O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

RIA Cross Domain Policy

Learn the basic concept of Cross-Domain Policy

Livros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo

Audiolivros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

RIA Cross Domain Policy

  1. 1. Cross Domain Policy Durvijay Jaiswar 05/05/2020
  2. 2. Security Analyst at Net-Square Twitter: @DurvijayJ LinkedIn: @durvijay-j9 About Me
  3. 3. Objectives ● What is Cross-Domain Policy. ● What is crossdomain.xml file. ● Where is the vulnerability. ● Exploitation examples. ● Remediation.
  4. 4. What is Cross-domain policy ● Cross-domain policy is a mechanism for data exchange between different domain. ● Data interchange is handled through web client such as Adobe flash player. ● Application should have crossdomain.xml file in its web root directory.
  5. 5. 1. User visits a.com. 2. Flash file from a.com contacts b.com and checks for crossdomain.xml file. 3. If file is found, client reads its permission. 4. If permission allow access then information from b.com is read. 5. Client transfers the information from b.com to a.com Architectural scenario
  6. 6. What is crossdomain.xml file Crossdomain.xml is configuration file which contains the name of domain to which access is allowed.
  7. 7. ● “*” wildcard character is vulnerability here. ● It allows access to all domain for information exchange. Where is the vulnerability
  8. 8. Example 1
  9. 9. Application contains the misconfigured crossdomain.xml file
  10. 10. Gather account balance from victim account
  11. 11. Create actionscript to gather account balance summary.php is banks page which contains account information. save_response.php is responsible for collecting and saving the response in attacker server.
  12. 12. Compile the script and host it on attacker server
  13. 13. Script for capturing and saving the response
  14. 14. Attack stage Let user login into its account. Trick the user to request flash file in another tab.
  15. 15. Notice the sequence of request executed
  16. 16. Check for saved response in attacker server
  17. 17. Example 2
  18. 18. Make a fund transfer from victim account
  19. 19. Create actionscript to make fund transfer POST request is required for making fund transfer of 10 Rs. Compile and host the flash file in attacker server.
  20. 20. Let user login into its account
  21. 21. Trick the user to load flash file in another tab
  22. 22. Check for saved response in attacker server
  23. 23. Remediation ● Remediation to this vulnerability is to hardcode the domain name instead of “*” in crossdomain.xml file. ● To allow multiple domain add multiple <allow-access-from-domain> element followed by domain name in crossdomain.xml file. ● Implement a cross site request forgery prevention mechanism.
  24. 24. ● http://gursevkalra.blogspot.com/2013/08 /bypassing-same-origin-policy-with-flash .html ● https://www.adobe.com/devnet/adobe-m edia-server/articles/cross-domain-xml-fo r-streaming.html ● https://www.adobe.com/devnet-docs/acr obatetk/tools/AppSec/xdomain.html ● https://www.adobe.com/devnet/flashplay er/articles/cross_domain_policy.html References
  25. 25. Questions?
  26. 26. Thank You!

    Seja o primeiro a comentar

Learn the basic concept of Cross-Domain Policy

Vistos

Vistos totais

437

No Slideshare

0

De incorporações

0

Número de incorporações

8

Ações

Baixados

2

Compartilhados

0

Comentários

0

Curtir

0

×