House Cleaning part I: xeyes

|

2008 September 01

This is something I'd coded up before I started the cosmodro.me blog. I hosted it at my other site suckatmath.com, but it was shoved in a weird little folder which you had to know about to access.

This is a proof of concept implementation that proves a few things:

  • it's possible to inject arbitrary javascript into the embedding page through ExternalInterface. This seems like it's a huge potential security hole.
  • it's possible to get information about the mouse position into flash even when the mouse cursor isn't on the flash object.

    • Here's the link, still hosted on suckatmath.com. Source is available there.

    http://suckatmath.com/personal/xeyes.html

    Related tags: poc

    Unless otherwise specified, all source code posted on this site is licensed under the GPLv2. Contact me for alternate licensing, including corporate-friendly. steve@cosmodro.me
    privacy policy
    Sponsored links
    Main
    RSS feed

    Categories