem(b);
檔案名稱 PDF/mobile/javascript/main.js
方法
uiBaseURL;this.noteButtonIsShow=!0;this.createNote(b);this.bindEvents()},creat
eNote:function(b){var c=this;this.note=$("<div class='noteCookie-
note'></div>").css({left:"40%"}).appendTo(b).hide();this.noteTitle=$("<div
class='noteCookie-noteTitle'></div>").append($("<span class='noteCookie-
noteTitle-
text'></span>").html("Notes")).appendTo(this.note);this.noteTitleShowBtn=$("
<div class='noteCookie-noteTitle-
showBtn'></div>").css({right:32}).attr("title","Minimize").append($("<img
style='margin-left: 3px;margin-top: 3px;'/>").attr("src",
....
694.
d.append(f).append(g);this.noteLists.append(d);this.noteTable=$("<div
class='noteCookie-
noteTable'></div>").css({maxHeight:188}).appendTo(this.noteLists);this.n
oteTableInner=$("<div class='noteCookie-noteTable-
inner'></div>").appendTo(this.noteTable);isTouch||this.note.transition3D
();this.createScrollBar(this.noteTable);try{var
h=this.getLocalStorage(this.cookieName),k=eval(h);if(k)for(this.downJSon
ArrByKey(k,"page"),h=0;h<k.length;h++)this.addListData($.extend(k[h],{fi
rstDown:!0}))}catch(l){}for(h=
Client DOM Stored Code Injection\路徑 5:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=8
狀態 新的
方法n=m.getContext在PDF/mobile/javascript/main.js第808
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為getItem元
PAGE 39 OF 77
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第744行k.on方法於瀏覽器中執行。這可能為DOM存儲的程式碼注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 808 746
物件 getItem eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 left:0,top:-16});var
n=m.getContext("2d"),p=f.data.concat(),q=p.pop();this.draw(m,n,p,q.color,1);m
=this.trimCanvas(m);n=this.parseData({left:g,top:h,width:m.width,height:m.hei
ght},c[0].offsetWidth,c[0].offsetHeight)}this.oldData[k]=$.extend({},m,{width:
n.width,height:n.height});m=$.extend({},m,{width:f.width,height:f.height});thi
s.createSignatureImg(c,m,f.page,g,h,k,l)}}},getLocalStorage:function(b){try{if(
window.localStorage)return window.localStorage.getItem(b);for(var
c=document.cookie.split("; "),
....
808. left:0,top:-16});var
n=m.getContext("2d"),p=f.data.concat(),q=p.pop();this.draw(m,n,p,q.color
,1);m=this.trimCanvas(m);n=this.parseData({left:g,top:h,width:m.width,he
ight:m.height},c[0].offsetWidth,c[0].offsetHeight)}this.oldData[k]=$.ext
end({},m,{width:n.width,height:n.height});m=$.extend({},m,{width:f.width
,height:f.height});this.createSignatureImg(c,m,f.page,g,h,k,l)}}},getLoc
alStorage:function(b){try{if(window.localStorage)return
window.localStorage.getItem(b);for(var c=document.cookie.split("; "),
檔案名稱 PDF/mobile/javascript/main.js
方法
k.on("click touchend",function(){var b=c.currentObj.attr("data-
key");c.showTimeFalg[b]?(c.currentObj.find(".flipHTML5Signature-
eachDate").hide(),c.showTimeFalg[b]=!1):(c.reviseDateTag(),c.currentObj.find(".
flipHTML5Signature-
eachDate").show(),c.showTimeFalg[b]=!0)});d.on("mousedown
touchstart",function(b){b.preventDefault();b.stopPropagation();return!1});this.c
ontainer.add($(document)).add(BookInfo.container()).on("mousedown.hideToolB
ar touchstart.hideToolBar",function(){d.hide()});return
d},createSignature:function(b){var c=
....
