Advisory Information

Title: FlashCanvas proxy.php XSS Vulnerability

Date published: 11 December 2013

Reference: CVE-2013-6880

Advisory Summary

Script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the ‘url’ GET parameter and rendering it.

Vendor

FlashCanvas.net <http://flashcanvas.net/>

Affected Software

FlashCanvas 1.5 and possibly older.

FlashCanvas is also used in other software frameworks such as WebShims, therefore the affected software maybe wider.

Description of Issue

The issue exists because the proxy.php script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the ‘url’ GET parameter and rendering it. This leads to some interesting possibilities, the one proved being cross-site scripting. 

More technical detail can be found here:
http://www.7elements.co.uk/resources/blog/cve-2013-6880-proof-concept/


Fix

We would recommend updating to version 1.6 http://flashcanvas.net/release/1.6