The two main tools for hacking Flash are the
Motion-Twin ActionScript Compiler (MTASC), and no|wrap??™s Flare ActionScript
decompiler.
MTASC compiles Flash versions 6, 7, and 8 Flash binaries (also referred to as SWFs,
Flash movies, and Flash applications). MTASC is available at www.mtasc.org.
A simple hacker??™s ???Hello World,??? or more appropriately, ???Hack World,??? in Flash
looks like this:
class HackWorld {
static function main(args) {
var attackCode : String = "alert(1)";
getURL("javascript:" + attackCode);
}
}
Of course, a malicious user could place arbitrary JavaScript in attackCode. Similar
to examples in Chapter 2, here we assume the attack code is simply alert(1). However,
alert(1) just proves that you can execute arbitrary JavaScript. See Chapters 2 and 4 for
more information on malicious JavaScript.
228 Hacking Exposed Web 2.0
To compile HackWorld, install MTASC, save the preceding source code as HackWorld
.as, and compile it with this:
mtasc -swf HackWorld.swf -main -header 640:480:20 -version 7 HackWorld.as
This creates an SWF version 7 binary file, HackWorld.swf.
An attacker could use this SWF for XSS by injecting the following HTML on a
vulnerable site: