[osflash] crossdomain security holes
Evert | Rooftop
evert at rooftopsolutions.nl
Thu Oct 19 16:05:24 EDT 2006
And.. don't forget, using the technique described on this site, in some
cases you don't even need to have a closed crossdomain file.. in some
cases the effect can be triggered using uploaded files for example..
Evert
Michael Stuhr wrote:
> Evert | Rooftop schrieb:
>> Might be interesting:
>>
>> http://www.hardened-php.net/library/poking_new_holes_with_flash_crossdomain_policy_files.html
>>
>>
>> Evert
>>
>>
>> _______________________________________________
>> osflash mailing list
>> osflash at osflash.org
>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>
> i read that twice now, maybe it's little late, but i don't get it.
>
> mike once illustrated the use of crossdomain.xml very well, maybe he
> can do it again, when he's finished reading his e-mails :-)
>
> micha
>
More information about the osflash
mailing list