Hello participants of Mailing List.
Different attack can be made via Flash. In 2010 in article Content
Spoofing attacks: Link Injection and Text Injection and in 2012 in article
Content Spoofing attacks: Content Injection and Site Injection
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-November/008614.html)
I told about different CS attacks, part of which concerned Flash. Also I
wrote in 2008, 2009 and 2010's articles XSS vulnerabilities in 215000 flash
files, XSS vulnerabilities in 8 millions flash files and XSS vulnerabilities
in 34 millions flash files about XSS attacks via flash banners and
tagcloud.swf (WP-Cumulus). Last week I wrote new article Attacks via Flash.
These topic should be interesting for you (especially for those, who haven't
read it before).
Attacks via Flash.
http://websecurity.com.ua/6794/
In the article I described different attacks via Flash. This is the list of
possible attacks on users and visitors of sites via flash plugin, which I
created already in December 2009.
Attack on including audio, video and images I called in one term Content
Injection. And Remote XML Inclusion can be used as for Content Injection, as
for Site Injection. About which I wrote in above-mentioned article.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Hello participants of Mailing List.
Different attack can be made via Flash. In 2010 in article Content
Spoofing attacks: Link Injection and Text Injection and in 2012 in article
Content Spoofing attacks: Content Injection and Site Injection
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-November/008614.html)
I told about different CS attacks, part of which concerned Flash. Also I
wrote in 2008, 2009 and 2010's articles XSS vulnerabilities in 215000 flash
files, XSS vulnerabilities in 8 millions flash files and XSS vulnerabilities
in 34 millions flash files about XSS attacks via flash banners and
tagcloud.swf (WP-Cumulus). Last week I wrote new article Attacks via Flash.
These topic should be interesting for you (especially for those, who haven't
read it before).
Attacks via Flash.
http://websecurity.com.ua/6794/
In the article I described different attacks via Flash. This is the list of
possible attacks on users and visitors of sites via flash plugin, which I
created already in December 2009.
* Remote Flash Inclusion.
* Remote Flash Injection.
* Cross-Site Scripting.
* Link Injection.
* Text Injection.
* Remote Audio Inclusion.
* Remote Video Inclusion.
* Remote Image Inclusion.
* Remote XML Inclusion.
* Denial of Service - via DoS vulnerabilities
(http://www.youtube.com/watch?v=3W_5jb17Aus) in flash-plugin
(http://www.youtube.com/watch?v=xi29KZ3LD80).
* Remote Code Execution - via vulnerabilities in flash-plugin
(http://www.youtube.com/watch?v=DnUhKF9RiuM).
* User tracking.
* Redirection.
* Malware spreading and phishing.
Attack on including audio, video and images I called in one term Content
Injection. And Remote XML Inclusion can be used as for Content Injection, as
for Site Injection. About which I wrote in above-mentioned article.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua