Are you vulnerable to Flash XSS attacks?
List of services
Groups - advisory
(works when HTML code is enabled - description)
(description - note:
they might have fixed it)
List of software
Board (discovered by Matt
Murphy - post
in EoS Forums)
What is a Flash XSS Attack?
Recommended reading: Bypassing
Short description: Making use of Flash (SWF files) to launch
a Cross Site Scripting attack. This is a hole found in a good number
of well known webservices including MSN, YaBB and a good number
of other sites which allow Flash content.
Contributing to the above list
If you want to report software or a service which is vulnerable
to Flash XSS attacks you may:
o Send us comment (fill in the
form on the left)
o Send an e-mail to firstname.lastname@example.org
o Submit to the forum
Please note that EyeonSecurity will always give
credit to the original poster unless the poster writes that he/she
wants to remain anonymous.
If you're in the list...
Good Reading ..
AllowScriptAccess to control outbound scripting from Macromedia
Flash - (Thanks to Bertrand
Saint-Guillain for this pointer)
Flash Player Cross Server Scripting Security Issue