Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
FlashXMLHttpRequest
Posted by: acidburn
Date: July 18, 2007 08:59PM

I don't know if anyone here has heard of this before, but I was reading about FlashXMLHttpRequest -- it works like the javascript XHR except it's for Flash. The idea being that it can be used like XHR...in Flash.

Is there anyone on here who knows about Flash? I'd like to make an arbitrary Flash file that could submit a FlashXMLHttpRequest to get the viewer's hidden form strings in order to do a XDRF attack, but I don't really understand what is going on here.

http://www.xml.com/pub/a/2006/06/28/flashxmlhttprequest-proxy-to-the-rescue.html

Options: ReplyQuote
Re: FlashXMLHttpRequest
Posted by: thrill
Date: July 19, 2007 02:36AM

Have you checked out this thread:

[sla.ckers.org]

It's all Chinese to me, but I remembered seeing it, might be of help.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote


Sorry, only registered users may post in this forum.