0

I am performing a penetration test against a website that uses Flash.

I found this piece of code:

url = ExternalInterface.call("window.document.location.href.toString") as String;

How it can be exploited?

I tried to exploit it as XSS via submitting a payload after the #:

.swf?id=blabla#payloadhere

but nothing. Since I am not really good with Actionscript can anybody help?

Improve this question

1 Answer 1

Reset to default
1

The ExternalInferface.call() is designed for invoking javascript, so this function as written effectively gives you the opportunity to invoke arbitrary javascript in the execution context of the website, which is already a serious security hole.

http://help.adobe.com/en_US/AS2LCR/Flash_10.0/help.html?content=00001039.html

How specifically to exploit it? There's a ton of web sites about javascript security holes, you just have to insert one and invoke it in the execution context of the web site.

Improve this answer
2
  • Thanks , but the problem here is the exploitation payload Commented Jul 27, 2014 at 18:20
  • 1
    Any javascript exploit will work since you can execute arbitrary javascript. If you are just looking for a pentest result, you already showed the site is insecure. Commented Jul 28, 2014 at 18:38

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.