Thus, the attacker can inject script into pages that
execute in the context of the vulnerable domain. Once the attacker develops something
malicious for the victim to run, the attacker must lure the victim to click a link. Clicking
the link will activate the attack.
REFERENCES AND FURTHER READING
Topic Source
Same origin policy www.mozilla.org/projects/security/components/
same-origin.html.
Cookies Sections 7 and 8 of www.ietf.org/rfc/rfc2109.txt
http://msdn.microsoft.com/workshop/author/
dhtml/httponly_cookies.asp
Flash security www.adobe.com/devnet/?¬‚ ashplayer/articles/
?¬‚ ash_player_8_security.pdf
http://livedocs.adobe.com/labs/as3preview/
langref/?¬‚ ash/net/Socket.html
www.adobe.com/support/?¬‚ ash/action_scripts/
actionscript_dictionary/actionscript_dictionary827
.html
http://livedocs.adobe.com/?¬‚ ash/8/main/
wwhelp/wwhimpl/common/html/wwhelp
.htm?context=LiveDocs_Parts&?¬? le=00002200.html
www.hardened-php.net/library/poking_new_holes_
with_?¬‚ ash_crossdomain_policy_?¬? les.html
Stefan Esser??™s ???Poking
Holes with Flash
Crossdomain Policy Files???
www.hardened-php.net/library/poking_new_holes_
with_?¬‚ ash_crossdomain_policy_?¬? les.html
iSEC Partners??™ SecurityQA www.
Pages:
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137