Penetration Testing mailing list archives
Re: pen testing flash games.
From: Gasior <gasior () sky pl>
Date: Mon, 25 Jun 2007 08:55:01 +0200
Depending on the communication method Flash games uses, simply sniffing HTTP requests could be not enough. Try ServiceCapture http://kevinlangdon.com/serviceCapture/ I don't know if you can exploit vulnerabilities of flash, but you could try to mess with communication and game logic. Flash games are too often poorly secured, so you can try to change highscores etc. Perhaps some of the data is put in sql queries so you can try sql injection. Best regards Gasior zimblyzuper () gmail com wrote:
Dear all I am doing a pentest on a gaming website which has mostly online flash games. There are known vulnerabilities in flash but i dont know how to execute them. In the website, there are also some downloadable games which have to be purchased after downloading. Theese games also send info such as high scores to the server. Can somebody tell me how to exploit the vulnerabilities of flash? and is there any intercepting proxy which can trap requests and responses of applications such as games, media players, gtalk etc. Please advice.
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: pen testing flash games. Jerome Athias (Jun 23)
- Re: pen testing flash games. Nathan Bijnens (Jun 24)
- Re: pen testing flash games. Noah (Jun 25)
- Re: pen testing flash games. bugtraq (Jun 26)
- <Possible follow-ups>
- Re: pen testing flash games. Gasior (Jun 25)
- Re: pen testing flash games. Jay (Jun 25)
- Re: pen testing flash games. Sir Mordred (Jun 25)
- Re: pen testing flash games. atrysk (Jun 27)