Author Topic: ZeroClipboard vulnerable on site?  (Read 1432 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33811
  • malware fighter
ZeroClipboard vulnerable on site?
« on: November 10, 2014, 10:38:37 PM »
Read about issues with ZeroClipboard: http://seclists.org/fulldisclosure/2013/Feb/103
Results from scanning URL: htxp://urlx.at/sample-public-front-page.php?format=simple&action=shorturl&url=
Number of sources found: 2
Number of sinks found: 17
Results from scanning URL: htxp://urlx.at/js/ZeroClipboard.js?v=1.5
Number of sources found: 8
Number of sinks found: 10
Results from scanning URL: htxp://urlx.at/js/ZeroClipboard.js?v=1.5
Number of sources found: 2
Number of sinks found: 10
Re: http://xss.cx/2011/09/07/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report-09072011-03.html

Bitdefender flags: blacklisted link: urlx.at/javascript:void(location.href%3D

Code hick-up: html5shim.googlecode dot com/svn/trunk/html5.js benign
[nothing detected] (script) html5shim.googlecode dot com/svn/trunk/html5.js
     status: (referer=urlx dot at/43oi)saved 2429 bytes 3c7b369485cadd585d24be44701e459c8aa54d60
     info: [decodingLevel=0] found JavaScript
     suspicious:

For typekit consider to load asynchronously: http://blog.typekit.com/2011/05/25/loading-typekit-fonts-asynchronously/

pol
« Last Edit: November 10, 2014, 11:20:58 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!