This is very similar to my DerbyCon talk, however it is 20 minutes longer which gave me time to walk through how to go from finding this vulnerability to exploiting it, including showing the audience how to create a POC SWF. Also, I released SWF-Server, which will give you everything you need to create your own SWF to exploit this vulnerability.
Download the project here: https://github.com/sethsec/crossdomain-exploitation-framework
No comments:
Post a Comment