hiimnalaa / swfobject

Automatically exported from code.google.com/p/swfobject
0 stars 0 forks source link

Dom based XSS issue found in swfobject.js file #662

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
We re using swfobject.js v2.2 file in our product. We have gone through
IBM app scan. It finds XSS issue in the swfobject.js file.
Here is the output from IBM app scan
Request: http://<ip>../swfobject.js
_d.write('<html><head><meta http-equiv="refresh"
content="0;url=' + _l.href.substr(0, _l.href.indexOf("#")) + '" 
/></head></html>');

What is the expected output? What do you see instead?
there shouldn't be any DOM based XSS.

What version of the product are you using? On what operating system?
v2.2

Please provide any additional information below.

Original issue reported on code.google.com by anuradha...@gmail.com on 8 Apr 2013 at 7:49

GoogleCodeExporter commented 9 years ago
In my application,when use some scan app,it says swfobject.js file has DOM 
based XSS,the problem code snippet:

var ad = M.ie && M.win ? "ActiveX" : "PlugIn",
                ac = "MMredirectURL=" + O.location.toString().replace(/&/g, "%26") + "&MMplayerType=" + ad + "&MMdoctitle=" + j.title;  

Original comment by ycyco...@gmail.com on 28 Apr 2014 at 1:43

GoogleCodeExporter commented 9 years ago
IBM Rational App Scan 8.5.0.1 also gives this:

Request/Response:
http://server_name/path/swfobject.js:
 4 : var ad = M.ie && M.win ? "ActiveX" : "PlugIn",
 4 : ab.flashvars = ac
 4 : u(aa, ab, X)
 4 : function u(ai, ag, Y) {
 4 : af += '<param name="' + ad + '" value="' + ag[ad] + '" />'
 4 : aa.outerHTML = '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"' + ah + ">" + af + "</object>";

Original comment by vladi...@milovanovic.me on 26 Dec 2014 at 12:18