Skip to content
/ AdInjector Public

Injects Javascript into the page using Flash to XSS users of ad networks.

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

siyengar/AdInjector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

Pixel.swf

Pixel.swf

 
 

README

README

 
 

compile.bat

compile.bat

 
 

image.jpg

image.jpg

 
 

image.png

image.png

 
 

make.bat

make.bat

 
 

pixel.as

pixel.as

 
 

pixel.bat

pixel.bat

 
 

Repository files navigation

How to beat Ads and XSS people.

This flash swf, injects javascript into the page in which it is loaded in and performs an XSS to the url hardcoded in the flash file.

Many ad networks that accept flash content do not check for this. 
When you upload the swf file to the ad-network, and when it is served to the user, the user will be XSSed.

This is useful when privacy researchers need to do studies of ad networks.
For example a use case could be to answer questions like:

How many ad networks do not embed content directly into the page and not inside iframes thus enabling us to steal user's session information.

About

Injects Javascript into the page using Flash to XSS users of ad networks.

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages