Soroush Dalili (@irsdl) Blog

A web application security ninja šŸ„·, a semicolon enthusiast!

Skip to content
  • Home
  • Advisories
  • Privacy Policy
  • Bug Bounty Invites!
  • SecProject

Flash it baby!

A guideline for penetration testers to find vulnerabilities in Flash files was presented in BSides Manchester 2016.

The slides can be found at:

Flash it baby! from Soroush Dalili

The PowerPoint file can be downloaded from:

https://soroush.secproject.com/downloadable/flash_it_baby_v2.0.pptx

This entry was posted in Security Posts and tagged flash, flash xss, swf on October 1, 2016 by Soroush Dalili.

Post navigation

← Common Security Issues in Web-Based Payment Systems (& Gambling Apps) CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers →
  • Twitter
  • GitHub
  • LinkedIn
  • MongoDB NoSQL Injection with Aggregation PipelinesJune 23, 2024
  • Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899 & CVE-2023-36560)August 8, 2023
  • Anchor Tag XSS Exploitation in Firefox with Target=”_blank”August 1, 2023
  • Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure!July 31, 2023
  • My MDSec Blog Posts so far in 2020/2021!October 31, 2020
  • File Upload Attack using XAMLX FilesSeptember 21, 2019
  • Uploading web.config for Fun and Profit 2August 15, 2019
  • IIS Application vs. Folder Detection During Blackbox TestingJuly 9, 2019
  • Danger of Stealing Auto Generated .NET Machine KeysMay 10, 2019
  • x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again!May 4, 2019
  • Exploiting Deserialisation in ASP.NET via ViewStateApril 23, 2019
  • Yet Other Examples of Abusing CSRF in LogoutApril 23, 2019
  • How to win BIG and even more!April 17, 2019
  • Finding and Exploiting .NET Remoting over HTTP using DeserialisationMarch 26, 2019
  • More research on .NET deserializationDecember 19, 2018
  • Feel honoured to be there again after 8 years: Top 10 Web Hacking Techniques of 2017December 19, 2018
  • Story of my two (but actually three) RCEs in SharePoint in 2018December 19, 2018
  • ASP.NET resource files (.RESX) and deserialization issuesAugust 12, 2018
  • MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint OnlineAugust 12, 2018
  • WAF Bypass Techniques – Using HTTP Standard and Web Serversā€™ BehaviourAugust 12, 2018

Blog Tags

  • .Net Framework
  • Anti-XSS bypass
  • AntiXSS bypass
  • ASP.NET
  • bug bounty
  • bugbounty
  • bypass
  • Challenge
  • deserialisation
  • deserialization
  • ecommerce
  • ExternalInterface
  • ExternalInterface.call
  • file upload
  • file upload bypass
  • file uploader bypass methods
  • file uploader security bypass
  • financial
  • flash
  • flash xss
  • guideline
  • iis
  • IIS File Extension Security Bypass
  • iis short file name
  • IIS Tilde bug
  • IIS tilde feature
  • IIS tilde vulnerability
  • jar protocol
  • machine.config
  • machinekey
  • penetration testing
  • RCE
  • request encoding
  • sharepoint
  • Short name scanner
  • SQL Injection
  • Unrestricted File Download
  • Unrestricted File Upload
  • viewstate
  • waf
  • WAF bypass
  • web.config
  • XSS
  • XSS Vulnerability
  • ysoserial.net

RSS REDDIT Web Security Research

  • Python Dirty Arbitrary File Write to RCE via Writing Shared Object Files Or Overwriting Bytecode Files April 29, 2025 /u/siunam_321
  • Modern Cross-Site WebSocket Hijacking Exploitation April 22, 2025 /u/albinowax
  • Attacks via a New OAuth flow, Authorization Code Injection, and Whether HttpOnly, PKCE, and BFF Can Help April 10, 2025 /u/anador
  • GraphQL hacking: passing URL-encoded query parameters. March 30, 2025 /u/Moopanger
  • Next.js and the corrupt middleware: the authorizing artifact March 24, 2025 /u/albinowax
  • Next.js Authentication Bypass Vulnerability (CVE-2025-29927) Explained Simply March 23, 2025 /u/Available_Spell_5915
  • Discourse Backup Disclosure: Rails/nginx send_file Quirk March 20, 2025 /u/albinowax
  • SAML roulette: the hacker always wins March 18, 2025 /u/albinowax
  • Attempted Research in PHP Class Pollution February 27, 2025 /u/siunam_
  • Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain February 26, 2025 /u/UnbiasedPeeledPotato

RSS Reddit netsec Channel Feed

  • The Chromium Security Paradox May 3, 2025
  • Inside the Latest Espionage Campaign of Nebulous Mantis May 1, 2025
  • Hijacking NodeJSā€™ Jenkins Agents For Code Execution and More April 30, 2025
  • AiTM for WHFB persistence April 30, 2025
  • Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI April 30, 2025

RSS Exploit-DB Feed

  • [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
  • [local] ZTE ZXV10 H201L - RCE via authentication bypass
  • [local] Daikin Security Gateway 14 - Remote Password Reset
  • [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
  • [local] unzip-stream 0.3.1 - Arbitrary File Write

Privacy Policy Proudly powered by WordPress