Prakhar Prasad

    Adobe Website XSS and Open Redirect Vulnerabilities

    October 12, 2012 Prakhar Prasad 2 minutes
      Adobe Partners Website XSS

      Vulnerable Website: http://partners.adobe.com

      Cross-site scripting vulnerabilities were discovered on the above mentioned website, which when exploited by a cyber criminal could lead to cookie stealing or client side exploits which may take full control of a victim’s computer .

      Now one thing I’d like to add here, Adobe’s PSIRT was very dull while handling my issue. They took weeks to reply to my emails.Later on I found that this is not a new thing, Adobe has handled security issues poorly in earlier times.

      UPDATE: Janne Ahlberg also twitted about poor handling of security issues by Adobe, after this article was published.

      Vulnerability Timeline

      • 20th August 2012 - Vulnerability discovered and reported to Adobe PSIRT (psirt-at-adobe.com).
      • 24th August 2012 - Reply from Adobe PSIRT saying that they are investigating this issue
      • 24th August 2012 - I asked further queries I had
      • 3rd September 2012 - Sent another mail, because nobody responded to my last email
      • 14th September 2012- Reply from Adobe PSIRT saying that they are still researching this issue
      • 13th October 2012 - Issue fixed ‘silently’.No notification regarding the fix from Adobe PSIRT
      • 13th October 2012 - Public Disclosure
      Adobe Feeds Website Open Redirect

      Vulnerable Website: http://feeds.adobe.com

      An open-redirect issue was detected on the above website. The webpage takes a parameter ‘nextPage’ and redirects to it but while redirecting the page doesn’t check whether the value in ‘nextPage’ parameter is white-listed or not, so ends up in an open redirect issue.

      POC: http://feeds.adobe.com/controller.cfm?nextPage=http://www.google.com&handler=PostHandler&action=click&postId=1

      The above link will silently redirect to http://www.google.com

      Although this type of vulnerability is not considered critical but it can ‘hurt’ an unsuspecting user when used in an attack like phishing or specifically spear-phishing where the user might be fooled to believe that the link belongs to Adobe Inc.

      Video Demo:

      Vulnerability Timeline

      • 24th September 2012 - Vulnerability discovered and reported to Adobe PSIRT (psirt-at-adobe.com)
      • 13th October 2012 - No response from vendor, public disclosure

      So, this incident marks another big company failed to properly handle security issues.

      Google Website Translator Clickjacking Vulnerability
      Twitter Whitehat Vulnerability for 2012: Translation Center CSRF/XSRF