Exponent CMS 2.3.7 - SWF File Upload Cross Site Scripting Vulnerability
Reported by Sachin Wagh | February 25th, 2016 @ 07:36 AM | in 2.4.1 (closed)
Information
Vulnerability Type : Exponent CMS 2.3.7 -File Upload Cross Site
Scripting Vulnerability
Vulnerable Version : 2.3.7
CVE-ID :
Severity: High
Author – Sachin Wagh (@tiger_tigerboy)
Description
Exponent CMS is prone to a swf file upload cross site Scripting vulnerability because it fails to sanitize user-supplied input.
Please find attached POC for more detail.
http://localhost/exponent-2.3.7/files/xssproject.swf?js=alert%28%27...;
Reference :
https://www.owasp.org/index.php/Testing_for_Cross_site_flashing_%28...
Credits & Authors
Sachin Wagh (@tiger_tigerboy)
Comments and changes to this ticket
-
dleffler February 25th, 2016 @ 11:28 AM
- Tag set to “security”
- Assigned user cleared.
Isn't this simply exposing a possible (end user) Adobe Flash security issue? What is your suggested fix...not allow swf file uploads by users?
-
-
dleffler December 15th, 2016 @ 11:40 AM
- State changed from “new” to “resolved”
- Assigned user set to “dleffler”
- Milestone set to “2.4.1”
SWF uploads were no longer permitted as of v2.4.0patch1, further reinforced by a recent code push for the next patch/release
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
dleffler
expNinja