POC详情: e38a47eeafb838603969f523697b26bf6aa98f06

来源
https://github.com/ikkisoft/ParrotNG
关联漏洞
标题: Adobe Flex SDK跨站脚本漏洞 (CVE-2011-2461)
描述:Adobe Flex SDK 4.6之前的4.x版本以及3.x版本中存在跨站脚本漏洞。远程攻击者可以借助与不同域的模块下载相关的向量注入任意web脚本或者HTML。
描述
ParrotNG is a tool capable of identifying Adobe Flex  applications (SWF) vulnerable to CVE-2011-2461
介绍
# ParrotNG ![ParrotNG Logo](http://i.imgur.com/Ek8SGIit.png "ParrotNG Logo")

ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to [CVE-2011-2461](https://www.adobe.com/support/security/bulletins/apsb11-25.html). For more details, please refer to the slides of our [Troopers 2015 talk](http://www.slideshare.net/ikkisoft/the-old-is-new-again-cve20112461-is-back).

Download the latest release from [HERE](https://github.com/ikkisoft/ParrotNG/releases).

##Features

* Written in Java, based on [swfdump](http://www.swftools.org/swfdump.html)
* One JAR, two flavors: command line utility and [Burp Pro](http://portswigger.net/burp/editions.html) Passive Scanner plugin 
* Detection of SWF files compiled with either a vulnerable Flex SDK version, patched by [Adobe's tool](http://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html) or not affected

##How To Use - Command Line

1. Download the latest ParrotNG from the release page
2. Simply use the following command:
```
$ java -jar parrotng_v0.2.jar <SWF File | Directory>
```
The tool accepts a single SWF file or an entire directory.

![ParrotNG CmdLine](http://i.imgur.com/1JT4CtH.png "ParrotNGCmdLine")

##How To Use - Burp Pro Passive Scanner Plugin

1. Download the latest ParrotNG from the release page
2. Load Burp Suite Professional
3. From the _Extender_ tab in Burp Suite,  add [parrotng_v0.2.jar](https://github.com/ikkisoft/ParrotNG/releases) as a standard Java-based Burp Extension
4. Enable [Burp Scanner Passive Scanning](http://portswigger.net/burp/help/scanner_scanmodes.html)
5. Browse your target web application. All SWF files passing through Burp Suite are automatically analyzed  

![ParrotNG Burp](http://i.imgur.com/thAkkMB.png "ParrotNGBurp")
文件快照

 [4.0K]  /data/pocs/e38a47eeafb838603969f523697b26bf6aa98f06
├── [4.0K]  documents
│   ├── [ 34K]  gpl.txt
│   ├── [1.3K]  readme.txt
│   └── [1.7M]  Troopers 2015 - The old is new, again. CVE-2011-2461 is back!.pdf
├── [ 34K]  LICENSE
├── [1.7K]  README.md
└── [4.0K]  src
    ├── [4.0K]  burp
    │   └── [7.6K]  BurpExtender.java
    └── [4.0K]  org
        └── [4.0K]  nibblesec
            └── [4.0K]  tools
                └── [9.0K]  ParrotNG.java

6 directories, 7 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。