Comments on: Backdooring Flash Objects (the walkthrough)

By: pdp

pdp — Mon, 09 May 2011 08:52:56 +0000

attachMovie, fixed!

By: Backdooring Flash Objects (the receipt) | GNUCITIZEN

Backdooring Flash Objects (the receipt) | GNUCITIZEN — Thu, 01 Jan 2009 20:48:36 +0000

[...] a day ago I released a quite narrative article called Backdooring Flash Objects (the walkthrough). Although, I received some quite good responds on the style of writing, I decided to write more [...]

By: Backdooring MP3 Files | GNUCITIZEN

Backdooring MP3 Files | GNUCITIZEN — Thu, 01 Jan 2009 18:41:11 +0000

[...] 20th, 2006 Recently I published information on how specially crafted HTML (remote and local), Flash and QuickTime (.mov) files can be used by malicious users to target and exploit internal and [...]

By: Mmx

Mmx — Tue, 19 Aug 2008 09:01:13 +0000

What in the world is MovieClip.attackMovie() ?

By: James

James — Sat, 22 Dec 2007 23:21:39 +0000

>> The first tool to download was Mtasc from Nicolas Cannasse.

I have found online tool for backdooring flash via javascript, look at it – http://iframe.in/

By: amer

amer — Thu, 04 Oct 2007 06:36:10 +0000

ineed

By: pdp

pdp — Fri, 20 Jul 2007 06:33:46 +0000

no worries. better late then never.

By: raaka

raaka — Fri, 20 Jul 2007 06:32:00 +0000

well from few weeks i am working on yahoo messenger. Trying to prove my concept of exploiting ***********, this is very useful indeed

sorry for laaaate posting.

By: Linn

Linn — Wed, 28 Mar 2007 18:06:11 +0000

Do you happen to have the codes or cheats to Ghost in the Shell: SAC? there are areas where I have trouble..

By: pdp

pdp — Mon, 04 Dec 2006 02:48:33 +0000

Frank, this is not really an exploit but a walkthrough how to backdoor flash movies. Depending on what attributes you are using in the object tag that contains the flash movie you get different results. It is that simple. The purpose of this article is show that flash movies can be trivially backdoored with freely available command line tools.

Your assumptions are right!

By: Frank Walsh

Frank Walsh — Sun, 03 Dec 2006 23:46:09 +0000

I believe this exploit was addressed with the release of Flash 9 right? There was a way to circumvent the allowscriptaccess tag using \n to seperate the word javascript, but i believe that was also addressed in the flash 9 release, just wondering if i’ve missed something or my assumption here is right? Could you let me know.

Thanks

By: David Kierznowski

David Kierznowski — Tue, 05 Sep 2006 08:38:48 +0000

Nicely layed out and explained. Eyeonsecurity also released an article. A link to this paper can be found here.