Your SlideShare is downloading. ×
0
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cross Domain Hijacking - File Upload Vulnerability

1,030

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,030
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
17
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. – https://www.owasp.org/index.php/Testing_for_Cross_site_flashing_%28OWA SP-DV-004%29 – https://www.owasp.org/index.php/Category:OWASP_Flash_Security_Project
  • 2. • Formerly called " ", relabeled as " " since 2005 • Streaming animation for web pages • Can be a portion of an html web page or an entire web page • Flash files are called "Flash movies“ and are format files • Offers two very special web browsing experiences: – Very fast loading – Vector animation with interactivity
  • 3. • A is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat permissions to allow data to be handled not only within the current Domain but to other Domains www.Domain2.conwww.Domain1.con www.Domain3.con
  • 4. • The value of this setting determines the script access to the SWF • Possible values: – No script access allowed (Deprecated) –SWF from same domain have script access – SWFs from external domains also have script access –
  • 5. • These days a lot of websites allow users to upload files, but many don’t know about the unknown pitfalls of letting users (potential attackers) upload files, even valid files • What’s a valid file? Usually, a restriction would be on two parameters: – The uploaded file extension – The uploaded Content-Type. • For example, the web application could check that the extension is “ ” and the Content-Type “ ” to make sure it’s impossible to upload malicious files. Right?
  • 6. • The problem is that plugins like Flash doesn’t care about extension and . • If a file is embedded using an tag, it will be executed as a Flash file as long as the content of the file looks like a valid Flash file • But wait a minute! Shouldn’t the Flash be executed within the domain that embeds the file using the tag? • Yes and No • If a Flash file (bogus image file) is uploaded on and then embedded at , the Flash file can execute JavaScript within the domain of • However, if the Flash file sends requests, it will be allowed to read files within the domain of
  • 7. • Attacker creates a malicious and then changes the file extension to • The attacker uploads the file to • The attacker embeds the file on • The victim visits and loads the file • Attacker can now send and receive arbitrary requests to
  • 8. • Interact with files of the victim’s website by using current user’s cookies • Execute JavaScript, • Communicate with its source domain without checking the cross-domain policy • Use the Flash file to send requests and to read files from the domain of
  • 9. • Attacker sets within the file the as " “ • SWF file can communicate with the HTML page in which it is embedded • As we know the SWF file is from a different domain than the HTML page pass arguments to a Flash file embedded inside an HTML page • Here it specifies a known file within the that would be read by the
  • 10. "height:1px;width:1px;" data="http://victim.com/user/2292/profilepicture.jpg" type="application/x-shockwave-flash" "
  • 11. • " " • Means that any security functions are actively turned off: – Embedded content has full access too, and control over the embedding site
  • 12. • Three possible values: • The " " and " " values unconditionally turn JavaScript access on or off for the SWF file • The " " value turns JavaScript access on only if the SWF file is served from the same domain and hostname as its surrounding HTML file
  • 13. • Slideshare.net provides a service that enables you to upload your presentations and share it with the public • Each presentation Slideshare offers a convenient HTML- code snippet that is ready to copy & paste it into your site • Here a shortened example: ="__sse763783" width="425" height="355"><param name="movie" value="http://static.slidesharecdn.com/swf/ssplayer2.swf?doc=grant-presentation-1227010891051378- 9&stripped_title=welcome-to-ip-surveillance-101-presentation&userName=grantsupplies"><param name="allowFullScreen" value="true">
  • 14. • YouTube video embedded
  • 15. • Implement the Content-Disposition – This lets the user save the file to their computer and then decide how to use it, instead of the browser trying to use the file. • Parse the file to determine its content as well as sending a Content- Disposition header where applicable. • If possible isolate the domain of the uploaded files. • Use flash security mechanisms ,

×