746. "signature_close.png")).appendTo(this.$signatureTitle);try{var
d=this.getLocalStorage(this.signatureName);this.signatureCookies=d&&"und
efined"!=d?eval(d):[]}catch(f){}var
g,h;this.$signatureTitle.on("mousedown
touchstart",function(d){d.preventDefault();d.stopPropagation();d=d.origi
nalEvent.touches?d.originalEvent.touches[0]:d;g=d.clientX-
c.$signature.position().left;h=d.clientY-
c.$signature.position().top;b.add($(document)).add(c.signatureContexts[B
ookInfo.getBookType()][BookInfo.getCurrentPages()[0]]).add(c.signatureCo
ntexts[BookInfo.getBookType()][BookInfo.getCurrentPages()[1]]).on("mouse
move.signatureMove touchmove.signatureMove",
PAGE 40 OF 77
Client DOM Stored Code Injection\路徑 6:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=9
狀態 新的
方法this.bookPageCount&&!this.exists在PDF/mobile/javascript/main.js第1018
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為getItem元
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第23行c.length&&c.pop方法於瀏覽器中執行。這可能為DOM存儲的程式碼
注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1018 23
物件 getItem eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 this.bookPageCount&&!this.exists(b)},getUserDataFromLocal:function(){var
b=window.location.href.replace(window.location.hash,"")+"BookMark";try{if(win
dow.localStorage&&window.localStorage[b])return
window.localStorage.getItem(b)}catch(c){}},sort:function(){this.bookmarks=thi
s.bookmarks.sort(function(b,c){return parseInt(b.pageIndex)-
parseInt(c.pageIndex)})},count:function(){return
this.bookmarks.length},item:function(b){return
this.bookmarks[b]},exists:function(b){for(var
c=0;c<this.count();c++)if(this.item(c).pageIndex==
....
1018.
this.bookPageCount&&!this.exists(b)},getUserDataFromLocal:function(){var
b=window.location.href.replace(window.location.hash,"")+"BookMark";try{i
f(window.localStorage&&window.localStorage[b])return
window.localStorage.getItem(b)}catch(c){}},sort:function(){this.bookmark
s=this.bookmarks.sort(function(b,c){return parseInt(b.pageIndex)-
parseInt(c.pageIndex)})},count:function(){return
this.bookmarks.length},item:function(b){return
this.bookmarks[b]},exists:function(b){for(var
c=0;c<this.count();c++)if(this.item(c).pageIndex==
檔案名稱 PDF/mobile/javascript/main.js
方法
c.length&&c.pop();c.push("}");return c.join("")}},parse:function(b,c){return
b&&"undefined"!=b&&"null"!=b&&""!=b?eval("("+b+")"):c}};Object.create=Obje
ct.create||function(){function b(){}return
function(c){if(1!=arguments.length)throw Error("Object.create implementation
only accepts one parameter.");b.prototype=c;return new b}}();
PAGE 41 OF 77
....
23. c.length&&c.pop();c.push("}");return
c.join("")}},parse:function(b,c){return
b&&"undefined"!=b&&"null"!=b&&""!=b?eval("("+b+")"):c}};Object.create=Ob
ject.create||function(){function b(){}return
function(c){if(1!=arguments.length)throw Error("Object.create
implementation only accepts one parameter.");b.prototype=c;return new
b}}();
Client DOM Stored Code Injection\路徑 7:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=10
新的
方法getLocalStorage:function在PDF/mobile/javascript/main.js第1130
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為getItem元
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第1107行$方法於瀏覽器中執行。這可能為DOM存儲的程式碼注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1130 1108
物件 getItem eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 getLocalStorage:function(b){try{if(window.localStorage)return
window.localStorage.getItem(b);for(var c=document.cookie.split(";
"),d=0;d<c.length;d++){var f=c[d].split("=");if(f[0]==b)return
unescape(f[1])}return""}catch(g){}},addLocalStorage:function(b,c){try{if(windo
w.localStorage)window.localStorage.setItem(b,c);else{var
d=b+"="+escape(c),f=new Date;f.setTime(f.getTime()+864E8);d+=";
expires="+f.toGMTString();document.cookie=d}}catch(g){}},delArrayOrderKey:
function(b,c){if(b)for(var d=0;d<b.length;d++)b[d].key&&
....
