How can a SWF inject content into a webpage

Question

By embedding the follow SWF code, when ran in an individual page a new tab comes up with the desired URL and an ad bar over the top. There is no user interaction required.

<embed width="1" height="1" align="middle"
       pluginspage="http://www.macromedia.com/go/getflashplayer"
       type="application/x-shockwave-flash" allowscriptaccess="sameDomain"
       name="blog" bgcolor="000000" wmode="transparent" quality="high"
       src="http://i1177.photobucket.com/albums/x348/hosting504/red.swf" 
       flashvars="web=www.agitehabbero.com/index.php&creador=supercito">

If the code is embedded into a frame, then no new tabs are created, and rather the frame is modified to add the html page.

Edit: There is NO JAVASCRIPT on the page.

How can a SWF file do this? (Inject content into an webpage)?

Answer 1

This ActionScript3.0 code will inject an anonymous function, then execute it while passing the single param "hello": ExternalInterface.call("function(msg){ alert(msg); }", "hello"); (this gets executed like this Javascript code: function(msg){ alert(msg); }("hello");).

Since you can inject code, you can write the code to manipulate the document (add elements, modify styles, change element values, etc.). For example this AS3 code: ExternalInterface.call("function(){ document.write(\"Hello, world!\"); }"); will display "Hello, world!" on the HTML page.

Also, from the docs:

• In the object tag for the SWF file in the containing HTML page, set the following parameter: <param name="allowScriptAccess" value="always" />
• In the SWF file, add the following ActionScript: flash.system.Security.allowDomain(sourceDomain)

I tested all of the above, and it works just fine on my browsers: Google Chrome 19, Internet Explorer 8, Firefox 12.

As you requested, no javascript on the document side :)