Exploiting Insecure crossdomain.xml to Bypass Same Origin Policy (ActionScript PoC)
Tags
attack-pattern: Data Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID 7b98c040-0bad-408c-b8e6-c4c537d62d05
Fingerprint d0f242009a73655d
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 28, 2013, 4 a.m.
Added to db Jan. 18, 2023, 7:49 p.m.
Last updated Nov. 17, 2024, 12:55 p.m.
Headline Random Security
Title Exploiting Insecure crossdomain.xml to Bypass Same Origin Policy (ActionScript PoC)
Detected Hints/Tags/Attributes 17/1/23
Source URLs
Redirection Url
Details Source http://gursevkalra.blogspot.com/2013/08/bypassing-same-origin-policy-with-flash.html
URL Provider
Details Provider Source level domain
Details blogspot.com gursevkalra.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
foundstone.com
Details Domain 1 
xdomainxploit.as
Details Domain 4 
flash.events
Details Domain 5 
flash.net
Details Domain 22 
victim.com
Details Domain 78 
attacker.com
Details Domain 2 
urlrequestmethod.post
Details Domain 2 
sendrequest.data
Details Domain 3 
event.target.data
Details Domain 80 
www.adobe.com
Details Email 1 
gursev.kalra@foundstone.com
Details File 23 
crossdomain.xml
Details File 34 
net.url
Details File 2 
sendrequest.dat
Details File 11 
event.tar
Details File 4 
get.dat
Details File 1 
xdomainxploit.swf
Details File 1 
cross_domain_policy.html
Details File 1 
flash_player_9_security.pdf
Details Url 1 
http://victim.com/supersecret
Details Url 1 
http://attacker.com/store
Details Url 1 
http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html
Details Url 1 
http://wwwimages.adobe.com/www.adobe.com/content/dam/adobe/en/devnet/flashplayer/pdfs/flash_player_9_security.pdf