January 6th, 2009
Why does this community allow flash footers? Isn't there a potential exploit, allowing users to hijack accounts and steal passwords?well that's odd. Over at another forum we have contacted macromedia about this security hole back in july.. they said they "have this issue resolved and will be releasing a player very shortly (but within the month of July) as we announced previous." By now i think everyone would've upgraded they're player.. :-Maybe what Im thinking of is something completely differentwhaddya mean you lock your files ???I think senocular was talking about this
http://www.macromedia.com/support/flash/ts/documents/allow_script_access.htm
AllowScriptAccess can prevent a SWF file hosted from one domain from accessing a script in an HTML page that comes from another domain. Using AllowScriptAccess="never" for all SWF files hosted from another domain can ensure security of scripts located in an HTML page.
What if both the swf and script are on the same domain?Senocular, what you said is not true. The issue has not been corrected.how did you do that?Isn't there a potential exploit, allowing users to hijack accounts and steal passwords?
hehe we are a peaceful community - who would ever think of hacking into our little Kirupaville ?
Besides Flash Footers Rock - get one :beam: !unless you dont have any recent flash player installed, everything should be fine..I (kamyab) am able to sign into mlk's account, so something is deffinately wrong.A while ago, yes. It has since been 'corrected' - its effects can be avoided by the html code used to embed the swf.I will let you know in a PM
[edit]
ahmed, thats it. Well, almost.I read somewhere it can be prevented with the html embedNot here, apparentlyooops
jubba - http://eyeonsecurity.net/papers/flash-xss.htm :)#If you have any other info about this subject , Please add it free.# |
|
Posted in weletomylife.com | edit
