Web Application Hacking – Page 2

Building An Rdio Flash Cross-domain Exploit with FlashHTTPRequest (crossdomain.xml Security)

Posted on September 23, 2015 by mandatory

Adobe Flash is no stranger to security issues, but this post isn’t about stack overflows, bypassing ASLR, or sandbox escaping – it’s about building practical exploits against poor use of crossdomain.xml. For those unfamiliar with cross-domain policies in Flash, check out my previous post here. I’ve also built a nice tool for testing cross-domain requests in… Read More Continue reading Building An Rdio Flash Cross-domain Exploit with FlashHTTPRequest (crossdomain.xml Security)→

[Blackhat Talk] Bypass Surgery Abusing Content Delivery Networks With Server-Side Request Forgery (SSRF), Flash, and DNS

Posted on September 11, 2015 by mandatory

For archival purposes I’m posting this talk that me and Mike Brooks (a.k.a. Rook) did at Blackhat USA 2015. While we danced around the vendor in the talk description, we can now disclose that that vendor was indeed Akamai – see their blog post about the issue here. Luckily Akamai was super helpful throughout the whole… Read More Continue reading [Blackhat Talk] Bypass Surgery Abusing Content Delivery Networks With Server-Side Request Forgery (SSRF), Flash, and DNS→

sonar.js – A Framework for Scanning and Exploiting Internal Hosts With a Webpage

Posted on August 23, 2015 by mandatory

Recently WebRTC has been in the news as a way to scan internal networks using a regular webpage. We’ve seen some interesting uses of this functionality such as The New York Times scanning your internal network to detect bots. The idea of a random webpage on the internet being able to scan your internal network for live… Read More Continue reading sonar.js – A Framework for Scanning and Exploiting Internal Hosts With a Webpage→