1130. getLocalStorage:function(b){try{if(window.localStorage)return
window.localStorage.getItem(b);for(var c=document.cookie.split(";
"),d=0;d<c.length;d++){var f=c[d].split("=");if(f[0]==b)return
unescape(f[1])}return""}catch(g){}},addLocalStorage:function(b,c){try{if
(window.localStorage)window.localStorage.setItem(b,c);else{var
d=b+"="+escape(c),f=new Date;f.setTime(f.getTime()+864E8);d+=";
expires="+f.toGMTString();document.cookie=d}}catch(g){}},delArrayOrderKe
y:function(b,c){if(b)for(var d=0;d<b.length;d++)b[d].key&&
檔案名稱 PDF/mobile/javascript/main.js
PAGE 42 OF 77
方法 $("<div></div>").addClass("flipHTML5Point
flipHTML5ZoomPoint"+d).appendTo(b);c.push(f)}this.westZoom(c[7]);this.north
Zoom(c[1]);this.southZoom(c[5]);this.eastZoom(c[3]);this.westZoom(c[0]).nort
hZoom(c[0]);this.northZoom(c[2]).eastZoom(c[2]);this.westZoom(c[6]).southZo
om(c[6]);this.southZoom(c[4]).eastZoom(c[4]);this.container.add($(document))
.add(BookInfo.container()).on("mousedown.hideToolBar
touchstart.hideToolBar",function(){b.hide()})},getCookieFile:function(){try{var
b=this.getLocalStorage(this.fileName),
....
1108. c=eval(b)}catch(d){}if(c)for(b=0;b<c.length;b++){var
f=c[b];this.fileCookies.push({key:f.key,page:f.page,fileLeft:f.fL,fileTo
p:f.fT,fileWidth:f.fW,fileHeight:f.fH,imgWidth:f.iW,imgHeight:f.iH,src:f
.src});this.imageDatas[f.key]={width:f.iW,height:f.iH}}},addFile:functio
n(b,c){var d=b.src,f=b.imgWidth,g=b.imgHeight,h=b.key,k=$("<div
class='flipHTML5AddFile' style='position: absolute;cursor:
move;'></div>").css({width:b.fileWidth,height:b.fileHeight,left:b.fileLe
ft,top:b.fileTop}).attr("data-key",h).append($("<input type='file'
class='TextFile' style='position: absolute;left: 0px;top: 0px;width:
100%;height: 100%;cursor: move;z-index:
2;'/>").css({opacity:0})).appendTo(c);
Client DOM Stored Code Injection\路徑 8:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=11
狀態 新的
方法ShoppingCartUtil={setProductsToStorage:function在PDF/mobile/javascript/main.js第2151
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為getItem元
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第23行c.length&&c.pop方法於瀏覽器中執行。這可能為DOM存儲的程式碼
注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 2151 23
物件 getItem eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 var
ShoppingCartUtil={setProductsToStorage:function(b){try{if(window.localStorage
){var
c=Instance.JSON(b);window.localStorage.setItem("shopping_cart_products",c)}}
catch(d){}},getProductsFromStorage:function(){try{if(!window.localStorage)retu
rn[];var b=window.localStorage.getItem("shopping_cart_products");return
Instance.parse(b,[])}catch(c){return[]}},removeProduct:function(b){for(var
c=this.getProductsFromStorage(),d=0;d<c.length;d++)if(c[d].title==b.title){c.re
move(d);break}this.setProductsToStorage(c)},
PAGE 43 OF 77
....
2151. var
ShoppingCartUtil={setProductsToStorage:function(b){try{if(window.localSt
orage){var
c=Instance.JSON(b);window.localStorage.setItem("shopping_cart_products",
c)}}catch(d){}},getProductsFromStorage:function(){try{if(!window.localSt
orage)return[];var
b=window.localStorage.getItem("shopping_cart_products");return
Instance.parse(b,[])}catch(c){return[]}},removeProduct:function(b){for(v
ar
c=this.getProductsFromStorage(),d=0;d<c.length;d++)if(c[d].title==b.titl
e){c.remove(d);break}this.setProductsToStorage(c)},
檔案名稱 PDF/mobile/javascript/main.js
方法
c.length&&c.pop();c.push("}");return c.join("")}},parse:function(b,c){return
b&&"undefined"!=b&&"null"!=b&&""!=b?eval("("+b+")"):c}};Object.create=Obje
ct.create||function(){function b(){}return
function(c){if(1!=arguments.length)throw Error("Object.create implementation
only accepts one parameter.");b.prototype=c;return new b}}();
....
