Adobe SVG Viewer 3.0 - 'postURL'/'getURL' Restriction Bypass

EDB-ID:

23230

CVE:

N/A

EDB Verified:

Author:

GreyMagic Software

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2003-10-07

Vulnerable App: 
source: https://www.securityfocus.com/bid/8785/info

Adobe SVG Viewer (ASV) is prone to an issue in the implementation of the getURL() and postURL() methods. These methods are designed to prevent access to URIs in a foreign domain or local files. However, by using a redirect when calling these methods, it is possible to bypass these restrictions. This could be exploited to read local or remote files, potentially exposing sensitive information and allowing for theft of cookie-based authentication credentials. The attack vectors may vary depending on whether the viewer is operating on its own or used as a plug-in for Internet Explorer (or other browsers).

ASV 3.0 and prior are reported to be prone to this vulnerability. 

getURL(
"rd.asp",
function (oResponse) {
parent.alert(oResponse.content);
}
);
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services