I have been reading on a lot of the security blogs on how people are exploiting Crossdomain.xml with Cross Site Request Forgery, I don't blog about how to exploit it but rather how to find it automatically with 02. Feel free to e-mail me with questions or comments.
http://parsonsisconsulting.wordpress.com/2010/12/02/how-to-find-crossdomain-xml-cross-site-request-forgery-with-02/ Thanks, Matt -- Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man" Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1...@gmail.com <mparsons1...@gmail.com> http://www.parsonsisconsulting.com http://www.parsonsisconsultingblog.com <http://www.o2-ounceopen.com/o2-power-users/> http://www.linkedin.com/in/parsonsconsulting http://www.vimeo.com/8939668 http://twitter.com/parsonsmatt
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________