Upload images allows Adobe Flash LSO

[siljaline 57]

I've noted and this is a concern - when using the attach files to upload feature a Adobe LSO is clearly seen.

Is this on the Invision board software ? And how can we get rid of it so that we are not flashed when we attach files in threads ?

 

 

[Arakasi 549]

Switch to the basic uploader siljaline.

[siljaline 57]

Nope - Joe users are being Flashed and I'd like that feature removed. 

Switch to the basic uploader siljaline.

[Arakasi 549]

I'm afraid i am not having or seeing the issue you are referring to.

Have any screenies ?

 

If im using the basic upload, the command button is a java or html configured button.

If i switch to the advanced and right click the cmd button, its a flash coded onclick button.

[siljaline 57]

No screen captures but the below would be one that is attempting to flash the user.

https://forum.eset.com/public/js/3rd_party/swfupload/swfupload.swf?preventswfcaching=1392081194849

Added reading: hxxp://en.wikipedia.org/wiki/Swf

[Arakasi 549]

Hello,

 

I know what swf is.

Like i said, the basic uploader does not use swf.

 

See the code behind it.

        <h2 class="ipsType_subtitle">Attach Files</h2>
        <span id="buttonPlaceholder"></span>
        <iframe style="width: 500px; z-index: 30000; height: 25px; overflow: hidden; background-color: transparent;" tabindex="1" src="null" allowtransparency="allowTransparency" class="clearfix" border="0" name="iframeAttach_0" id="iframeAttach_0" frameborder="no" scrolling="no"></iframe><input id="add_files_attach_0" class="ipsType_small ipsButton_secondary attach_button" value="Attach This File" style="clear: both;" tabindex="75" type="button">
                <span class="desc ipsType_small" id="space_info_attach_0">You can upload up to <strong>2MB</strong> of files (Max. single file size: <strong>2MB</strong>)</span>
                <p class="desc lighter ipsType_smaller" id="help_msg">
                                  <a href="#" data-switch="flash" title="" tabindex="-1">Try our advanced uploader (requires Flash 9)</a>

 

                        

 

[siljaline 57]

The Adblockplus filter would look something like:

||forum.eset.com/public/js/3rd_party/swfupload/*

 

 

Voila 
 

[siljaline 57]

Email sent to ESET expressing security concerns on this issue.