Of course they like XSS: the DB maintained by muts et al. is the
"prosecution" of milw0rm, since
str0ke gives up to mantain it.

I remember that str0ke didn't allowed to publish advisories ONLY
RELATED to xss (especially reflected ones, as they
are so common), but by the way I think is OK to publish there even the
most simple reflected XSS, especially if
is afflicting world used web-based products.

I see that people doesn't like your posts here on bugtraq: just try to
be more clear on your posts.
XSS vulnerabilities in FLASH files have been researched from many
years, and with a tool like
SWFintruder is so easy to find them: your post is not something new.
Is enough to take the Flash files you mentioned (used by joomal or
whatever), find the XSS, and then make a google search to see how many
sites are using
the vulnerable swf.

Interesting to know how many are vulnerable, but absolutely NOT SOMETHING NEW.


Michele "antisnatchor" Orru'

On Tue, Jan 12, 2010 at 12:44 AM, Jeff Williams <jeffwilli...@gmail.com> wrote:
> Yo MustDie,
> Post your shit here:
> http://www.exploit-db.com/
> They love XSS.
> 2010/1/11 MustLive <mustl...@websecurity.com.ua>
>> Hello Full-Disclosure!
>> Yesterday I wrote the article XSS vulnerabilities in 34 millions flash
>> files
>> (http://websecurity.com.ua/3842/), and here is English version of it.
>> In December in my article XSS vulnerabilities in 8 millions flash files
>> (http://websecurity.com.ua/3789/) I wrote, that there are up to 34000000
>> of flashes tagcloud.swf in Internet which are potentially vulnerable to
>> XSS
>> attacks. Taking into account that people mostly didn't draw attention in
>> previous article to my mentioning about another 34 millions of vulnerable
>> flashes, then I decided to write another article about it.
>> File tagcloud.swf was developed by author of plugin WP-Cumulus for
>> WordPress
>> (http://websecurity.com.ua/3665/) and it's delivered with this plugin for
>> WordPress, and also with other plugins, particularly Joomulus
>> (http://websecurity.com.ua/3801/) and JVClouds3D
>> (http://websecurity.com.ua/3839/) for Joomla and Blogumus
>> (http://websecurity.com.ua/3843/) for Blogger. Taking into account
>> prevalence of this flash file, I'll note that it's most widespread flash
>> file in Internet with XSS vulnerability.
>> -------------------------------------
>> Prevalence of the problem.
>> -------------------------------------
>> There are a lot of vulnerable tagcloud.swf files in Internet (according to
>> Google):
>> http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf
>> If at 18.12.2009 there were about 34000000 results, then now there are
>> about
>> 32500000 results. And these are only those flash files, which were indexed
>> by Google, and actually there can be much more of them.
>> So there are about 32,5 millions of sites with file tagcloud.swf which are
>> vulnerable to XSS and HTML Injection attacks.
>> Among them there are about 273000 gov-sites
>> (http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf+inurl:gov&filter=0)
>> which are vulnerable to XSS and HTML Injection attacks.
>> ----------------------------------
>> Vulnerabilities in swf-file.
>> ----------------------------------
>> File tagcloud.swf is vulnerable to XSS and HTML Injection attacks via
>> parameter tagcloud.
>> XSS:
>> http://site/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E
>> Code will execute after click. It's strictly social XSS.
>> HTML Injection:
>> http://site/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E
>> HTML Injection attack can be conducted particularly on those flash files
>> which have protection (in flash files or via WAF) against javascript and
>> vbscript URI in parameter tagcloud.
>> ----------------------------------------
>> Examples of vulnerable sites.
>> ----------------------------------------
>> I gave examples of vulnerable sites with this swf-file in post XSS
>> vulnerabilities in tagcloud.swf at gov and gov.ua
>> (http://websecurity.com.ua/3835/).
>> So for flash developers it's better to attend to security of their flash
>> files. And for owners of sites with vulnerable flashes (particularly
>> tagcloud.swf) it's needed either to fix them by themselves, or to turn to
>> their developers.
>> Best wishes & regards,
>> MustLive
>> Administrator of Websecurity web site
>> http://websecurity.com.ua
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to