23. c.length&&c.pop();c.push("}");return
c.join("")}},parse:function(b,c){return
b&&"undefined"!=b&&"null"!=b&&""!=b?eval("("+b+")"):c}};Object.create=Ob
ject.create||function(){function b(){}return
function(c){if(1!=arguments.length)throw Error("Object.create
implementation only accepts one parameter.");b.prototype=c;return new
b}}();
Client DOM Stored Code Injection\路徑 9:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=12
狀態 新的
方法break}this.bookmarkDetaildList=b;this.refreshLocalStorage在PDF/mobile/javascript/main.js第886
行會從使用者端取得暫存資訊(Cache),如Cookie、HTML5的LocalStorage,或本地資料庫,做為getItem元
素的值。而程式流程中沒有被正確地過濾(Filter)或編碼(Encode),並最終在客戶端程式碼(JavaScript)在P
DF/mobile/javascript/main.js第23行c.length&&c.pop方法於瀏覽器中執行。這可能為DOM存儲的程式碼
注入(DOM
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 886 23
物件 getItem eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
PAGE 44 OF 77
方法 break}this.bookmarkDetaildList=b;this.refreshLocalStorage()},getLocalStorage:f
unction(b){try{if(window.localStorage[b])return
window.localStorage.getItem(b)}catch(c){}},refreshLocalStorage:function(){try{
window.localStorage&&window.localStorage.setItem(this.key,Instance.JSON(this.
bookmarkDetaildList))}catch(b){}},deleteLocalStorage:function(b){try{window.l
ocalStorage[b]&&window.localStorage.setItem(b,"")}catch(c){}}}),BookmarkList
Data=Class({create:function(){this.initStaticList();this.initBookmarkList()},
....
886.
break}this.bookmarkDetaildList=b;this.refreshLocalStorage()},getLocalSto
rage:function(b){try{if(window.localStorage[b])return
window.localStorage.getItem(b)}catch(c){}},refreshLocalStorage:function(
){try{window.localStorage&&window.localStorage.setItem(this.key,Instance
.JSON(this.bookmarkDetaildList))}catch(b){}},deleteLocalStorage:function
(b){try{window.localStorage[b]&&window.localStorage.setItem(b,"")}catch(
c){}}}),BookmarkListData=Class({create:function(){this.initStaticList();
this.initBookmarkList()},
檔案名稱 PDF/mobile/javascript/main.js
方法
c.length&&c.pop();c.push("}");return c.join("")}},parse:function(b,c){return
b&&"undefined"!=b&&"null"!=b&&""!=b?eval("("+b+")"):c}};Object.create=Obje
ct.create||function(){function b(){}return
function(c){if(1!=arguments.length)throw Error("Object.create implementation
only accepts one parameter.");b.prototype=c;return new b}}();
....
23. c.length&&c.pop();c.push("}");return
c.join("")}},parse:function(b,c){return
b&&"undefined"!=b&&"null"!=b&&""!=b?eval("("+b+")"):c}};Object.create=Ob
ject.create||function(){function b(){}return
function(c){if(1!=arguments.length)throw Error("Object.create
implementation only accepts one parameter.");b.prototype=c;return new
b}}();
Client DOM Code Injection
查詢路徑:
JavaScript\Cx\JavaScript High Risk\Client DOM Code Injection 版本:1
類別
PCI DSS v3.2: PCI DSS (3.2) - 6.5.1 - Injection flaws - particularly SQL injection
OWASP Top 10 2013: A1-Injection
FISMA 2014: Configuration Management
NIST SP 800-53: SI-10 Information Input Validation (P1)
OWASP Top 10 2017: A1-Injection
描述
Client DOM Code Injection\路徑 1:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=1
狀態 新的
PAGE 45 OF 77
檔案 來源 目的地
行 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
物件 1018 23
replace eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 this.bookPageCount&&!this.exists(b)},getUserDataFromLocal:function(){var
b=window.location.href.replace(window.location.hash,"")+"BookMark";try{if(win
dow.localStorage&&window.localStorage[b])return
window.localStorage.getItem(b)}catch(c){}},sort:function(){this.bookmarks=thi
s.bookmarks.sort(function(b,c){return parseInt(b.pageIndex)-
parseInt(c.pageIndex)})},count:function(){return
this.bookmarks.length},item:function(b){return
this.bookmarks[b]},exists:function(b){for(var
c=0;c<this.count();c++)if(this.item(c).pageIndex==
....
