Telligent Community 5.6.583.20496 (Build: 5.6.583.20496)
Persistent Flash XSS
Keywords: Security, Web, Cross-Site Scripting, Private Bug Report, Dell, Community, Adobe Flash, Telligent, EoL, No Fix
The affected platform is based on the third-party community software Telligent Community 5.6.583.20496 (Build: 5.6.583.20496). The current release is Community 7.x and was not tested, Version 5 is EoL.
Telligent Community is social community software designed for flexibility in building customer-facing communities that achieve your business objectives for improving customer support, building brand loyalty and strengthening member networks. With Telligent Community, you can elevate customer experience with a branded community that perfectly reflects your brand and spur engagement with a complete set of social applications that add social context and relevancy to customer communication. Telligent Community features essential integration with popular social networks including Facebook and Twitter as well as web parts that add social capabilities such as blogging, friending and following to Microsoft SharePoint Internet sites.
Our researchers discovered a persistent Flash XSS vulnerability caused by two minor security flaws enabling the exploit to work properly and cause heavy impact.
1. A logged in attacker can abuse a Community website to upload a maliciously prepared Flash file. This file is available for public browsing after successful upload.
2. The Flash file is being embedded by an Object element. This element is supplied with a special parameter capable of delimiting the possibly dangerous scripting capabilities of the Flash file. While this parameter called allowScriptAccess should be set to the value never, it is actually set to SameDomain. This enables the uploaded file to fully utilize scripting capabilities and cause XSS hazard.
The affected platform is based on the third-party community software Telligent Community 5.6.583.20496 (Build: 5.6.583.20496).
A Proof Of Concept (PoC) link was demonstrated to a Target and PoC provided in March 2012.
REWARD: 1250 EURO to ANONYMOUS
Impact: High – complete control over a Community website and other Dell domains; Possibility to deploy Flash Malware and Virus Code
Exploitability: Critical – Any user visiting the maliciously prepared website can be affected. The potential victims do not have to be logged in. The attacker requires the victim to have a current version of the Flash Player installed.
Overall Score: Critical – Escalation of Privileges, Persistent Data Modification, Information Disclosure, Malware Distribution
April 9, 2012 – Received confirm of Receipt from Telegent
October 23, 2012 – Response from Vendor with Ticket ref:_00D408i2C._50040NKYr7:ref
March 25, 2013 – No response from Vendor, Published
Note – Version 5 is EoL