mikispag/rosettaflash mikispag/rosettaflash

  • Stars
    star
    110
  • Rank 316,770 (Top 7 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 10 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mikispag/rosettaflash
github

mikispag

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool for manipulating SWF files, leveraging zlib to craft alphanumeric-only valid SWF files in order to allow CSRF with SOP bypass thanks to JSONP abuse.

Rosetta Flash (CVE-2014-4671)

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.

Slides: https://poc.miki.it/RosettaFlash/RosettaFlash.pdf

Writeup: https://blog.miki.it/2014/7/8/abusing-jsonp-with-rosetta-flash/

Contact me: https://miki.it/contact

Build instructions

To get the code:

$ go get github.com/mikispag/rosettaflash

Then, get into $GOPATH/github.com/mikispag/rosettaflash and use the go build command to compile.

More Repositories

1

bitiodine

A Rust Bitcoin blockchain parser with clustering capabilities, allowing to group together addresses in ownership clusters. Please contact @mikispag if interested in using BitIodine for any real-world use case.
Rust
160
star
2

dns-rebinding-PoC

DNS rebinding is powerful: how to steal WiFi passwords by just tricking a victim into visiting a website, thanks to that fancy Bang & Olufsen speaker.
HTML
81
star
3

dns-over-tls-forwarder

A simple, fast DNS-over-TLS forwarding server with hybrid LRU/MFA caching written in Go.
Go
39
star
4

googlevoice-scraper

A quick and dirty bash script that queries Google for available area codes, then downloads (most of) available numbers, and finally grep's the hell of out them, finding cool numbers.
Shell
33
star
5

arduino-WakeOnLan

A native UDP WakeOnLAN (WOL) Arduino implementation.
10
star
6

arduino-theremin

A simple, minimalistic Arduino-based piano-theremin.
9
star
7

UICThesis-Template

UIC MSc Thesis in Computer Science - Template
5
star
8

userscripts

My userscripts (Greasemonkey, Violentmonkey, Tampermonkey, ...).
JavaScript
2
star
9

hetzner-auction-hunter

Print Hetzner server auctions satisfying custom parameters.
Go
1
star
10

OriginCheck

Python script to check how web servers and web apps react to unexpected extra Origin headers in requests.
Python
1
star
11

eth-node-healthcheck

A simple Ethereum node healthcheck service written in Go.
Go
1
star