In my previous two posts, I explain the overly permissive crossdomain.xml vulnerability, show you how to create malicious SWF files from scratch, and show you how to use the malicious SWFs to exploit the vulnerability.
As we all know, sometimes the best way to wrap your head around a vulnerability is to see being exploited. Rather than continuing to talk about the vulnerability in theoretical terms, I can now start to share some specific examples.
more here...................http://sethsec.blogspot.gr/2014/07/crossdomain-bing.html
As we all know, sometimes the best way to wrap your head around a vulnerability is to see being exploited. Rather than continuing to talk about the vulnerability in theoretical terms, I can now start to share some specific examples.
more here...................http://sethsec.blogspot.gr/2014/07/crossdomain-bing.html