关联漏洞
描述
Patched version of the uploader.swf and uploaderSingle.swf to fix CVE-2011-2461
介绍
# magento-swf-patched-CVE-2011-2461
Patched version of the uploader.swf and uploaderSingle.swf to fix CVE-2011-2461
More info about the vulnerable .swf files in the Magento's core can be found here - https://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html
The main reason CVE-2011-2461 is best explained by @Mindedsecurity http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html thanks to @sneak_ & @_ikki
Files have been patched with the official Adobe patch tool (Action I) https://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html
You can also check your SWF files with ParrotNG (https://github.com/ikkisoft/ParrotNG) and patch them by yourself with the official Adobe patch tool.
文件快照
[4.0K] /data/pocs/b624dce4e757e118824a70d2322c7170a08cb834
├── [ 770] README.md
└── [4.0K] skin
└── [4.0K] adminhtml
└── [4.0K] default
└── [4.0K] default
└── [4.0K] media
├── [177K] uploaderSingle.swf
└── [177K] uploader.swf
5 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。