Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS through Flash
Posted by: Ryonan
Date: August 08, 2011 09:24AM

Hello everyone,
Recently i found a website that come with an XSS, but the problem is when i try to run the page in a iframe, it's not possible because it has these script in its source.

##########

<SCRIPT>

if (top.location != self.location) {

top.location = self.location;

}

window.focus();

</SCRIPT>

################

And now i think of loading the XSS site winthin a flash. It's something like when the visitor visit my site, load the flash, and they also 'visit' the site with XSS hole. try searching around but get no luck. So hope to get some help here
Thank you.

Options: ReplyQuote
Re: XSS through Flash
Posted by: superevr
Date: August 12, 2011 11:08PM

what about a pop-up window?
<script>window.open("vulnerablesite.com/?xss=")</script>

Also, does your script land before the iframe blocker, or after? You could put "/*" and the end of your script and it will take out everything until </script>

Options: ReplyQuote


Sorry, only registered users may post in this forum.