Exploit Adobe SVG Viewer 3.0 - 'postURL'/'getURL' Restriction Bypass

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23230
Проверка EDB
  1. Пройдено
Автор
GREYMAGIC SOFTWARE
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
N/A
Дата публикации
2003-10-07
Код:
source: https://www.securityfocus.com/bid/8785/info

Adobe SVG Viewer (ASV) is prone to an issue in the implementation of the getURL() and postURL() methods. These methods are designed to prevent access to URIs in a foreign domain or local files. However, by using a redirect when calling these methods, it is possible to bypass these restrictions. This could be exploited to read local or remote files, potentially exposing sensitive information and allowing for theft of cookie-based authentication credentials. The attack vectors may vary depending on whether the viewer is operating on its own or used as a plug-in for Internet Explorer (or other browsers).

ASV 3.0 and prior are reported to be prone to this vulnerability. 

getURL(
"rd.asp",
function (oResponse) {
parent.alert(oResponse.content);
}
);
 
Источник
www.exploit-db.com

Похожие темы