Today I want to share with you one of my findings in 2013, which is an XSS in a flash file that was used by many famous websites, the flash file was called sIFR (Scalable_Inman_Flash_Replacement).
Q: How I found it ?
T But, how did I find it? Till today I thought that I was the first one to report this issue, in fact it is an old bug That have CVE (read more). So let’s talk about what I found, as I was looking for a bug in Adobe, my browser got me to:
The (txt) was a simple text.
The (textcolor) was get a HTML color code.
I change (ADOBE PHOTOSHOP CS3) to XSS .
The page showed XSS when I made the payload, I got the txt parameter to show our text, so let me explain what I did regarding the HTML.
It worked! and I found XSS on Adobe. But I noticed something in the URL:
http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/sIFR2.0.2/myriad.swf?txt=ADOBE PHOTOSHOP CS3&textcolor=
It looks like a path of a file in “www.adobe.com”, so I deleted the “wwwimages.adobe.com/” from the URL. and went to:
I injected my name in the code, and it was my beginning with bug bounty, a very good one actually.
I thought that (sIFR2.0.2) is an Adobe product that can be found in other website, and I started looking everywhere for it in other websites, and I found it to be used by major and governmental companies, including Visa ,AMEX, Blackberry, Stanford, Harvard, …etc.
Here is a samples :
The PoC video :
There are still many others vulnerable websites to find this in.
Thank you for reading.