CAPEC-CAPEC-182 - CERT CVE
Naziv

Flash Injection

Sažetak An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.
Preduvjeti The target must be capable of running Flash applications. In some cases, the victim must follow an attacker-supplied link.
Rješenja ['Implementation: remove sensitive information such as user name and password in the SWF file.', 'Implementation: use validation on both client and server side.', 'Implementation: remove debug information.', 'Implementation: use SSL when loading external data', 'Implementation: use crossdomain.xml file to allow the application domain to load stuff or the SWF file called by other domain.']