Soroush Dalili (@irsdl) Blog

A web application security ninja 🥷, a semicolon enthusiast!

Skip to content

Home
Advisories
Privacy Policy
Bug Bounty Invites!
SecProject

Tag Archives: flash xss

Flash it baby!

A guideline for penetration testers to find vulnerabilities in Flash files was presented in BSides Manchester 2016.

The slides can be found at:

Flash it baby! from Soroush Dalili

The PowerPoint file can be downloaded from:

https://soroush.secproject.com/downloadable/flash_it_baby_v2.0.pptx

This entry was posted in Security Posts and tagged flash, flash xss, swf on October 1, 2016 by Soroush Dalili.

Post navigation

← Older posts

Twitter
GitHub
LinkedIn

Search

MongoDB NoSQL Injection with Aggregation PipelinesJune 23, 2024
Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899 & CVE-2023-36560)August 8, 2023
Anchor Tag XSS Exploitation in Firefox with Target=”_blank”August 1, 2023
Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure!July 31, 2023
My MDSec Blog Posts so far in 2020/2021!October 31, 2020
File Upload Attack using XAMLX FilesSeptember 21, 2019
Uploading web.config for Fun and Profit 2August 15, 2019
IIS Application vs. Folder Detection During Blackbox TestingJuly 9, 2019
Danger of Stealing Auto Generated .NET Machine KeysMay 10, 2019
x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again!May 4, 2019
Exploiting Deserialisation in ASP.NET via ViewStateApril 23, 2019
Yet Other Examples of Abusing CSRF in LogoutApril 23, 2019
How to win BIG and even more!April 17, 2019
Finding and Exploiting .NET Remoting over HTTP using DeserialisationMarch 26, 2019
More research on .NET deserializationDecember 19, 2018
Feel honoured to be there again after 8 years: Top 10 Web Hacking Techniques of 2017December 19, 2018
Story of my two (but actually three) RCEs in SharePoint in 2018December 19, 2018
ASP.NET resource files (.RESX) and deserialization issuesAugust 12, 2018
MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint OnlineAugust 12, 2018
WAF Bypass Techniques – Using HTTP Standard and Web Servers’ BehaviourAugust 12, 2018

Archives

Blog Tags

REDDIT Web Security Research

Attacks via a New OAuth flow, Authorization Code Injection, and Whether HttpOnly, PKCE, and BFF Can Help April 10, 2025 /u/anador
GraphQL hacking: passing URL-encoded query parameters. March 30, 2025 /u/Moopanger
Next.js and the corrupt middleware: the authorizing artifact March 24, 2025 /u/albinowax
Next.js Authentication Bypass Vulnerability (CVE-2025-29927) Explained Simply March 23, 2025 /u/Available_Spell_5915
Discourse Backup Disclosure: Rails/nginx send_file Quirk March 20, 2025 /u/albinowax
SAML roulette: the hacker always wins March 18, 2025 /u/albinowax
Attempted Research in PHP Class Pollution February 27, 2025 /u/siunam_
Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain February 26, 2025 /u/UnbiasedPeeledPotato
Shadow Repeater:AI-enhanced manual testing February 21, 2025 /u/albinowax
Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108) February 13, 2025 /u/albinowax

Reddit netsec Channel Feed

Question about session-based cookies vs session-based tokens vs session based api keys April 12, 2025
Azure Managed Identities resource (background, attacker and defender perspective) April 12, 2025
Critical Wallet Bugs Expose Users to Silent Crypto Drains April 12, 2025
French newsletter with technical articles and tools April 12, 2025
Uncovering a 0-Click RCE in the SuperNote Nomad E-ink Tablet April 11, 2025

Exploit-DB Feed

[webapps] MiniCMS 1.1 - Cross Site Scripting (XSS)
[webapps] Nagios Log Server 2024R1.3.1 - API Key Exposure
[webapps] phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
[hardware] ABB Cylon FLXeon 9.3.4 - Default Credentials
[hardware] ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure

Privacy Policy Proudly powered by WordPress