2. Security Analyst at Net-Square
Twitter: @DurvijayJ
LinkedIn: @durvijay-j9
About Me
3. Objectives
● What is Cross-Domain Policy.
● What is crossdomain.xml file.
● Where is the vulnerability.
● Exploitation examples.
● Remediation.
4. What is Cross-domain policy
● Cross-domain policy is a mechanism for data exchange between different
domain.
● Data interchange is handled through web client such as Adobe flash player.
● Application should have crossdomain.xml file in its web root directory.
5. 1. User visits a.com.
2. Flash file from a.com contacts
b.com and checks for
crossdomain.xml file.
3. If file is found, client reads its
permission.
4. If permission allow access then
information from b.com is read.
5. Client transfers the information
from b.com to a.com
Architectural scenario
6. What is crossdomain.xml file
Crossdomain.xml is configuration file which contains the name of domain to
which access is allowed.
7. ● “*” wildcard character is vulnerability here.
● It allows access to all domain for information exchange.
Where is the vulnerability
11. Create actionscript to gather account balance
summary.php is banks page
which contains account
information.
save_response.php is
responsible for collecting and
saving the response in attacker
server.
19. Create actionscript to make fund transfer
POST request is required
for making fund transfer of
10 Rs.
Compile and host the flash
file in attacker server.
23. Remediation
● Remediation to this vulnerability is to hardcode the domain name instead of
“*” in crossdomain.xml file.
● To allow multiple domain add multiple <allow-access-from-domain> element
followed by domain name in crossdomain.xml file.
● Implement a cross site request forgery prevention mechanism.