In case Flash no longer exists; a copy of this site is included in the Flashpoint archive's "ultimate" collection.

Dead Code Preservation :: Archived AS3 works from wonderfl.net

jsonp client

In this movie, we access a web API that:
- is hosted on another origin
- does not provide crossdomain.xml
- supports JSONP

We set the callback to "GIF89a" to imitate the file signature of a GIF image. This allows us to use a Loader to access the data instead of a URLLoader, since Loader does not do cross-origin data isolation.
Get Adobe Flash player
by wh0 14 Apr 2012
  • Related works: 1

    • Talk

    NME at 03 Nov 2012 06:26
    Doesn't seem to work in FP 11.4.402.... TypeError: Error #1009
    wh0 at 12 Jul 2014 01:28
    this attack from a few days ago takes JSONP abuse to the next level http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
    makc3d at 13 Jul 2014 01:04
    @wh0 isn't it amazing how the hacker's brain works

    Tags

    api cool crossdomain hack injection json jsonp web
    Embed 
/**
 * Copyright wh0 ( http://wonderfl.net/user/wh0 )
 * MIT License ( http://www.opensource.org/licenses/mit-license.php )
 * Downloaded from: http://wonderfl.net/c/qrHo
 */

package {
    import flash.events.*;
    import flash.display.*;
    import flash.net.*;
    
    import com.bit101.components.*;
    public class FlashTest extends Sprite {
        
        private var wordField:InputText;
        private var rhymeField:Label;
        
        public function FlashTest() {
            wordField = new InputText(this, 10, 10, 'finance');
            wordField.height = 20;
            new PushButton(this, 120, 10, 'rhyme', rhymeClick);
            rhymeField = new Label(this, 10, 40);
            loaderInfo.uncaughtErrorEvents.addEventListener(UncaughtErrorEvent.UNCAUGHT_ERROR, function (e:UncaughtErrorEvent):void { rhymeField.text = e.error; });
            rhymeClick(null);
        }
        
        private function rhymeClick(e:MouseEvent):void {
            var word:String = wordField.text;
            rhymeField.text = 'loading';
            var ur:URLRequest = new URLRequest('http://rhymebrain.com/talk?function=getRhymes&word=' + encodeURIComponent(word) + '&maxResults=25&jsonp=GIF89a');
            hax(ur, function (response:String):void {
                var json:String = response.substr(7, response.length - 10);
                var rhymes:Array = JSON.parse(json) as Array;
                var words:Array = [];
                for each (var rhyme:Object in rhymes) words.push(rhyme.word);
                rhymeField.text = words.join('\n');
            });
        }
        
    }
}

import flash.net.URLRequest;
import flash.display.Loader;
import flash.events.Event;
import flash.utils.ByteArray;

internal function hax(request:URLRequest, callback:Function):void {
    var l:Loader = new Loader();
    l.contentLoaderInfo.addEventListener(Event.COMPLETE, function (e:Event):void {
        // nb: the data comes wrapped in a SWF file
        var swf:ByteArray = e.target.bytes;
        swf.position = 48;
        callback(swf.readUTFBytes(e.target.bytesLoaded));
    });
    l.load(request);
}