The RoLLing cOde

Rumor, crap and –un–original

Cross-domain bug inside ActionScript 2.0

leave a comment »

I believe it’s a bug: you turned off security check, it still tells you there’s a security violation when two swf read varibles from each other in certain way; however you end up finding that’s only a warning, you can still do it as is.

a.fla:

import System.security;
System.security.allowDomain("*");
function onLoadInit( mc:MovieClip ){
 mc.test({test:"test"});
}
mcl = new MovieClipLoader();
mcl.addListener( this );
mcl.loadClip( "http://127.0.0.1/b.swf?"+Math.random(),
 this.createEmptyMovieClip( "_container", this.getNextHighestDepth() ) );

b.fla:

import System.security;
System.security.allowDomain("*");
function test(o) {
 trace("test func");
 for(var i in o) { // violation happen here before any trace() below
 trace(i);
 }
}

Type http://localhost/a.swf, now you’ll get the buggy dump in log.In fact, there are an other couple of way to reproduce this, such as read/write an undefined member in a cross-domain object.

Written by freewizard

2008-09-04 at 06:15

Posted in Crap

Tagged with

« This blog has been switched to AppEngine
Cross-domain classes in ActionScript 2.0 »

Leave a Reply


To prove you're a person (not a spam script), type the answer to the math equation shown in the picture.
Anti-spam equation