For example, at least replace all instances of < with < and
> with > in the de?¬? nable data before placing it in TextField and TextArea
objects.
Compiling your Flash applications with Flash version 8 or later can take some
advantage of newer security features, such as the swliveconnect, allowNetworking,
and allowScriptAccess attributes. Unless explicitly necessary, LiveConnect, networking,
and script access should be disallowed. A recommended and safer object tag is
shown here:
classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/
swflash.cab#version=9,0,0,0"
type="application/x-shockwave-flash"
data="/MyFlashApp.swf"
height="640"
width="480">
If the Flash application is compiled with Flash 8 or later, the Flash application will not be
able to execute JavaScript or create network connections.
Intranet Attacks Based on Flash: DNS Rebinding
Popularity: 6
Simplicity: 2
Impact: 7
Risk Rating: 8
DNS rebinding is an attack that completely circumvents firewalls.
Pages:
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413