Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1203059
  • 博文数量: 272
  • 博客积分: 3899
  • 博客等级: 中校
  • 技术积分: 4734
  • 用 户 组: 普通用户
  • 注册时间: 2012-06-15 14:53
文章分类

全部博文(272)

文章存档

2012年(272)

分类: 网络与安全

2012-06-25 16:37:22

此类漏洞也是程序员很少注意的问题。

Flash
XSS也是很早就有人关注了,OWASP里还专门有一个扫Flash XSS的工具,叫做swfintruder

最近有人也报了一个常见的flash xss,利用 _root.clickTAG 这个变量

一般是出在 getURL() 函数里。发现者说(google搜出来的)Recently, 12th of November 2008, I found XSS vulnerabilities in 215000 flash files.

原文引用如下:

XSS:



Vulnerability in the next AS code:



getURL(_root.clickTAG, "_blank");



Attack occurs via passing of XSS code to flash file in parameter clickTAG:



('XSS')


After click on flash the transfer to function occurs of getURL string, which passed to flash via parameter clickTAG. Thus can be executed JS code, which was passed to flash.


At



('XSS')


Note, that flashes with target = “_blank” (in getURL) not allow to get to cookies. And they also not work in IE6. If target set to not “_blank” (or not set at all), then flashes give possibility to get to cookies in all browsers (and they work in IE6).


相关参考链接:
http://www.webappsec.org/lists/websecurity/archive/2008-11/msg00110.html


http://websecurity.com.ua/2609/

阅读(1289) | 评论(0) | 转发(0) |
0

上一篇:无题

下一篇:Domain Phishing with Unicode String

给主人留下些什么吧!~~