Rosetta Flash
Rosetta Flash
Overview of the Vulnerability
Outdated software is common in applications that use many types of different software stacks. Many outdated software versions have well known and documented vulnerabilities, including those with Common Vulnerabilities and Exposures (CVE) IDs.
Rosetta Flash is a vulnerability that leverages alphanumeric characters to exploit JavaScript Object Notation with Padding (JSONP) callback endpoints. An attacker can use this vulnerability to bypass Same Origin Policy and execute scripts on domains outside of the scope allowing for code execution and sensitive data exfiltration about end users, including credentials.
Business Impact
Rosetta flash can lead to reputational damage for the business due to a loss in confidence and trust by users. A successful rosetta flash attack can lead to sensitive data exfiltration which can result in indirect financial loss to the business.
Steps to Reproduce
Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
Navigate to callback endpoint: {{value}}
{{action}} and intercept request with a Web Proxy
Notice the SWF used: {{value}}
Use {{software}} to generate an alphanumeric SWF file hosted on the attacker website: {{value}}
Use the callback endpoint to {{action}}
Proof of Concept (PoC)
The screenshot(s) below demonstrates the full exploit:
{{screenshot}}
Recommendation(s)
All software should be kept up to date and routinely managed through a patch management process. It is important to have an inventory of all software and versions in use, including dependencies. Regular monitoring of the Common Vulnerability and Exposures (CVE) and National Vulnerability Database (NVD) is also recommended.
Flash files cannot start with comments. Therefore, ensuring that callback parameters begin with a comment, such as /* */, can protect against rosetta flash.
For more information, please see: https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
Last updated