Closed tifkin- closed 10 years ago
Hi @tifkin- , few things to keep you in loop
We will stick to this thread for discussion & we will try to resolve it soon
Solution which I have in my mind is to fuzz using various types of data, but this will be tricky. Any thoughts?
Yeah, fuzzing multiple types of input sounds like the easiest way to go.
Another idea (just brainstorming here) is to create a list of type-coercion sinks and then if FlashBang detects that a parameter is passing through a type-coercion sink, it can change the fuzzer to conform to the expected type. For example, in ZeroClipboard the with and height parameters both pass through Math.floor(the type-coercion sink), therefore they must be numbers.
I got inconsistent results scanning this swf. RIght now it seems to only detect FlashVars but no sinks. Initially it wasn't detecting anything.
Link to swf https://docs.google.com/file/d/0B-4ZVWytXXbCbVJfcmZZaEFtbVU
Vulnerability overview: https://github.com/zeroclipboard/zeroclipboard/issues/14