oss-sec mailing list archives
Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws
From: Andrew Nacin <nacin () wordpress org>
Date: Thu, 18 Jul 2013 16:36:55 -0400
On Thu, Jul 18, 2013 at 4:25 PM, Kurt Seifried <kseifried () redhat com> wrote:
This was brought to my attention by Jay Turla <shipcodez () gmail com>, after some searching I found: http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html and after testing (it works). So please use: CVE-2013-4144 swfupload KedAns-Dz object injection CVE-2013-4145 swfupload KedAns-Dz XSS CVE-2013-4146 swfupload KedAns-Dz CSRF
CVE-2013-4145 (XSS) is actually CVE-2012-2399. And, CVE-2013-4146 (CSRF) seems to be just the potential for CSRF via XSS -- don't think this is a separate issue. Neither of those are reproducible in https://github.com/wordpress/secure-swfupload. We're aware of CVE-2013-4144 and intend to fix it soon, but it's really tough to classify "image injection" as a serious vulnerability without there being any actual XSS there to further trick the user.
Also alerting WordPress.
Thank you.
Current thread:
- SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Reed Loden (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 19)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)