Friday, January 21, 2011

Known Flash-based XSS and Content spoofing Hunter

I just finished compiling a list of known flash XSS exploits in the past and created a fuzz page.

http://yehg.net/lab/pr0js/pentest/flash-xsser.php

Payloads are mixture of XSS and content spoofing via user provided inputs.

Thus, new window approach is used.

Diable your popup blocker and anti-XSS protection while testing.