View Full Version : SWFUpload !!!
October 4th, 2012, 01:40 PM
In all libraries SWFUpload (22.214.171.124, probably earlier versions + version Beta), Plupload of the version is lower 1.5.4(?) is found by XSS (in SWFUpload) and CSRF (in Plupload) vulnerability!
Hash sum vulnerable file swfupload.swf
Hash sum file bugfixed swfupload.swf:
October 4th, 2012, 02:25 PM
You can report any specific issues with SWFUpload to there site as we do not work with or code there application. the issue was reported months ago
If you are really worried about it all I can tell you to do is turn off the flash uploader.
October 6th, 2012, 05:56 AM
what kills me is I search for externalinterface as that function from reading on the net is buggy and say this issue they respond to yet the one posted above months ago they do not.
October 15th, 2012, 04:00 PM
More research but it appears to me your not going to see a fix for SWFUpload anytime soon. That flash uploader is a free source project and the last gold release was over 3 years ago.
vBulletin® v3.8.1, Copyright ©2000-2014, Jelsoft Enterprises Ltd.