advisories ... Yabb and UBB CSS

 

user comments
name
email
comments
 
smtp relay check
mailserver:
e-mail:
more info
translate to ...
language:
 
[1] . [2] . [3] . [4] . [5] . [6] . [7] . [8]
EyeonSecurity
Nekromantic
EyeonSecurity Forums
Ob5cureDotCom
elfqrin swg help net security
frame4 security hacker gurus computerglitch
gotr00t b0iler hackinthebox
nekromantic.com astalavista.net wand products
security-protocols
adv-knowledge rootshell wbglinks
security.nnov.ru
 
Copyright © 2001,2002 eyeonsecurity Inc., All Rights Reserved. No portions of eyeonsecurity may be used without express, written permission
 

Are you vulnerable to Flash XSS attacks?

List of services
   MSN Groups - advisory
   DeviantArt (description)
   Ezboard.com (works when HTML code is enabled - description)
   The Cloak (description)
   Anonymizer (description - note: they might have fixed it)

List of software
   YaBB (description)
   IkonBoard (description)
   Invision Board (discovered by Matt Murphy - post in EoS Forums)

What is a Flash XSS Attack?
Recommended reading: Bypassing JavaScript Filters – the Flash! Attack
Short description: Making use of Flash (SWF files) to launch a Cross Site Scripting attack. This is a hole found in a good number of well known webservices including MSN, YaBB and a good number of other sites which allow Flash content.

Contributing to the above list
If you want to report software or a service which is vulnerable to Flash XSS attacks you may:
      o Send us comment (fill in the form on the left)
      o Send an e-mail to obscure@eyeonsecurity.org
      o Submit to the forum

Please note that EyeonSecurity will always give credit to the original poster unless the poster writes that he/she wants to remain anonymous.

If you're in the list...
Good Reading ..
Using AllowScriptAccess to control outbound scripting from Macromedia Flash - (Thanks to Bertrand Saint-Guillain for this pointer)
Macromedia Flash Player Cross Server Scripting Security Issue