House Cleaning part I: xeyes

2008 September 01

This is something I'd coded up before I started the blog. I hosted it at my other site, but it was shoved in a weird little folder which you had to know about to access.

This is a proof of concept implementation that proves a few things:

  • it's possible to inject arbitrary javascript into the embedding page through ExternalInterface. This seems like it's a huge potential security hole.
  • it's possible to get information about the mouse position into flash even when the mouse cursor isn't on the flash object.
  • Here's the link, still hosted on Source is available there.

    Related tags: poc

    privacy policy
    Sponsored links