university.edu/.
Many people have identified that if they can upload a file to a server containing an
insecure policy file that could later be retrieved over HTTP, then System.security
.loadPolicyFile() would also respect that policy file. Stefan Esser of www.hardenedphp.
net showed that placing an insecure policy file in a GIF image also works. (See
???References and Further Reading??? at the end of the chapter for more information.)
In general, it appears that Flash will respect any file containing the cross-domain
policy unless any unclosed tags or extended ASCII characters exist before .
Note that the MIME type is completely ignored by Flash Player.
32 Hacking Exposed Web 2.0
Protecting Against Re?¬‚ ected Policy Files
When sending user-definable data back to the user, you should HTML entity escape the
greater than (>) and less than (<) characters to > and <, respectively, or simply
remove those characters.
Three Steps to XSS
Popularity: 10
Simplicity: 8
Impact: 8
Risk Rating: 8
Now that you understand the security controls placed in web browsers, let??™s try to
circumvent them with XSS.
The primary objective of XSS is to circumvent the same origin policy by injecting (or
placing) JavaScript, VBScript, or other browser-accepted scripting languages of the
attacker??™s choice into some web application.
Pages:
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104