CVE-2011-2461 PoC — Adobe Flex SDK跨站脚本漏洞

Source

https://github.com/edmondscommerce/CVE-2011-2461_Magento_Patch

Associated Vulnerability

Title:Adobe Flex SDK跨站脚本漏洞 (CVE-2011-2461)
Description:Adobe Flex SDK 4.6之前的4.x版本以及3.x版本中存在跨站脚本漏洞。远程攻击者可以借助与不同域的模块下载相关的向量注入任意web脚本或者HTML。

Readme

# CVE-2011-2461_Magento_Patch
## By [Edmonds Commerce](https://www.edmondscommerce.co.uk)

This CVE relates to a CSRF vulnerability in the Adobe Flex .swf files used by Magento.

You can find more information regarding the CVE here:

* [Peter O'Callaghan - Magento CSRF vulnerability via Adobe Flex](https://peterocallaghan.co.uk/2016/07/magento-csrf-vulnerability-via-adobe-flex/)
* [Minded Security - The old is new, again. CVE-2011-2461 is back!](http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html)
* [Adobe - Flex Security Issue APSB11-25](https://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html)

# The Files

This repo contains patched versions of editor.swf, uploader.swf and uploaderSingle.swf.

# Install

Simply replace the files in skin/adminhtml/default/default/media/ with these.

File Snapshot


 [4.0K]  /data/pocs/4690c3ff86023d7b161c260a676e325b93284689
├── [ 844]  README.md
└── [4.0K]  skin
    └── [4.0K]  adminhtml
        └── [4.0K]  default
            └── [4.0K]  default
                └── [4.0K]  media
                    ├── [260K]  editor.swf
                    ├── [177K]  uploaderSingle.swf
                    └── [177K]  uploader.swf

5 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!