CVE-2011-2461 PoC — Adobe Flex SDK跨站脚本漏洞

Source

https://github.com/edmondscommerce/CVE-2011-2461_Magento_Patch

Associated Vulnerability

Title:Adobe Flex SDK跨站脚本漏洞 (CVE-2011-2461)
Description:Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.

Readme

# CVE-2011-2461_Magento_Patch
## By [Edmonds Commerce](https://www.edmondscommerce.co.uk)

This CVE relates to a CSRF vulnerability in the Adobe Flex .swf files used by Magento.

You can find more information regarding the CVE here:

* [Peter O'Callaghan - Magento CSRF vulnerability via Adobe Flex](https://peterocallaghan.co.uk/2016/07/magento-csrf-vulnerability-via-adobe-flex/)
* [Minded Security - The old is new, again. CVE-2011-2461 is back!](http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html)
* [Adobe - Flex Security Issue APSB11-25](https://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html)

# The Files

This repo contains patched versions of editor.swf, uploader.swf and uploaderSingle.swf.

# Install

Simply replace the files in skin/adminhtml/default/default/media/ with these.

File Snapshot


 [4.0K]  /data/pocs/4690c3ff86023d7b161c260a676e325b93284689
├── [ 844]  README.md
└── [4.0K]  skin
    └── [4.0K]  adminhtml
        └── [4.0K]  default
            └── [4.0K]  default
                └── [4.0K]  media
                    ├── [260K]  editor.swf
                    ├── [177K]  uploaderSingle.swf
                    └── [177K]  uploader.swf

5 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!