Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

JW player xss security flaw
From: WooYun <root () wooyun org>
Date: Wed, 16 May 2012 14:29:34 +0800

"LongTail Video is a New York-based startup that has pioneered the web
video market. Our flagship product the - JW Player - is active on over
one million websites and streams billions of videos each month."

Someone has reported a xss security flaw of JW Player on wooyun,much
more information here:

http://www.wooyun.org/bugs/wooyun-2010-07166

from: http://www.wooyun.org/whitehats/gainover

a example here:

http://www.wooyun.org/bugs/wooyun-2010-07165

http://www.whitehouse.gov/files/flash/player.swf?debug=function(){var
a=alert;a(1)}

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • JW player xss security flaw WooYun (May 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]