[osflash] crossdomain security holes
Evert | Rooftop
evert at rooftopsolutions.nl
Thu Oct 19 16:04:06 EDT 2006
Yes, but one thing was missing in that explanation, which I only
realized later on..
Flash allows she so-called CSRF attacks to be done cross-domain, the
best example is the Myspace worm that popped up a while ago..
Imagine this scenario:
1. You logged in to www.myspace.com, which allows all domains using
crossdomain.xml (in this example)
2. The session cookie persists, so as long as you don't close your
browser you will remain to be logged in
3. Now you go to www.evilsite.com, which has an evil swf
4. The swf can make use of your session cookie and perform actions on
your behalf on myspace.com, such as changing your password, etc etc.
Evert
Michael Stuhr wrote:
> Evert | Rooftop schrieb:
>> Might be interesting:
>>
>> http://www.hardened-php.net/library/poking_new_holes_with_flash_crossdomain_policy_files.html
>>
>>
>> Evert
>>
>>
>> _______________________________________________
>> osflash mailing list
>> osflash at osflash.org
>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>
> i read that twice now, maybe it's little late, but i don't get it.
>
> mike once illustrated the use of crossdomain.xml very well, maybe he
> can do it again, when he's finished reading his e-mails :-)
>
> micha
>
More information about the osflash
mailing list