Today I found that 360 sent me an email and found that the website: Use a vulnerable JQuery version . Hackers can use this vulnerability to invade your website. This article will share with you the solution to 360 Tips [High Risk] using a vulnerable version of JQuery.
Then I went to 360 Detection to check the solution
![360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?](https://img.php.cn/upload/article/000/054/025/31b3832e157a1c358d190ffbc1fb9578-0.png "360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?")
But I felt it was of no use, and the solution of option 2 requires adding a group,
![360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?](https://img.php.cn/upload/article/000/054/025/37c513452365bca904d086bea541f1bf-1.png "360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?")
The blogger feels that whether this is a trap by 360 depends on whether you jump or not.
The blogger has released 2 solutions here, both of which can be solved.
The first type: This can only be hidden from 360, but the loophole still exists, that is
![360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?](https://img.php.cn/upload/article/000/054/025/37c513452365bca904d086bea541f1bf-2.png "360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?")
The version that deletes JQ No., 360 is not that smart yet, and can only query the version number through annotation information, and cannot scan the JQ content to determine the JQ version number.
The second type: It can also be solved with the latest version of JQ. The blogger here recommends using the second type, which can solve the JQ vulnerability.
JQ latest version download address: http://www.jb51.net/zt/jquerydown.htm
Note the version selection: jquery-2.1.4 ( Note: jquery-2.0 or above no longer supports IE 6/7/8)
We are using 1.10.2, then you can choose version 1.11, if your website uses jquery Some special functions require attention, and the code may need to be modified.
![360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?](https://img.php.cn/upload/article/000/054/025/37c513452365bca904d086bea541f1bf-3.png "360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?")
#You can look at the time, which shows that the second problem can be solved.
According to the tips from netizens, using JQ3.2.1 (currently the latest version) still cannot solve the problem.
On the contrary, when using JQ3.1.1, there is no prompt that there is a vulnerability. I don’t know if it is due to 360 or JQ. Anyway, the blogger is speechless here.
If you don’t have JQ3.1.1, you can use the JQ version of this site, which can solve the 360 vulnerability.
Related recommendations:
Summary of common vulnerabilities in JavaScript and introduction to automated detection technology
A brief discussion of session deserialization in PHP Vulnerability issues
How to attack common vulnerabilities in PHP programs
The above is the detailed content of 360 Tips [High Risk] What should I do if I use a vulnerable version of JQuery?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