1018.
this.bookPageCount&&!this.exists(b)},getUserDataFromLocal:function(){var
b=window.location.href.replace(window.location.hash,"")+"BookMark";try{i
f(window.localStorage&&window.localStorage[b])return
window.localStorage.getItem(b)}catch(c){}},sort:function(){this.bookmark
s=this.bookmarks.sort(function(b,c){return parseInt(b.pageIndex)-
parseInt(c.pageIndex)})},count:function(){return
this.bookmarks.length},item:function(b){return
this.bookmarks[b]},exists:function(b){for(var
c=0;c<this.count();c++)if(this.item(c).pageIndex==
檔案名稱 PDF/mobile/javascript/main.js
方法
c.length&&c.pop();c.push("}");return c.join("")}},parse:function(b,c){return
b&&"undefined"!=b&&"null"!=b&&""!=b?eval("("+b+")"):c}};Object.create=Obje
ct.create||function(){function b(){}return
function(c){if(1!=arguments.length)throw Error("Object.create implementation
only accepts one parameter.");b.prototype=c;return new b}}();
....
23. c.length&&c.pop();c.push("}");return
c.join("")}},parse:function(b,c){return
b&&"undefined"!=b&&"null"!=b&&""!=b?eval("("+b+")"):c}};Object.create=Ob
ject.create||function(){function b(){}return
function(c){if(1!=arguments.length)throw Error("Object.create
implementation only accepts one parameter.");b.prototype=c;return new
b}}();
Client DOM Code Injection\路徑 2:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=2
狀態 新的
PAGE 46 OF 77
檔案 來源 目的地
行 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
物件 689 694
replace eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 (b=[]);b[c]||(b[c]={});h=b[c];h[d]=f;b=JSON.stringify(b);window.localStorage.
setItem(g,b)}}),NoteCookie=Class({statics:{noteCookie:function(b){void
0==this._noteCookie&&(this._noteCookie=new NoteCookie(b));return
this._noteCookie}},create:function(b){this.noteImgs={};this.rowObjs={};this.n
oteTexts={};this.svgObjs={};this.notes=[];this.cookieName=window.location.hr
ef.replace(window.location.hash,"")+"NoteCookie";this.rows=[];this.noteImgCont
ainers={};this.showFlag=!1;this.container=b;this.address=
....
689.
(b=[]);b[c]||(b[c]={});h=b[c];h[d]=f;b=JSON.stringify(b);window.localSto
rage.setItem(g,b)}}),NoteCookie=Class({statics:{noteCookie:function(b){v
oid 0==this._noteCookie&&(this._noteCookie=new NoteCookie(b));return
this._noteCookie}},create:function(b){this.noteImgs={};this.rowObjs={};t
his.noteTexts={};this.svgObjs={};this.notes=[];this.cookieName=window.lo
cation.href.replace(window.location.hash,"")+"NoteCookie";this.rows=[];t
his.noteImgContainers={};this.showFlag=!1;this.container=b;this.address=
檔案名稱 PDF/mobile/javascript/main.js
方法
uiBaseURL;this.noteButtonIsShow=!0;this.createNote(b);this.bindEvents()},creat
eNote:function(b){var c=this;this.note=$("<div class='noteCookie-
note'></div>").css({left:"40%"}).appendTo(b).hide();this.noteTitle=$("<div
class='noteCookie-noteTitle'></div>").append($("<span class='noteCookie-
noteTitle-
text'></span>").html("Notes")).appendTo(this.note);this.noteTitleShowBtn=$("
<div class='noteCookie-noteTitle-
showBtn'></div>").css({right:32}).attr("title","Minimize").append($("<img
style='margin-left: 3px;margin-top: 3px;'/>").attr("src",
....
