Mail.ru: rs.mail.ru - Flash Based XSS

2014-04-21T08:39:12
ID H1:8375
Type hackerone
Reporter quistertow
Modified 2014-08-07T16:07:28

Description

Hi, I found a flash based XSS in rs.mail.ru. Vulnerable link: http://rs.mail.ru/b27161485.swf?link1=javascript:alert(document.domain) Just click on the page and you will see the alert. Tested on Mozilla Firefox Regards, Florin