Cross Site Content Hijacking Demo!
Cross-Site Content Hijacking PoC
This page has been loaded from "%domain%".
Object File:

Three files have been created for this project: ContentHijacking.swf, and ContentHijacking.xap, ContentHijacking.pdf - Read the help for more information especially about renaming the extension part. A Flash file which is vulnerable to CVE-2011-2461 can also be used.


Flash is the best possible option. PDF only works with Adobe Reader in IE. Silverlight does not work well when the target is set to another domain.

Target Page:

Page that you want to read its content and it includes sensitive contents.

POST Data:

POST method in reading content request will be used when this field is not empty.

The object will be loaded below for debugging purposes...