Figure 8-12 Secure.ActiveX.IE??™s results
223
9
Attacking
Flash
Applications
224 Hacking Exposed Web 2.0
Adobe Flash can be used to attack web applications using Flash as well as web
applications that do not use Flash. Thus, no web application is immune from
Flash-based attacks. Flash attacks range from cross-site scripting (XSS) and crosssite
request forgery (CSRF)??”even when protection is present??”to unauthenticated
intranet access and completely circumventing firewalls.
A BRIEF LOOK AT THE FLASH SECURITY MODEL
Recent versions of Flash have complicated security models that can be customized to the
developer??™s preference. We describe some important aspects of Flash??™s security model
introduced in Flash Player version 8. However, we first briefly describe some additional
features that Flash has over JavaScript.
Flash??™s scripting language is called ActionScript. ActionScript is similar to JavaScript
and includes some interesting classes from an attacker??™s perspective:
??? The class Socket allows the developer to create raw TCP socket connections
to allowed domains, for purposes such as crafting complete HTTP requests
with spoofed headers such as Referrer.
Pages:
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393