« Paper: The Extended HTML Form attack revisited | Main | My current stance on Web Application Firewalls »

JavaScript Code Flow Manipulation, and a real world example advisory - Adobe Flex 3 Dom-Based XSS

"We recently researched an interesting DOM-based XSS vulnerability in Adobe Flex 3 applications that exploits a scenario in which two frames (parent & son) interact with each other, without properly validating their execution environment.

In our research, we have seen that in some cases, it is possible to manipulate JavaScript code flow, by controlling the environment in which it runs. Specifically, we managed to return hacker-controlled boolean values to conditional statements, and by that force the application to be vulnerable to an existing DOM-based XSS, which was otherwise unexploitable.

The advisory presented herein, is a real world example of the research mentioned above, and contains two XSS variants. The second of which, makes use of the JavaScript Flow Manipulation technique. "

Advisory Link: http://blog.watchfire.com/wfblog/2008/06/javascript-code.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!