Yo MustDie, Post your shit here: http://www.exploit-db.com/ They love XSS.
2010/1/11 MustLive <mustl...@websecurity.com.ua> > Hello Full-Disclosure! > > Yesterday I wrote the article XSS vulnerabilities in 34 millions flash > files > (http://websecurity.com.ua/3842/), and here is English version of it. > > In December in my article XSS vulnerabilities in 8 millions flash files > (http://websecurity.com.ua/3789/) I wrote, that there are up to 34000000 > of flashes tagcloud.swf in Internet which are potentially vulnerable to XSS > attacks. Taking into account that people mostly didn't draw attention in > previous article to my mentioning about another 34 millions of vulnerable > flashes, then I decided to write another article about it. > > File tagcloud.swf was developed by author of plugin WP-Cumulus for > WordPress > (http://websecurity.com.ua/3665/) and it's delivered with this plugin for > WordPress, and also with other plugins, particularly Joomulus > (http://websecurity.com.ua/3801/) and JVClouds3D > (http://websecurity.com.ua/3839/) for Joomla and Blogumus > (http://websecurity.com.ua/3843/) for Blogger. Taking into account > prevalence of this flash file, I'll note that it's most widespread flash > file in Internet with XSS vulnerability. > > ------------------------------------- > Prevalence of the problem. > ------------------------------------- > > There are a lot of vulnerable tagcloud.swf files in Internet (according to > Google): > > http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf > > If at 18.12.2009 there were about 34000000 results, then now there are > about > 32500000 results. And these are only those flash files, which were indexed > by Google, and actually there can be much more of them. > > So there are about 32,5 millions of sites with file tagcloud.swf which are > vulnerable to XSS and HTML Injection attacks. > > Among them there are about 273000 gov-sites > ( > http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf+inurl:gov&filter=0 > ) > which are vulnerable to XSS and HTML Injection attacks. > > ---------------------------------- > Vulnerabilities in swf-file. > ---------------------------------- > > File tagcloud.swf is vulnerable to XSS and HTML Injection attacks via > parameter tagcloud. > > XSS: > > > http://site/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E<http://site/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href=%27javascript:alert%28document.cookie%29%27+style=%27font-size:+40pt%27%3EClick%20me%3C/a%3E%3C/tags%3E> > > Code will execute after click. It's strictly social XSS. > > HTML Injection: > > > http://site/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E<http://site/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href=%27http://websecurity.com.ua%27+style=%27font-size:+40pt%27%3EClick%20me%3C/a%3E%3C/tags%3E> > > HTML Injection attack can be conducted particularly on those flash files > which have protection (in flash files or via WAF) against javascript and > vbscript URI in parameter tagcloud. > > ---------------------------------------- > Examples of vulnerable sites. > ---------------------------------------- > > I gave examples of vulnerable sites with this swf-file in post XSS > vulnerabilities in tagcloud.swf at gov and gov.ua > (http://websecurity.com.ua/3835/). > > So for flash developers it's better to attend to security of their flash > files. And for owners of sites with vulnerable flashes (particularly > tagcloud.swf) it's needed either to fix them by themselves, or to turn to > their developers. > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/