Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 11

ActiveX Attacks
Http:Host.com/pathToSwf/app.swf? url=javascript: any code
Attack requirement
A flash file (.swf) on the site.
No validation for the url passed to the .swf file.
Attack process
Use JavaScript directly in the url
2017-05-10
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 11