| 1 | <html> |
|---|
| 2 | <head> |
|---|
| 3 | <title>Arbitrary Flashvar injection</title> |
|---|
| 4 | <script src="files/swfobject.js"></script> |
|---|
| 5 | <script src="files/jquery.js"></script> |
|---|
| 6 | |
|---|
| 7 | <script type="text/javascript"> |
|---|
| 8 | $(document).ready(function() { |
|---|
| 9 | $.extend({ |
|---|
| 10 | getVars: function() { |
|---|
| 11 | window.top.location.search.replace(/\??(?:([^=]+)=([^&]*)&?)/g,function () { |
|---|
| 12 | if(arguments[1] == 'player') { |
|---|
| 13 | $("#players").val(decodeURIComponent(arguments[2])); |
|---|
| 14 | } |
|---|
| 15 | if(arguments[1] != 'debug') { |
|---|
| 16 | $_GET[decodeURIComponent(arguments[1])] = decodeURIComponent(arguments[2]); |
|---|
| 17 | } |
|---|
| 18 | }); |
|---|
| 19 | if (!($("#players").val()) && !($_GET['player'])) { |
|---|
| 20 | $("#players").val('v5'); |
|---|
| 21 | } |
|---|
| 22 | }, |
|---|
| 23 | |
|---|
| 24 | setupPlayer: function() { |
|---|
| 25 | var height = $_GET['height'] ? $_GET['height'] : 300; |
|---|
| 26 | var width = $_GET['width'] ? $_GET['width'] : 420; |
|---|
| 27 | |
|---|
| 28 | $('#preview').css('height',height); |
|---|
| 29 | $('#preview').html('<div id="container"></div>'); |
|---|
| 30 | swfobject.embedSWF( |
|---|
| 31 | $('#players').val() ? $('#players').val() : $_GET['player'], |
|---|
| 32 | 'container', |
|---|
| 33 | width, |
|---|
| 34 | height, |
|---|
| 35 | '9.0.0', |
|---|
| 36 | null, |
|---|
| 37 | $_GET, |
|---|
| 38 | {allowfullscreen:'true',allowscriptaccess:'always'}, |
|---|
| 39 | {id:'player', name:'player'} |
|---|
| 40 | ); |
|---|
| 41 | }, |
|---|
| 42 | |
|---|
| 43 | setupForm: function() { |
|---|
| 44 | for(var i in $_GET) { |
|---|
| 45 | if($_GET[i]) { |
|---|
| 46 | $("#flashvars").text($("#flashvars").text() + i + "=" + $_GET[i] + "\n"); |
|---|
| 47 | } |
|---|
| 48 | } |
|---|
| 49 | } |
|---|
| 50 | }); |
|---|
| 51 | |
|---|
| 52 | $("#theForm").submit(function() { |
|---|
| 53 | var url = window.top.location.pathname + "?player=" + $("#players :selected").text(); |
|---|
| 54 | $("#flashvars").val().replace(/(.+)=(.+)\n?/g, function() { |
|---|
| 55 | url += "&" + arguments[1] + "=" + encodeURIComponent(arguments[2]); |
|---|
| 56 | }); |
|---|
| 57 | |
|---|
| 58 | window.top.location.href = url; |
|---|
| 59 | return false; |
|---|
| 60 | }); |
|---|
| 61 | |
|---|
| 62 | var $_GET = {}; |
|---|
| 63 | $.getVars(); |
|---|
| 64 | $.setupPlayer(); |
|---|
| 65 | $.setupForm(); |
|---|
| 66 | }); |
|---|
| 67 | UncaughtReferenceError(); |
|---|
| 68 | </script> |
|---|
| 69 | |
|---|
| 70 | </head> |
|---|
| 71 | <body> |
|---|
| 72 | <div id="preview">This will be replaced</div> |
|---|
| 73 | <form id="theForm"> |
|---|
| 74 | <fieldset> |
|---|
| 75 | <label>Player</label> |
|---|
| 76 | <select id="players"> |
|---|
| 77 | <option value=''></option> |
|---|
| 78 | <option value='../trunk/fl5/player.swf'>v5</option> |
|---|
| 79 | <option value='../tags/mediaplayer-5.5/player.swf'>5.5</option> |
|---|
| 80 | <option value='../tags/mediaplayer-5.4/player.swf'>5.4</option> |
|---|
| 81 | <option value='../tags/mediaplayer-5.3/player.swf'>5.3</option> |
|---|
| 82 | <option value='../tags/mediaplayer-5.2/player.swf'>5.2</option> |
|---|
| 83 | <option value='../tags/mediaplayer-5.1/player.swf'>5.1</option> |
|---|
| 84 | <option value='../tags/mediaplayer-5.0/player.swf'>5.0</option> |
|---|
| 85 | <option value=''></option> |
|---|
| 86 | <option value='../trunk/as3/player.swf'>v4</option> |
|---|
| 87 | </select> |
|---|
| 88 | </fieldset> |
|---|
| 89 | <fieldset> |
|---|
| 90 | <textarea id="flashvars" style="width:700; height: 300;"></textarea> |
|---|
| 91 | </fieldset> |
|---|
| 92 | <input type="submit" value="Update" /> |
|---|
| 93 | </form> |
|---|
| 94 | </body> |
|---|
| 95 | </html> |
|---|