694.
d.append(f).append(g);this.noteLists.append(d);this.noteTable=$("<div
class='noteCookie-
noteTable'></div>").css({maxHeight:188}).appendTo(this.noteLists);this.n
oteTableInner=$("<div class='noteCookie-noteTable-
inner'></div>").appendTo(this.noteTable);isTouch||this.note.transition3D
();this.createScrollBar(this.noteTable);try{var
h=this.getLocalStorage(this.cookieName),k=eval(h);if(k)for(this.downJSon
ArrByKey(k,"page"),h=0;h<k.length;h++)this.addListData($.extend(k[h],{fi
rstDown:!0}))}catch(l){}for(h=
Client DOM Code Injection\路徑 3:
嚴重程度: 高風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
PAGE 47 OF 77
狀態 =77&pathid=3
新的
檔案 來源 目的地
行 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
物件 738 746
replace eval
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 new Signature(b));return
this._signature}},create:function(b){this.container=b;this.address=uiBaseURL;th
is.disableCss={boxShadow:"rgba(0, 0, 0, 0.6) 0px 1px 4px
inset",backgroundColor:"#cccccc",textShadow:"0 1px 1px white",color:"rgb(165,
148, 148)",cursor:"default"};this.normalCss={boxShadow:"inset 0px 1px 0px
rgba(255, 255, 255, 0.5), 0px 1px 2px rgba(0, 0, 0,
0.2)",backgroundColor:"#E4E4E4",color:"#464343",textShadow:"",cursor:"pointe
r"};this.overCss={};this.downCss={backgroundColor:"#E4E4E4",
....
738.
this.clearAllFalg=this.hasDrawFlag=this.showFlag=this.hasAndChangeText=!
1;this.drawOldData=this.currentDrawDel=this.currentDrawEdit=this.current
DrawSave=this.currentWriteDel=this.currentWriteEdit=this.currentWriteSav
e=null;this.drawOldPoints=[];this.savePoints=[];this.saveText=null;this.
signatureName=window.location.href.replace(window.location.hash,"")+"Sig
nature";this.signatureCookies=[];this.currentObj=null;this.signatureCont
exts={};try{this.createSignature(b)}catch(c){}this.toolBar=this.createTo
olBar(b)},
檔案名稱 PDF/mobile/javascript/main.js
方法
k.on("click touchend",function(){var b=c.currentObj.attr("data-
key");c.showTimeFalg[b]?(c.currentObj.find(".flipHTML5Signature-
eachDate").hide(),c.showTimeFalg[b]=!1):(c.reviseDateTag(),c.currentObj.find(".
flipHTML5Signature-
eachDate").show(),c.showTimeFalg[b]=!0)});d.on("mousedown
touchstart",function(b){b.preventDefault();b.stopPropagation();return!1});this.c
ontainer.add($(document)).add(BookInfo.container()).on("mousedown.hideToolB
ar touchstart.hideToolBar",function(){d.hide()});return
d},createSignature:function(b){var c=
....
746. "signature_close.png")).appendTo(this.$signatureTitle);try{var
d=this.getLocalStorage(this.signatureName);this.signatureCookies=d&&"und
efined"!=d?eval(d):[]}catch(f){}var
g,h;this.$signatureTitle.on("mousedown
touchstart",function(d){d.preventDefault();d.stopPropagation();d=d.origi
nalEvent.touches?d.originalEvent.touches[0]:d;g=d.clientX-
c.$signature.position().left;h=d.clientY-
c.$signature.position().top;b.add($(document)).add(c.signatureContexts[B
ookInfo.getBookType()][BookInfo.getCurrentPages()[0]]).add(c.signatureCo
ntexts[BookInfo.getBookType()][BookInfo.getCurrentPages()[1]]).on("mouse
move.signatureMove touchmove.signatureMove",
PAGE 48 OF 77
Client Potential XSS
查詢路徑:
JavaScript\Cx\JavaScript Medium Threat\Client Potential XSS 版本:1
類別
PCI DSS v3.2: PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS)
OWASP Top 10 2013: A3-Cross-Site Scripting (XSS)
FISMA 2014: Access Control
NIST SP 800-53: SI-15 Information Output Filtering (P0)
OWASP Top 10 2017: A7-Cross-Site Scripting (XSS)
描述
Client Potential XSS\路徑 1:
嚴重程度: 中風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=37
狀態 新的
方法Class在PDF/mobile/javascript/main.js第1397
行獲取使用者輸入的text元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,並最終顯示
於使用者端方法DisplayDetails()在PDF/mobile/javascript/main.js的1397行。這可能為跨站腳本(Cross-Site-
Scripting)攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1400 1400
物件 text append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 Class("Text",{Package:"PageItem",create:function(b,c,d,f,g){this._super(b,c,d,f);
this.animateConfig();this.color=this.config.color?Color(this.config.color):Color("#
000000");this.originWidth=this.config.pageW;this.originHeight=this.config.pageH
;this.id="text"+g;this.initText();this.initEvents();this.initLinkHint(this.text);parse
Bool(this.config.reflection)&&this.imageReflection(this.textdiv);this.onResize(this.
