I would like to publish one of my Flash based XSS
The story goes on like this :
I found a Flash file that was hosted at main domain of barracudalabs and this Flash file was including some XML file but what i found interesting was there was no domain filter used in that Flash file and this means that XML files can be included from other domains by simply changing the parameter. Thus some vulnerable XML file was included and this triggered XSS upon clicking the Submit button.
Technical Details :
Parameter "xmlfile" was used to insert vulnerable XML file.
Link : http://barracudalabs.com/
Details regarding XML file :
Variable "url" was mutated from url="some_legit_url" to url="javascript:alert(7155)"
The story goes on like this :
I found a Flash file that was hosted at main domain of barracudalabs and this Flash file was including some XML file but what i found interesting was there was no domain filter used in that Flash file and this means that XML files can be included from other domains by simply changing the parameter. Thus some vulnerable XML file was included and this triggered XSS upon clicking the Submit button.
Technical Details :
Parameter "xmlfile" was used to insert vulnerable XML file.
Link : http://barracudalabs.com/
Details regarding XML file :
Variable "url" was mutated from url="some_legit_url" to url="javascript:alert(7155)"
and this value of url was used in form so as soon as victim submits the form XSS is triggered.
No comments:
Post a Comment