Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos
"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"
security.loadPolicyFile("http://www.university.edu/CourseListing? format=json&callback=" "); This results in the Flash application having complete cross-domain access to http://www .university.edu/. Note that MIME type in the response does not matter. Thus, if XSS was prevented based on MIME type, then the reflected security policy would still work. Security Policy Stored Attacks Popularity: 7 Simplicity: 8 Impact: 8 Risk Rating: 8 If an attacker could upload and store an image, audio, RSS, or other file on a server that can later be retrieved, then he or she could place the Flash security policy in that file. For example, the following RSS feed is accepted as an open security policy:
<br><cross-domain-policy><br><allow-access-from domain="*" /><br></cross-domain-policy><br> x x en-us Tue, 10 Jun 2003 04:00:00 GMT Tue, 10 Jun 2003 09:41:01 GMT x x x x x Tue, 03 Jun 2003 09:39:21 GMT x
Chapter 9: Attacking Flash Applications 227 Stefan Esser at php-hardening.