Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions

Prev | Current Page 394 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

Furthermore, an attacker can inject HTML that will automatically execute JavaScript,
rather than requiring a user to click a link. This is done buy using the asfunction:
protocol handler. asfunction: is a protocol handler specific to the Flash Player plug-in
and is similar to the javascript: protocol handler because it executes an arbitrary
ActionScript function, in this form:
asfunction:functionName, parameter1, parameter2, ??¦
Loading asfunction:getURL,javascript:alert(1) will execute the ActionScript
function getURL(), which requests that the browser load a URL. The URL requested is
javascript:alert(1), which executes JavaScript in the domain hosting the SWF.
Setting userinput1 to

will then attempt to load an image, but the image is an ActionScript function that
inevitably executes JavaScript on the browser. Note that Flash allows developers to load
only JPEG, GIF, PNG, and SWF files. This is checked by the file extension. To circumvent
this, an attacker can simulate a file extension with a //.jpg JavaScript comment.
To execute this JavaScript, a user just needs to be lured to this:
http://example.com/VulnerableMovie.

Pages:
382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406

After the Rain : how the West lost the East (page 207) A History of Indian Philosophy, Volume 1 (page 263) The Adventures of Tom Sawyer, Part 3. (page 17)

Books for you

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"