Soroush Dalili (@irsdl) Blog

A web application security ninja šŸ„·, a semicolon enthusiast!

Skip to content
  • Home
  • Advisories
  • Privacy Policy
  • Bug Bounty Invites!
  • Work

Flash it baby!

A guideline for penetration testers to find vulnerabilities in Flash files was presented in BSides Manchester 2016.

The slides can be found at:

Flash it baby! from Soroush Dalili

The PowerPoint file can be downloaded from:

https://soroush.secproject.com/downloadable/flash_it_baby_v2.0.pptx

This entry was posted in Security Posts and tagged flash, flash xss, swf on October 1, 2016 by Soroush Dalili.

Post navigation

← Common Security Issues in Web-Based Payment Systems (& Gambling Apps) CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers →
  • Twitter
  • GitHub
  • LinkedIn
  • Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899)August 8, 2023
  • Anchor Tag XSS Exploitation in Firefox with Target=”_blank”August 1, 2023
  • Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure!July 31, 2023
  • My MDSec Blog Posts so far in 2020/2021!October 31, 2020
  • File Upload Attack using XAMLX FilesSeptember 21, 2019
  • Uploading web.config for Fun and Profit 2August 15, 2019
  • IIS Application vs. Folder Detection During Blackbox TestingJuly 9, 2019
  • Danger of Stealing Auto Generated .NET Machine KeysMay 10, 2019
  • x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again!May 4, 2019
  • Exploiting Deserialisation in ASP.NET via ViewStateApril 23, 2019
  • Yet Other Examples of Abusing CSRF in LogoutApril 23, 2019
  • How to win BIG and even more!April 17, 2019
  • Finding and Exploiting .NET Remoting over HTTP using DeserialisationMarch 26, 2019
  • More research on .NET deserializationDecember 19, 2018
  • Feel honoured to be there again after 8 years: Top 10 Web Hacking Techniques of 2017December 19, 2018
  • Story of my two (but actually three) RCEs in SharePoint in 2018December 19, 2018
  • ASP.NET resource files (.RESX) and deserialization issuesAugust 12, 2018
  • MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint OnlineAugust 12, 2018
  • WAF Bypass Techniques – Using HTTP Standard and Web Serversā€™ BehaviourAugust 12, 2018
  • SMB hash hijacking & user tracking in MS OutlookAugust 12, 2018

Blog Tags

  • .Net Framework
  • Anti-XSS bypass
  • AntiXSS bypass
  • ASP.NET
  • bug bounty
  • bugbounty
  • bypass
  • Challenge
  • deserialisation
  • deserialization
  • ecommerce
  • ExternalInterface
  • ExternalInterface.call
  • file upload
  • file upload bypass
  • file uploader bypass methods
  • file uploader security bypass
  • financial
  • flash
  • flash xss
  • guideline
  • iis
  • IIS File Extension Security Bypass
  • iis short file name
  • IIS Tilde bug
  • IIS tilde feature
  • IIS tilde vulnerability
  • jar protocol
  • machine.config
  • machinekey
  • penetration testing
  • RCE
  • request encoding
  • sharepoint
  • Short name scanner
  • Unrestricted File Download
  • Unrestricted File Upload
  • viewstate
  • waf
  • WAF bypass
  • web.config
  • weblogs
  • XSS
  • XSS Vulnerability
  • ysoserial.net

RSS REDDIT Web Security Research

  • Exploiting ASP.NET TemplateParser - Sitecore / SharePoint October 2, 2023 /u/albinowax
  • Columbus Project - Advanced subdomain enumeration service September 12, 2023 /u/g0rbe
  • MyBB Admin Panel RCE CVE-2023-41362 (ReDoS, Type Juggling) September 11, 2023 /u/D1551D3N7
  • Parser differential XSS in Proton Mail September 6, 2023 /u/albinowax
  • The Great Regex Type Juggle Adventure: Exploring PHP Type Juggling Issues That Lead To Regex Validation Bypasses August 31, 2023 /u/TheCrazyAcademic
  • MyBB ACP Templates RCE via PHP Regular Expression Resource Exhaustion August 30, 2023 /u/TheCrazyAcademic
  • mTLS: When certificate authentication is done wrong August 21, 2023 /u/agrrrdog
  • Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing August 18, 2023 /u/melbournefuzzinghub
  • Lobster.rs Password Reset WHERE Clauses Timing Attack August 16, 2023 /u/TheCrazyAcademic
  • Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects and Client Side Open Redirects More Indepth August 11, 2023 /u/TheCrazyAcademic

RSS Reddit netsec Channel Feed

  • Microsoft Defender flags Tor Browser as a Trojan and removes it from the system October 2, 2023
  • Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae October 2, 2023
  • cloudgrep: cloudgrep is grep for cloud storage October 2, 2023
  • r-tec Blog | .NET Assembly Obfuscation for Memory Scanner Evasion October 2, 2023
  • The Marvin Attack October 2, 2023

RSS Exploit-DB Feed

  • [webapps] Wp2Fac - OS Command Injection
  • [webapps] Wordpress Plugin Elementor 3.5.5 - Iframe Injection
  • [remote] GOM Player 2.3.90.5360 - Remote Code Execution (RCE)
  • [webapps] soosyze 2.0.0 - File Upload
  • [remote] Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

Privacy Policy Proudly powered by WordPress