Ameba Ownd

アプリで簡単、無料ホームページ作成

Lionel Charles's Ownd

Is it safe to download an swf file

2021.12.17 22:04






















And if you have a server configuration that allows you to download server-side code, you've got bigger problems. Further, in the authentication step, you hopefully take steps to ensure the file is being called from your server.


The swf isn't stored in the php file on the server side, but on the client side it is. When someone views your site, the web server will send their browser a file called "fakeswf.


The user can simply rename that file. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Who owns this outage? Building intelligent escalation chains for modern SRE. Podcast Who is building clouds for the independent developer? Featured on Meta. Now live: A fully responsive profile. Reducing the weight of our footer. Linked 0. Related 1. Hot Network Questions. Question feed.


Stack Overflow works best with JavaScript enabled. Accept all cookies Customize settings. Learn more. Is it dangerous to serve user-uploaded Flash SWF files? Ask Question. Asked 6 years, 9 months ago. Active 6 years, 9 months ago. Viewed 3k times. Is this a bad idea? Is there a way to do this safely? What are the worst things that can happen, both to my servers and to visitors of my site?


What precautions can I take to mitigate these issues? Improve this question. Alex Grin Alex Grin 1 1 silver badge 4 4 bronze badges. You can think of my service a site builder, similar to wix. Users can upload content that will be shown on their site. Some users want to have Flash content on their site. Ah, ok. Then the potential problems of uploading a malicious swf file rests on their shoulders.


Is content specific to user site only or it can be published publicly for all users? If not, Legitimate users could be affected if a non-legitimate user uploads a malicious file. Good point. There is some crossover. One user can create a blog post on their site that will be aggregated to other sites in their "network". Add a comment. Active Oldest Votes.


Improve this answer. Kevin Yu Kevin Yu 5 5 bronze badges. Older versions contain vulnerabilities, not exploits, per se. Steve Sether Steve Sether Bring up the "Find" search bar. Type in swf. Doing so will highlight each instance of "SWF" appearing in the source code. Find the address for the SWF file. Scroll through the source code to review the highlighted "SWF" options.


Copy the SWF file's address. Since Chrome doesn't let you select an individual line of text, you may have to copy an entire block of code. Paste the address into Chrome's address bar. Since you copied an entire block of code, you'll need to remove the code before and after the address before proceeding.


Doing so will prompt the SWF file to download onto your computer. Wait for the SWF file to download. Once it's on your computer, you can proceed. If prompted, click Keep on the prompt warning you that SWF files can harm your computer. You may also have to select a save location. Method 3. Open Microsoft Edge. Click or double-click the Edge app icon, which resembles either a dark-blue "e" or a white "e" on a dark-blue background.


If the game doesn't immediately load, click the puzzle piece-shaped Flash icon in the address bar, then click the Enable or Allow prompt to enable Flash and reload the page. It's in the upper-right side of the window. Click Developer Tools. This is in the drop-down menu. Doing so opens the Developer Tools pane on the right side of the page. You might want to reduce the right side of the pane by clicking and dragging right the scroll bar in the middle of the pane.


This will make searching the Elements tab easier. It's at the top of the Developer Tools pane. Your mouse cursor will automatically be placed in the search bar. Doing so will highlight any instances of SWF files in the Elements tab. Click the left- or right-facing arrow in the right-most corner of the search bar to skip from one instance of a SWF file to the next, making sure to read the string of text before each SWF instance.


Since the Elements tab isn't very wide, you might have to click and drag left or right the scroll bar at the bottom of it to see your SWF results.


You may not be able to copy the address without copying the whole block of code. Paste the SWF file's address into the address bar. You should see the address appear here. If you were unable to copy the address by itself, remove the sections of code before and after the address before proceeding.


Doing so will prompt the SWF file to begin downloading. Once the SWF file finishes downloading, you can proceed. If asked if you want to save the SWF file, confirm the decision. Method 4. Open Safari. Click the Safari app icon, which resembles a blue compass, in your Mac's Dock.


Enable the Develop menu item if necessary. If you don't have the Develop menu item at the top of your Mac's screen while Safari is open, do the following: Click Safari in the top-left corner of the screen. Click Preferences Click the Advanced tab. Check the "Show Develop menu in menu bar" box. Close the Preferences window.


If prompted, click the Enable or Allow button to allow Flash on the webpage. Click Develop. This option is in the menu bar at the top of the screen. Click Show Page Source. It's in the Develop drop-down menu. You should see the page's source code appear. This will cause Safari to highlight any "SWF" sections in the source code. Paste the address into Safari's address bar.


This is easiest to do in a text editor such as TextEdit.