Cross Site Content Hijacking Demo!
Cross-Site Content Hijacking PoC
This page has been loaded from "evi1cg.me".
Object File:

Three files have been created for this project: ContentHijacking.swf, and ContentHijacking.xap, ContentHijacking.pdf - Read the help for more information especially about renaming the extension part. A Flash file which is vulnerable to CVE-2011-2461 can also be used.

Type:

Flash is the best possible option. PDF only works with Adobe Reader in IE. Silverlight does not work well when the target is set to another domain.

Target Page:

Page that you want to read its content and it includes sensitive contents.

POST Data:

POST method in reading content request will be used when this field is not empty.


Uncaught TypeError: $(...).backstretch is not a function
Uncaught ReferenceError: Gitalk is not defined



The object will be loaded below for debugging purposes...