-
Flash + JS + crossdomain.xml = phun
I was browsing Jeremiah Grossman's Blog and found an interesting post talking about a file named crossdomain.xml and extended uses of it in regards to cross site scripting. In a nutshell there's this file called crossdomain.xml used by flash to say 'I am http://www.domainb.com and I will allow users of http://www.domaina.com to make requests to…
-
Hacker cracks Google Blogger security
"Google was left red-faced on Saturday when a bug in its Blogger software allowed an unauthorised user to post a comment on the official Google blog. The post, which stayed up for around an hour before being pulled, claimed that Google had abandoned its click-to-call and Adwords partnership with eBay because of "monopolistic" concerns." Article…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack