Jump to content

Flash login vulnerabilities


DingleBerries
 Share

Recommended Posts

First, I do not take responsibility for the stupid shit you might do with this. If you "own" a website be prepared to accept any consequences that may lay hereinafter. Just beacuse you can doesnt mean you should. This is an education tutorial to show you why you shouldnt use this type of validation/login on your websites. With that being said here we go.

Setup:

Web Browser - FireFox, Download Them All, Lots of Proxies

Software - Flash Decompiler

Google dork - allinurl:login filetype:swf

VM - No interenet access while we work on the .swf(paranoia)

Step 1. Make sure your shits secured. Tor alone isnt enough, there are ways to grab your real ip. I reccomend disabling cookies, reffers, JS, Java, and Flash. Use download them all and filter your downloads with other urls and different methods(will not go into that).

Step 2. Grab that .swf. Dont go to any .gov site and try to hack it, can you say V A N? So start to with a free one some where for pratice.

Step 3. Decompile is and look for the pass(in script section)... That easy

Other things you can do? Does is send commands to another script? Maybe some sql injection? An open dir? You be the judge. There are alot of things that these little files can do.

BTW this is old news and most sites have it fixed or use come other type of verification(of which you can see when decompiled)...

Link to comment
Share on other sites

Not to rain on your parade, but aren't most of these going to be grabbing the information from a database on their server. What flash login app is goign to put a user name and password into the compiled swf file? They should all be grabbing or comparing this information with data stored on the site, not in the flash app.

Link to comment
Share on other sites

Not to rain on your parade, but aren't most of these going to be grabbing the information from a database on their server. What flash login app is goign to put a user name and password into the compiled swf file? They should all be grabbing or comparing this information with data stored on the site, not in the flash app.

BTW this is old news and most sites have it fixed or use come other type of verification(of which you can see when decompiled)...

One i did today.

51363580.png

What people should be doing and ARE doing are usually two different things... However this is good information. By decompiling the swf you do not have to monitor headers to see what data is being sent and how. Just depends on what you want to do really.

Link to comment
Share on other sites

I like when they use if then else satements to verify users, but leave the payload URL in the file, so you can just pick where it woudl send you if you had the correct info, bypassing the need for name and password.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...