[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FlashCanvas 1.5 proxy.php XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FlashCanvas 1.5 proxy.php XSS Vulnerability
From: code@xxxxxxxxxxxxxxx
Date: Wed, 11 Dec 2013 15:59:54 GMT

Advisory Information

Title: FlashCanvas proxy.php XSS Vulnerability

Date published: 11 December 2013

Reference: CVE-2013-6880

Advisory Summary

Script does not adequately verify the Referer header before requesting (via 
curl) the remote URL specified in the ?url? GET parameter and rendering it.

Vendor

FlashCanvas.net <http://flashcanvas.net/>

Affected Software

FlashCanvas 1.5 and possibly older.

FlashCanvas is also used in other software frameworks such as WebShims, 
therefore the affected software maybe wider.

Description of Issue

The issue exists because the proxy.php script does not adequately verify the 
Referer header before requesting (via curl) the remote URL specified in the 
?url? GET parameter and rendering it. This leads to some interesting 
possibilities, the one proved being cross-site scripting. 

More technical detail can be found here:
http://www.7elements.co.uk/resources/blog/cve-2013-6880-proof-concept/


Fix

We would recommend updating to version 1.6 http://flashcanvas.net/release/1.6

Prev by Date: Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
Next by Date: [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting
Previous by thread: Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
Next by thread: [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting
Index(es):
- Date
- Thread