Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Posted by: acidburn
Date: July 18, 2007 08:59PM

I don't know if anyone here has heard of this before, but I was reading about FlashXMLHttpRequest -- it works like the javascript XHR except it's for Flash. The idea being that it can be used like Flash.

Is there anyone on here who knows about Flash? I'd like to make an arbitrary Flash file that could submit a FlashXMLHttpRequest to get the viewer's hidden form strings in order to do a XDRF attack, but I don't really understand what is going on here.

Options: ReplyQuote
Re: FlashXMLHttpRequest
Posted by: thrill
Date: July 19, 2007 02:36AM

Have you checked out this thread:


It's all Chinese to me, but I remembered seeing it, might be of help.



It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote

Sorry, only registered users may post in this forum.