[REVS] Bypassing JavaScript Filters - the Flash! Attack

From: support@securiteam.com
Date: 06/19/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 19 Jun 2002 09:08:29 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Bypassing JavaScript Filters - the Flash! Attack
------------------------------------------------------------------------

SUMMARY

The following advisory will describe an article that explains about a
previously unpublished way to inject CSS (Cross site scripting) attack on
Web Applications that allow Flash content. Many sites are currently
vulnerable to this kind of attack.

DETAILS

Introduction:
In the linked document we will be describing a loophole, with security
implications, found in many websites that allow Flash documents to be
inserted within HTML, or uploaded to the server. This paper relies on the
fact that a huge number of web surfers have installed Macromedia Flash
plugin/ActiveX control, for an attacker to launch a Cross-site scripting
attack. We will not go into a lot of detail in describing Cross-site
scripting attacks in general; However we hope that this paper will explain
how Flash documents can be used to inject JavaScript into otherwise well
filtered Web Applications.

ADDITIONAL INFORMATION

The full document can be found at:
 <http://eyeonsecurity.net/papers/> http://eyeonsecurity.net/papers/

The information has been provided by <mailto:obscure@eyeonsecurity.net>
Obscure.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages