> Sorry for the dumb questions, haven't had a chance to read that > crossdomain article in detail yet. How exactly does it pose a security > risk, in my understanding any server side code can do what what Flash > does without any sandbox restrictions or am I wrong? > > I've always assumed crossdomain policy files aren't an impenetrable > fortress but does it open any additional security risks over any other > technologies?
As far as i understood, there are two potential vulnerabilities: - Redirects: often sites use some redirect mechanism to load 3rd party links (to be able to count the outgoing hits i guess). They say you can exploit that in a way that you use those redirect scripts to redirect the crossdomain.xml request to a different location. - GIF masquerade: They say Flash Player doesn't check for wellformedness of the crossdomain.xml so if you add some junk (or, a GIF header) at the beginning of the policy file it's still valid for the Flash Player (if a site then offers uploading of images, you could upload your fake GIF and have a crossdomain.xml on the otherwise secure site). I tried the GIF hack but it didn't work in Flash Player 9. Cheers, Claus. -- claus wahlers cĂ´deazur brasil http://codeazur.com.br _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
