university.edu/~attacker/
crossdomain.xml. Then the policy would apply to requests such as http://publicpages.
university.edu/~attacker/doEvil.html and http://public-pages.university.edu
/~attacker/moreEvil/doMoreEvil.html, but not to pages such as http://public-pages
.university.edu/~someStudent/familyPictures.html or http://public-pages.university
.edu/index.html.
Re?¬‚ ecting Policy Files
Popularity: 7
Simplicity: 8
Impact: 8
Risk Rating: 8
Policy files are forgivingly parsed by Flash, so if you can construct an HTTP request
that results in the server sending back a policy file, Flash will accept the policy file. For
instance, suppose some AJAX request to http://www.university.edu/Course
Listing?format=js&callback=
20domain="*"/> responded with the following:
() { return {name:"English101",
desc:"Read Books"}, {name:"Computers101",
desc:"play on computers"}};
Then you could load this policy via the ActionScript:
System.security.loadPolicyFile("http://www.university.edu/" +
"CourseListing?format=json&callback=" +
"
" +
"" +
"");
This results in the Flash application having complete cross-domain access to http://
www.
Pages:
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103