Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-28 11:36:08 -04:00
Code Issues Packages Projects Releases Wiki Activity

websecurity

Browse Source
This commit is contained in:
bt3gl 2014-11-20 10:05:51 -05:00
parent a491bdca1e
commit 0a30e5e40e
1 changed files with 21 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Web_Security/README.md
View File

@ -49,7 +49,7 @@ $ wget -rck <TARGET-WEBSITE>
``` ```
$ /wget -r -l1 -H -t1 -nd -N -nd -N -A.swf -erobots=off <WEBSITE> -i output_swf_files.txt $ /wget -r -l1 -H -t1 -nd -N -nd -N -A.swf -erobots=off <WEBSITE> -i output_swf_files.txt
```
* Once we have identified and downloaded *.swf files, we must analyze the code, the functions (as *loadMovie*) variables in order to identify those that call and allow other types of vulnerabilities such as cross site scripting. Below shows some vulnerable functions: * Once we have identified and downloaded *.swf files, we must analyze the code, the functions (as *loadMovie*) variables in order to identify those that call and allow other types of vulnerabilities such as cross site scripting. Below shows some vulnerable functions:
``` ```
@ -61,8 +61,7 @@ function.getURL,javascript:alert('css')
TextField.html - payload: <img src='javascript:alert("css")//.swf'> TextField.html - payload: <img src='javascript:alert("css")//.swf'>
``` ```
* We could use tools such as **Deblaze** and **SWFIntruder**. We should also * We could use tools such as **Deblaze** and **SWFIntruder**. We should also analyze the parameter AllowScriptAccess, Flash Parameter Pollution or sensitive APIs:
analyze the parameter AllowScriptAccess, Flash Parameter Pollution or sensitive APIs:
``` ```
loadVariables, loadVariblesNum, MovieClip.loadVariables, loadVars.load, loadVars.sendAndLoad loadVariables, loadVariblesNum, MovieClip.loadVariables, loadVars.load, loadVars.sendAndLoad