|
 |
您现在的位置: 红色黑客联盟 >> 教程 >> 黑客技术 >> 脚本攻防 >> 正文 |
| Flash clickTAG XSS 漏洞 |
|
|
|
| 文章录入:7747.Net 责任编辑:7747.Net |
|
|
【字体:小 大】 |
|
大风起兮云飞扬
此类漏洞也是程序员很少注意的问题。
Flash的XSS也是很早就有人关注了,OWASP里还专门有一个扫Flash XSS的工具,叫做swfintruder
最近有人也报了一个常见的flash xss,利用 _root.clickTAG 这个变量
一般是出在 getURL() 函数里。发现者说(google搜出来的):Recently, 12th of November 2008, I found XSS vulnerabilities in 215000 flash files.
原文引用如下:
XSS:
Vulnerability in the next AS code:
getURL(_root.clickTAG, "_blank");
Attack occurs via passing of XSS code to flash file in parameter clickTAG:
http://site/flash.swf?clickTAG=javascript:alert('XSS')
After click on flash the transfer to function occurs of getURL string, which passed to flash via parameter clickTAG. Thus can be executed JS code, which was passed to flash.
At http://server.cpmstar.com:
http://server.cpmstar.com/cached/creatives/1499_728_90_games.swf?clickTAG=javascript:alert('XSS')
Note, that flashes with target = “_blank” (in getURL) not allow to get to cookies. And they also not work in IE6. If target set to not “_blank” (or not set at all), then flashes give possibility to get to cookies in all browsers (and they work in IE6).
相关参考链接:
http://www.webappsec.org/lists/websecurity/archive/2008-11/msg00110.html
|
| |
| 您对本文章有什么意见或着疑问吗?请到论坛讨论您的关注和建议是我们前行的参考和动力 |
|
|
| |
上一篇文章: 检测周杰伦官方网站
下一篇文章: 没有了 |
| 【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
