We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
不理解为什么 第三方网站 用<embed 方式加载 目标网站的jpg,运行的flash是以目标网站的域下发起 get请求的
The text was updated successfully, but these errors were encountered:
你应该是理解错了, 是不是以为把swf传到其他服务器上
Sorry, something went wrong.
比如访问:1.qq.com/crossdomain.xml 内容如下: <cross-domain-policy> <allow-access-from domain="*.qq.com"/> <allow-access-from domain="*.gtimg.com"/> </cross-domain-policy>
1.qq.com内容就可以进行flash劫持.
条件: 1.需要在*.qq.com,*.gtimg.com 寻找一个上传图片的功能 , 上传swf文件 , 可以使用jpg格式 2.把payload放在任意一个网站里面文件为html,访问即可被劫持.ie默认支持flash
如还有问题,可以通过主页添加我微信
No branches or pull requests
不理解为什么
第三方网站 用<embed 方式加载 目标网站的jpg,运行的flash是以目标网站的域下发起 get请求的
The text was updated successfully, but these errors were encountered: