so, for this module ,it should check the crossdomain.xml policy, because,
as far as I know,few website support CORS nowadays.
On Mon, Oct 15, 2012 at 5:26 AM, Wayne Dawson <
[email protected]> wrote:
> Yes, Flash developers can configure how the same origin policy is applied.
> It does that with crossdomain.xml.
>
> As I recall, it controls what other hosts are allowed to use flash
> remoting. Naturally, it can be misconfigured by developers, especially
> since macromedia documentation was full, at least used to be, of insecure
> examples.
>
>
> Wayne Dawson, Security Analyst - GCIH, GCFA, GCIA, GPEN, GREM
> Inventure Solutions Inc | A Vancity Company
> 4th Fl - 183 Terminal Avenue, Vancouver,
> Business (604) 877-6507 Fax: (604) 871-5403
>
>
> ----- Original Message -----
> From: Andres Riancho [mailto:[email protected]]
> Sent: Sunday, October 14, 2012 07:58 AM
> To: luke <[email protected]>
> Cc: [email protected] <[email protected]>
> Subject: Re: [W3af-users] disscuss about inspectOriginHeaderScrutiny
>
> Luke,
>
> On Fri, Sep 28, 2012 at 5:48 AM, luke <[email protected]> wrote:
> > Hi guys:
> > I am still testing the new plugin inspectOriginHeaderScrutiny for HTML5,
> > for now I tested some website:
> > www.qq.com
> > www.renren.com
> > http://sourceforge.net
> > facebook.com
> >
> > these website all have CORS settings , you can see the configuration by
> type
> > domain/crossdomain.xml
>
> CORS and crossdomain.xml are not very related. CORS is an HTML5
> feature and crossdomain.xml is something related with Adobe Flash.
>
> > but I i use w3af scan these site , there is no result , apparently some
> of
> > these site did not configure well !
> >
> > --
> > FIT1-213
> > Department of Computer Science
> > Tsinghua University, Beijing, 100084
> > http://about.me/anakin/bio
> >
> >
> ------------------------------------------------------------------------------
> > Got visibility?
> > Most devs has no idea what their production app looks like.
> > Find out how fast your code is with AppDynamics Lite.
> > http://ad.doubleclick.net/clk;262219671;13503038;y?
> > http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> > _______________________________________________
> > W3af-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
FIT1-213
Department of Computer Science
Tsinghua University, Beijing, 100084
http://about.me/anakin/bio
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