pageWidth,this.pageHeight)},initText:function(){var b=new
TextFormatAnalyzer(this.config.textStr);
....
1400.
this.addShadow(this.text);this.textdiv.append(this.text);this.container.
append(this.textdiv);this.parent.append(this.container);this.trimingFont
Size(this.height)},trimingFontSize:function(b){function
c(b,c){if(b.css){var d=b.css(c);d&&(d=parseInt(d.replace("px","")),d--
,b.css(c,d+"px"))}}function
d(b){if((b=b.children())&&0!=b.length)for(var g=0;g<b.length;g++){var
h=$(b[g]);h.is("span")&&(c(h,"font-size"),c(h,"line-
height"));d(h)}}for(;this.text.height()>b&&$.system.name!=$.system.IOS&&
!($.browser.chrome&&
Client Potential XSS\路徑 2:
PAGE 49 OF 77
嚴重程度: 中風險
結果狀態: 校驗
線上結果
http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
狀態 =77&pathid=38
新的
方法Class在PDF/mobile/javascript/main.js第1656
行獲取使用者輸入的text元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,並最終顯示
於使用者端方法DisplayDetails()在PDF/mobile/javascript/main.js的1656行。這可能為跨站腳本(Cross-Site-
Scripting)攻擊。
來源 目的地
檔案 PDF/mobile/javascript/main.js PDF/mobile/javascript/main.js
行 1657 1657
物件 text append
代碼片斷 PDF/mobile/javascript/main.js
檔案名稱
方法 Class("Callout",{Package:"PageItem",create:function(b,c,d,f){this._super(b,c,d,f)
;this.getDefault(d,f);this.getCanvasDefault();this.animateConfig();this.container
=$("<div class='callout'></div>");this.callout=$("<canvas
width="+this.canvasWidth+"
height="+this.canvasHeight+"></canvas>");this.textBox=$("<div></div>");thi
s.config.textStr||(this.config.textStr=this.config.formats.defaultFormat.htmlText)
;this.text=(new
TextFormatAnalyzer(this.config.textStr)).getHTML();this.context=this.callout[0].g
etContext("2d");
....
1657.
this.fillStyle=this.fillColor();this.initCss(d,f);this.textBox.css({"poi
nter-events":"none"});this.config.action||this.container.css({"pointer-
events":"none"});switch(this.config.bubbleType){case
"1":this.drawRoundRect();break;case
"2":this.drawRoundBubble();break;case
"3":this.drawCloudBubble()}this.textBox.append(this.text);this.container
.append(this.callout,this.textBox);this.parent.append(this.container);th
is.setRotation(this.callout,this.config.location.rotation);this.setRotat
ion(this.text,this.config.location.rotation);
Client Potential XSS\路徑 3:
嚴重程度: 中風險
結果狀態: 校驗
線上結果 http://CHECKMARX/CxWebClient/ViewerMain.aspx?scanid=1000150&projectid
=77&pathid=39
狀態 新的
方法Class在PDF/mobile/javascript/main.js第2379
行獲取使用者輸入的text元素。該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證,並最終顯示
於使用者端方法DisplayDetails()在PDF/mobile/javascript/main.js的2379行。這可能為跨站腳本(Cross-Site-
Scripting)攻擊。
來源 目的地
PAGE 50 OF 77
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
checkmarxReport
Discover the best professional documents and content resources in AnyFlip Document Base.
Search