If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Status

Websites
Other
REOPENED
4 years ago
6 months ago

People

(Reporter: curtisk, Unassigned)

Tracking

({sec-low, wsec-xss})

unspecified
sec-low, wsec-xss
Bug Flags:
sec-bounty -

Details

(Whiteboard: [site: livingdocs.org][reporter-external])

Attachments

(1 attachment)

Created attachment 8351419 [details]
Screen Shot

Received: by 10.60.93.225 with HTTP; Tue, 24 Dec 2013 05:07:15 -0800 (PST)
Date: Tue, 24 Dec 2013 14:07:15 +0100
Subject: A Possible XSS Vulnerability
From: Edis Konstantini <ediskonstantini@gmail.com>
To: Mozilla Security <Security@mozilla.org>
-----//-----
Hi Guys,
I found a  Flash-XSS (SWF) in livingdocs.org , as i stated in my previous Report, livingdocs.org use old version of wordpress plugin, so it's full of XSS vulnerabilities.
Here's another one:
http://livingdocs.org/wp-includes/js/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
the wp-includes/js/swfupload/swfupload.swf is outdated, here was a vulnerable parameter movieName= It was accepting any inputs for XSS attacks.
I tried this: movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);// and Javascript Got Executed. 
Here's Full XSS Link:http://livingdocs.org/wp-includes/js/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
In order to fix this, you should update both the Swfupload and Plpupload to block these XSS'es
here's a screenshot too:<image.png>
I hope this is valid

Best Regards,
Edis Konstantini
Flags: sec-bounty?
livingdocs.org is now 404 on all these urls, I think the site has been taken down

Comment 2

4 years ago
Hi Curtis,
Yes I just checked now, the site is totally down.A little shocked, they could've upgrade to newer version and there would be no XSS alerts... They should've not taken site down.. However Thank you again Curtis :)
(In reply to ediskonstantini from comment #2)
> Hi Curtis,
> Yes I just checked now, the site is totally down.A little shocked, they
> could've upgrade to newer version and there would be no XSS alerts... They
> should've not taken site down.. However Thank you again Curtis :)

I think the site was no longer needed / end of life anyway, so upgrading may not have made sense in this case.

Comment 4

4 years ago
Hi,
Okay Curtis Got it. So you mean this is not eligible neither valid right?.
the bug is still marked for the committee to consider, but I doubt it will qualify now
the site is no longer live
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID

Comment 7

4 years ago
Okay Curtis, I hope at last one of three bugs will qualify for Reward... I will be waiting for reply of committee..
This site was not part of the bounty program, and has been retired now as well. Not eligible for a bounty
Flags: sec-bounty? → sec-bounty-
this site is live again and the this bug is present, is this site going to be taken down permanently or are we going to make an attempt to fix this?

Given the content on this site and other factors I think this is sec-low which still makes it ineligible for a bounty
Status: RESOLVED → REOPENED
Keywords: sec-low
Resolution: INVALID → ---

Comment 10

4 years ago
Hi, 
Yes Curtis. I was randomly checking my submissions and saw that it was still alive. That's why I notified you.. since Daniel put Sec-Bounty - I do not think he's gonna make it +. so np at all :).
Thanks again.
Group: websites-security
Keywords: wsec-xss
See Also: → bug 1346650
You need to log in before you can comment on or make changes to this bug.