In this blog post I present Rosetta Flash, a tool for converting any SWF file to one composed of only alphanumeric characters in order to abuse JSONP endpoints, making a victim perform arbitrary requests to the domain with the vulnerable endpoint and exfiltrate potentially sensitive data, not limited to JSONP responses, to an attacker-controlled site.
more here...........http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
more here...........http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/