POC详情: 4690c3ff86023d7b161c260a676e325b93284689

来源
https://github.com/edmondscommerce/CVE-2011-2461_Magento_Patch
关联漏洞
标题: Adobe Flex SDK跨站脚本漏洞 (CVE-2011-2461)
描述:Adobe Flex SDK 4.6之前的4.x版本以及3.x版本中存在跨站脚本漏洞。远程攻击者可以借助与不同域的模块下载相关的向量注入任意web脚本或者HTML。
介绍
# CVE-2011-2461_Magento_Patch
## By [Edmonds Commerce](https://www.edmondscommerce.co.uk)

This CVE relates to a CSRF vulnerability in the Adobe Flex .swf files used by Magento.

You can find more information regarding the CVE here:

* [Peter O'Callaghan - Magento CSRF vulnerability via Adobe Flex](https://peterocallaghan.co.uk/2016/07/magento-csrf-vulnerability-via-adobe-flex/)
* [Minded Security - The old is new, again. CVE-2011-2461 is back!](http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html)
* [Adobe - Flex Security Issue APSB11-25](https://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html)

# The Files

This repo contains patched versions of editor.swf, uploader.swf and uploaderSingle.swf.

# Install

Simply replace the files in skin/adminhtml/default/default/media/ with these.
文件快照

 [4.0K]  /data/pocs/4690c3ff86023d7b161c260a676e325b93284689
├── [ 844]  README.md
└── [4.0K]  skin
    └── [4.0K]  adminhtml
        └── [4.0K]  default
            └── [4.0K]  default
                └── [4.0K]  media
                    ├── [260K]  editor.swf
                    ├── [177K]  uploaderSingle.swf
                    └── [177K]  uploader.swf

5 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。