Closed
Bug 953088
Opened 11 years ago
Closed 2 years ago
xss due to swfupload
Categories
(Websites :: Other, defect)
Websites
Other
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: curtisk, Unassigned)
Details
(Keywords: sec-low, wsec-xss, Whiteboard: [site: livingdocs.org][reporter-external])
Attachments
(1 file)
|
128.97 KB,
image/png
|
Details |
Screen Shot
Received: by 10.60.93.225 with HTTP; Tue, 24 Dec 2013 05:07:15 -0800 (PST) Date: Tue, 24 Dec 2013 14:07:15 +0100 Subject: A Possible XSS Vulnerability From: Edis Konstantini <ediskonstantini@gmail.com> To: Mozilla Security <Security@mozilla.org> -----//----- Hi Guys, I found a Flash-XSS (SWF) in livingdocs.org , as i stated in my previous Report, livingdocs.org use old version of wordpress plugin, so it's full of XSS vulnerabilities. Here's another one: http://livingdocs.org/wp-includes/js/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);// the wp-includes/js/swfupload/swfupload.swf is outdated, here was a vulnerable parameter movieName= It was accepting any inputs for XSS attacks. I tried this: movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);// and Javascript Got Executed. Here's Full XSS Link:http://livingdocs.org/wp-includes/js/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);// In order to fix this, you should update both the Swfupload and Plpupload to block these XSS'es here's a screenshot too:<image.png> I hope this is valid Best Regards, Edis Konstantini
Flags: sec-bounty?
|
Reporter | |
Comment 1•10 years ago
|
||
livingdocs.org is now 404 on all these urls, I think the site has been taken down
|
||
Comment 2•10 years ago
|
||
Hi Curtis, Yes I just checked now, the site is totally down.A little shocked, they could've upgrade to newer version and there would be no XSS alerts... They should've not taken site down.. However Thank you again Curtis :)
|
|
Reporter | |
Comment 3•10 years ago
|
||
(In reply to ediskonstantini from comment #2) > Hi Curtis, > Yes I just checked now, the site is totally down.A little shocked, they > could've upgrade to newer version and there would be no XSS alerts... They > should've not taken site down.. However Thank you again Curtis :) I think the site was no longer needed / end of life anyway, so upgrading may not have made sense in this case.
|
|
||
Comment 4•10 years ago
|
||
Hi, Okay Curtis Got it. So you mean this is not eligible neither valid right?.
|
|
Reporter | |
Comment 5•10 years ago
|
||
the bug is still marked for the committee to consider, but I doubt it will qualify now
|
|
Reporter | |
Comment 6•10 years ago
|
||
the site is no longer live
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
|
|
||
Comment 7•10 years ago
|
||
Okay Curtis, I hope at last one of three bugs will qualify for Reward... I will be waiting for reply of committee..
|
||
Comment 8•10 years ago
|
||
This site was not part of the bounty program, and has been retired now as well. Not eligible for a bounty
Flags: sec-bounty? → sec-bounty-
|
|
Reporter | |
Comment 9•10 years ago
|
||
this site is live again and the this bug is present, is this site going to be taken down permanently or are we going to make an attempt to fix this? Given the content on this site and other factors I think this is sec-low which still makes it ineligible for a bounty
|
|
||
Comment 10•10 years ago
|
||
Hi, Yes Curtis. I was randomly checking my submissions and saw that it was still alive. That's why I notified you.. since Daniel put Sec-Bounty - I do not think he's gonna make it +. so np at all :). Thanks again.
|
||
Updated•8 years ago
|
Group: websites-security
|
|
||
Comment 12•2 years ago
|
||
Flash is no longer supported
Status: REOPENED → RESOLVED
Closed: 10 years ago → 2 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•