Upload the file of trap II pure alphanumeric. swf is a vulnerability?- Vulnerability warning-the black bar safety net

0x00 background In a previous uploaded file trap , the author mentioned for flash cross-domain data hijacking,sometimes does not need us to upload a file. Because we can simply use the JSONP interface,the flash content is assigned to the callback to be used. Just like in the comments@Sogili...

Upload the file of trap-vulnerability warning-the black bar safety net

0x00 background Now many sites allow users to upload files, but they didn't realize that allow the user or attacker to upload files or even the legitimate files of the trap. What is a legitimate file? Generally, to determine whether the file is legitimate through two parameters: the file suffix,...