A cross-domain policy file is an XML document that grants a web client - such as Adobe Flash Player, Adobe Reader, etc. - permission to handle data across multiple domains.
Questions tagged [crossdomain.xml]
6 questions
4
votes
1 answer
CSRF Bypass using ActionScript via weak CrossDomain.xml
I have a target which has weak CrossDomain.xml but it prevents CSRF attack looking at one of the custom HTTP headers. I found following actionscript on a couple of websites, which works perfectly except that it doesnt set the header.
This…
shellcode
- 51
- 3
2
votes
0 answers
Flash Cross-Domain Proof of Concept
In the past, I have been able to successfully test insecure Flash cross-domain policies by using tools such as the followings:
https://thehackerblog.com/crossdomain/
https://github.com/nccgroup/CrossSiteContentHijacking
The policy is a normal…
Gurzo
- 1,117
- 6
- 18
2
votes
0 answers
cross-domain.xml file: Different policies in different directories
I came across cross-domain xml files on Vimeo and found that there are different policies on different directories.
One on https://vimeo.com/settings/crossdomain.xml
one
- 1,781
- 3
- 18
- 45
1
vote
1 answer
Secure crossdomain for rtmp/flash streaming/wowza
I've been a bit lost. I have the following situation:
Flash Player file is on https://sub.example.com/player.swf
crossdomain.xml is on https://sub2.example.com/crossdomain.xml
Streaming is done using Wowza.
The crossdomain.xml right now is…
user857990
- 903
- 1
- 9
- 21
0
votes
1 answer
Inconsistent behavior while attempting to exploit a misconfigured flash crossdomain.xml
victim.com - URL of the misconfigured application.
https://victim.com has an overly permissive crossdomain.xml at https://victim.com/crossdomain.xml.
hax
- 3,851
- 1
- 16
- 34
0
votes
1 answer
Can I send/receive HTTP requests/responses with a subdomain on a crossdomain.xml file?
(I'll use website.com in place of the actual domain as to not disclose any specific website vulnerability)
I noticed on a website that their crossdomain.xml file allowed access from another website with this code:
Jack
- 471
- 2
- 6
- 18