Today we're going to test it. When the SWF file passes the argument to the s1.asp in post, and s1.asp has the redirect method go to the S2.asp,s2.asp redirect method to go to the s3.asp, what file does the SWF return the value from?
1. Testing process
ActionScript:
Program code
On (release) {
var myvar = new Loadvars ();
MYVAR.S = "Mzwu";
Myvar.sendandload ("s1.asp", MyVar, "post");
Myvar.onload = function (re) {
if (re) {
T2.text = Myvar.url;
}else{
T2.text = "Load failed!" ";
}
}
}
S1.asp:
Program code
<%
Response.Redirect ("s2.asp?s=" & Request.Form ("S"))
Response.Write ("Url=" & Request.ServerVariables ("url"))
%>
S2.asp:
Program code
<%
Response.Redirect ("s3.asp?s=" & Request.QueryString ("S") & "Back")
Response.Write ("Url=" & Request.ServerVariables ("url"))
%>
S3.asp:
Program code
<%
Response.Write ("Url=" & Request.ServerVariables ("url") & "" & Request.QueryString ("s")
%>
SWF can see the return result is "/s3.asp Mzwu back", it is obvious that this result is produced by s3.asp. Then we can conclude that when there are redirect in multiple pages, the SWF returns the value of the resulting page!
2. Cross-domain access without crossdomain.xml
As we all know, SWF in order to do cross-domain access, in addition to the EXE format, can only be on the server to crossdomain.xml files, but in fact, most cases we need to insert the Flash file into the page (only SWF format) for Cross-domain access, And the domain we do not have permission to operate (cannot be crossdomain.xml files)!
Based on the 1th test results, we can use SWF files, s1.asp, s3.asp on our own servers, s2.asp the files on the access domain. We will test the top file code slightly:
ActionScript:
Program code
On (release) {
var myvar = new Loadvars ();
MYVAR.S = "Mzwu";
Myvar.sendandload ("s1.asp", MyVar, "post");
Myvar.onload = function (re) {
if (re) {
T2.text = Myvar.url;
}else{
T2.text = "Load failed!" ";
}
}
}
S1.asp:
Program code
<%
Response.Redirect ("http://free.66ip.com/test07/s2.asp?s=" & Request.Form ("S"))
Response.Write ("Url=" & Request.ServerVariables ("url"))
%>
S2.asp:
Program code
<%
Response.Redirect ("http://www.mzwu.com/s3.asp?s=" & Request.QueryString ("S") & "Back")
Response.Write ("Url=" & Request.ServerVariables ("url"))
%>
S3.asp:
Program code
<%
Response.Write ("Url=" & Request.ServerVariables ("url") & "" & Request.QueryString ("s")
%>
The result is still "/s3.asp Mzwu back", and it is clear that we have achieved cross-domain access without crossdomain.xml through some means! NET Silver Online Payment realization principle is actually: Enterprise site → online payment interface → Enterprise site, that use Flash to make a payment interface will be very difficult? :)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
