[WEB SECURITY] Poking new holes with Flash cross domain policy files

Amit Klein aksecurity at gmail.com
Thu Oct 19 16:57:07 EDT 2006

Stefan Esser wrote:
> Hi,
> I released a mini article today that covers the danger that arises for
> web applications because of the design flaws in the cross domain policy
> verification of the Flash player.
> You can read it here:
> http://www.hardened-php.net/library/poking_new_holes_with_flash_crossdomain_policy_files.html
BTW, regarding the Policy File Location, I suppose many of the tricks in 
"Path Insecurity" 
can come in handy, ridding the attacker of the need to have an open 

I'm talking about things like:

* The URL encoding trick (works with most web servers)

* Backslashes (works in many Windows-based servers, particularly IIS)

* %uHHHH (IIS specific extension)

* Overlong UTF-8 encoding of a dot (may work with some servers, works 
with old IIS)
* Double-encoded dot (may work with some servers, works with old IIS) 

I didn't test them, but my guess is that some will work.

It seems that this boils down to path (in)security...


PS - note my new email address: same mailbox, different provider (gmail).

The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list