Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29322
HistoryMay 06, 2013 - 12:00 a.m.

XSS vulnerabilities in ZeroClipboard and multiple web applications

2013-05-0600:00:00
vulners.com
17
JSON

Hello 3APA3A!

In February I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard and multiple web applications. This is additional information on this topic.

XSS vulnerabilities in ZeroClipboard
http://securityvulns.ru/docs29105.html
XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery
http://securityvulns.ru/docs29104.html
XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
http://securityvulns.ru/docs29103.html

SecurityVulns ID: 12910
CVE: CVE-2013-1808

During my conversation with old ZeroClipboard developer (Joseph Huckaby) and new developers (Jon Rohan and James Greene) last month, I've recommended them to prevent downloading of ZeroClipboard's files (swf and sources) from repository at Google code. To prevent spreading of vulnerable versions of software. After my second letter at 19th of February, Joseph agreed with me on this and gave full control for new developers to make necessary changes at http://code.google.com/p/zeroclipboard/. About added warnings and disallowing of downloads Joseph informed me and later James confirm it too.

But it was not sufficient enough, since I found that it was possible to download files directly from repository (and there are many web sites which are referencing on these files). So I've suggested Jon and James to completely prevent downloading of all vulnerable files from old repository. After my letters from 3rd, 16th and 24th of March, they at last did it and made complete closure of old repository.

XSS vulnerabilities in zClip and other web applications.

In addition to all those web applications, which I've wrote earlier and hundreds of webapps on which I've referenced via google dorks, there are tens or hundreds additional vulnerable web applications with ZeroClipboard. These are such webapps, which have no swf of ZeroClipboard in their bundles, but referencing on it at their sites or in documentation. I have found many webapps with such approach (for different flash-files, like all those flash video players, about vulnerabilities in which I wrote) for last years and wrote about such case. E.g. in 2010 I've wrote about Blogumus - a WP-Cumulus fork for Blogger, where there was swf-file at the site, from which users can download last version or embed it from that site (like from CDN).

There are such web developers, like developers of zClip and many other web applications, which are not bundling vulnerable swf of ZeroClipboard, but they referencing to it in old repository and asking all users to manually download last version of swf-file from repository (i.e. last vulnerable version). I've wrote to zClip developers about it at 6th of March, but they just ignored it. So to protect all future users of zClip and any other similar software, which are referencing to old repository at Google Code (with vulnerable versions of ZeroClipboard), and to force a fix to all such software, it was needed to close old repository completely. And today ZeroClipboard developers have done it.

XSS (WASC-08):

For zClip the path will be the next. XSS via id parameter and XSS via copying payload into clipboard (as described in my first advisory).

http://path/js/ZeroClipboard.swf?id=\%22))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

All versions of zClip are referencing to vulnerable versions of ZeroClipboard. So all current users of zClip (including developer of zClip at their site) are using vulnerable swf-files and have XSS vulnerabilities at their sites. But since today all future users of zClip are protected. After I've forced developers of ZeroClipboard, it will prevent spreading of vulnerable versions of swf-files and will protect future users of all software (like zClip) from downloading vulnerable versions of ZeroClipboard. From now all web developers and users need to download ZeroClipboard only from new repository (https://github.com/jonrohan/ZeroClipboard). Everyone who is using old versions of ZeroClipboard or software, which are bundled with old versions of it, needs to update to the last version 1.1.7 from new repository.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Related

wpvulndb 24
wpexploit 1
patchstack 1
zdt 1
packetstorm 1
veracode 1
securityvulns 2
prion 3
cve 3
debiancve 2
nessus 2
openvas 2
freebsd 1
wpvulndb
wpvulndb
coupon-code-plugin <= 2.1 - XSS in ZeroClipboard
2014-08-01 10:58:58
geshi-source-colorer <= 0.13 - XSS in ZeroClipboard
2014-08-01 10:58:58
tiny-url <= 1.3.2 - XSS in ZeroClipboard
2014-08-01 10:58:58
wpexploit
wpexploit
slidedeck2 < 2.1.20130313 - XSS in ZeroClipboard
2014-08-01 00:00:00
patchstack
patchstack
WordPress ZeroClipboard Plugin <= 1.0.7 - XSS
2013-02-19 00:00:00
zdt
zdt
ZeroClipboard Wordpress plugin XSS / FPD Vulnerabilities
2013-04-11 00:00:00
packetstorm
packetstorm
ZeroClipbord.swf Cross Site Scripting / Path Disclosure
2013-04-09 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 08:52:23
securityvulns
securityvulns
XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress
2013-05-06 00:00:00
XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress
2013-05-06 00:00:00
prion
prion
Cross site scripting
2013-04-02 03:23:00
Cross site scripting
2013-02-07 05:56:00
Cross site scripting
2013-04-02 03:22:00
cve
cve
CVE-2012-6550
2013-04-02 03:22:00
CVE-2013-1808
2013-04-02 03:23:00
CVE-2013-1463
2013-02-07 05:56:00
debiancve
debiancve
CVE-2013-1808
2013-04-02 03:23:00
CVE-2012-6550
2013-04-02 03:22:00
nessus
nessus
Jenkins < 1.514 / 1.509.1 and Jenkins Enterprise 1.466.x / 1.480.x < 1.466.14.1 / 1.480.4.1 Multiple Vulnerabilities
2013-06-14 00:00:00
FreeBSD : jenkins -- multiple vulnerabilities (622e14b1-b40c-11e2-8441-00e0814cab4e)
2013-05-04 00:00:00
openvas
openvas
Jenkins CSRF And XSS Vulnerabilities - Windows
2016-07-14 00:00:00
Jenkins CSRF And XSS Vulnerabilities - Linux
2016-07-14 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2013-05-02 00:00:00
JSON
Related for SECURITYVULNS:DOC:29322
wpvulndb24wpexploit1patchstack1zdt1packetstorm1veracode1securityvulns2prion3cve3debiancve2nessus2openvas2freebsd1