CVE-2013-6880 XSS in FlashCanvas Proxy.php

November 28, 2013 by David Stubley

Advisory Information

Title: FlashCanvas proxy.php XSS Vulnerability
Date published: November 2013
Ref: CVE-2013-6880

Advisory Summary

Script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the ‘url’ GET parameter and rendering it

Vendor

FlashCanvas.net <http://flashcanvas.net/>

Affected Software

FlashCanvas 1.5 and possibly older.

FlashCanvas is also used in other software frameworks such as WebShims, therefore the affected software maybe wider.

Description of Issue

The issue exists because the proxy.php script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the ‘url’ GET parameter and rendering it. This leads to some interesting possibilities, the one proved being cross-site scripting.

PoC

For a proof of concept and further discussion, please see our blog on this issue.

CVE-2013-6880 XSS in FlashCanvas Proxy.php

Advisory Information

Advisory Summary

Vendor

Affected Software

Description of Issue

PoC

Blog

SMTP Multipass

Recent News

REDCENTRIC ACQUIRES 7 ELEMENTS

Sign up for the 7 Elements Newsletter