OkCupid: Rosetta flash vulnerability in clientstats AJAX script

2014-11-29T07:05:40
ID H1:37786
Type hackerone
Reporter bitquark
Modified 2015-02-20T19:34:57

Description

An ajax script on the main okcupid.com domain allows an attacker to set an arbitrary callback function name, allowing exploitation of the Rosetta Flash vulnerability to steal any data from the victim's account. Note that the vulnerability exploits an issue with Flash which was fixed in 14.0.0.176, however many users have yet to update.

The vulnerable script can be found at: https://www.okcupid.com/apitun/clientstats?callback=hello_from_bitquark