Hi ,
Today I want to share my find in 2013 which is XSS in flash file was used in many websites (famous websites !).
the flash file was called sIFR (Scalable_Inman_Flash_Replacement)
Q: How I found it ?
A: Till today I was thinking that I am the first one who reported this issue in fact it is an old bug
That have CVE (Read more)
So let's talk about what I found , I was looking for bug in Adobe my exploire get me to
The (txt) was get simple text
The (textcolor) was get a HTML color code
I change (ADOBE PHOTOSHOP CS3) to XSS
the page Show XSS and when I make the payload
Immm good the txt parameter show our text let's do HTML things .
It is work !!! and I found XSS on Adobe . But I notice something in URL
and go to :
Xss show in the page I click on it and booom !
Please bear with me that I inject my name in code it was my start at bug bounty hhhhh :) .
So it was very good
Now I was think that (sIFR2.0.2) is Adobe product that I can found in other website
I make Dork to find others
there were too many website wait the surprise it was big one
Visa,AMEX,Blackberry,Stanford,Haravrd,and many Gov sites
Here is a samples :
The PoC video :
There are many others websites vulnerable .
Thanks for read .
Useful links :
1-http://news.softpedia.com/news/sIFR-Vulnerability-Impacts-Adobe-BlackBerry-Visa-Amazon-and-Other-Sites-Video-427053.shtml
2-https://en.wikipedia.org/wiki/Scalable_Inman_Flash_Replacement
3-http://www.hackbusters.com/news/stories/18150-sifr-vulnerability-impacts-adobe-blackberry-visa-amazon-and-other-sites-video
4-http://www.youtube.com/watch?v=7WeIeJ_YYOQ
Today I want to share my find in 2013 which is XSS in flash file was used in many websites (famous websites !).
the flash file was called sIFR (Scalable_Inman_Flash_Replacement)
Q: How I found it ?
A: Till today I was thinking that I am the first one who reported this issue in fact it is an old bug
That have CVE (Read more)
So let's talk about what I found , I was looking for bug in Adobe my exploire get me to
http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/sIFR2.0.2/myriad.swf?txt=ADOBE PHOTOSHOP CS3&textcolor=
The (txt) was get simple text
The (textcolor) was get a HTML color code
I change (ADOBE PHOTOSHOP CS3) to XSS
the page Show XSS and when I make the payload
Immm good the txt parameter show our text let's do HTML things .
http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/sIFR2.0.2/myriad.swf?txt=<a href="javascript:alert('Xssed by Abdullah Hussam')">xss</a>
It is work !!! and I found XSS on Adobe . But I notice something in URL
http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/sIFR2.0.2/myriad.swf?txt=ADOBE PHOTOSHOP CS3&textcolor=It is look like path of file in (www.adobe.com) ,so I deleted the (wwwimages.adobe.com/) from URL
and go to :
https://www.adobe.com/lib/com.adobe/sIFR2.0.2/myriad.swf?txt=<a href="javascript:alert('Xssed by Abdullah Hussam')">xss</a>
Xss show in the page I click on it and booom !
Please bear with me that I inject my name in code it was my start at bug bounty hhhhh :) .
So it was very good
Now I was think that (sIFR2.0.2) is Adobe product that I can found in other website
I make Dork to find others
there were too many website wait the surprise it was big one
Visa,AMEX,Blackberry,Stanford,Haravrd,and many Gov sites
Here is a samples :
The PoC video :
There are many others websites vulnerable .
Thanks for read .
Useful links :
1-http://news.softpedia.com/news/sIFR-Vulnerability-Impacts-Adobe-BlackBerry-Visa-Amazon-and-Other-Sites-Video-427053.shtml
2-https://en.wikipedia.org/wiki/Scalable_Inman_Flash_Replacement
3-http://www.hackbusters.com/news/stories/18150-sifr-vulnerability-impacts-adobe-blackberry-visa-amazon-and-other-sites-video
4-http://www.youtube.com/watch?v=7WeIeJ_YYOQ
Great find
ReplyDeleteGreat find
ReplyDelete