FlashCanvas 1.5 proxy.php XSS Vulnerability
Advisory Information
Title: FlashCanvas proxy.php XSS Vulnerability
Date published: 11 December 2013
Reference: CVE-2013-6880
Advisory Summary
Script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the 説rl鈠GET parameter and rendering it.
Vendor
FlashCanvas.net <http://flashcanvas.net/>
Affected Software
FlashCanvas 1.5 and possibly older.
FlashCanvas is also used in other software frameworks such as WebShims, therefore the affected software maybe wider.
Description of Issue
The issue exists because the proxy.php script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the 説rl鈠GET parameter and rendering it. This leads to some interesting possibilities, the one proved being cross-site scripting.
More technical detail can be found here:
http://www.7elements.co.uk/resources/blog/cve-2013-6880-proof-concept/
Fix
We would recommend updating to version 1.6 http://flashcanvas.net/release/1.6