The return of XSS
We've already covered XSS in Chapter 3, Cross-Site Scripting (XSS), but here, we'll have a few more techniques related to XSS in the form of malicious file uploads. There are different file formats, which when allowed, can execute arbitrary JavaScript. Let's go through some of them.
SWF – the flash
There are certain cases when .swf files are allowed to upload. In this case, we can craft an
ActionScript code to execute JS, compile it, and then upload it on the vulnerable website to achieve XSS capability.
The following is an
ActionScript2 (AS2) code which uses the getURL() function to execute JS when run in a browser with Adobe Flash Player:
class XSS { static var app: XSS; function XSS() { var xss = "javascript:alert(\"SWF-based XSS: \"+document.domain)"; getURL(xss, "_self"); } static function main(mc) { app = new XSS(); }}
To compile this code into a .swf file, we'll use a cross-platform ActionScript2 compiler known as mtasc. It is...
