Flash XSS on typewrite_header.swf

Published on

Our lab found a interesting XSS on a .swf file that we later discover was mainly used on phishing websites. Source code of typewrite_header.swf: //———————————————————————- //Frame 3 //———————————————————————- gotoAndPlay (2); //———————————————————————- //Frame 1 //———————————————————————- var q = 1; var myurl = “http://xxxxxxxxxxxxxxxxxxxxxxxxx/”; var mytext1 = _root.thetitle; var mytext2 = _root.thestrap; _global.mytext = ((“” + mytext1) … Continue reading Flash XSS on typewrite_header.swf