|Copyright © 2001,2002 eyeonsecurity
Inc., All Rights Reserved. No portions of eyeonsecurity
may be used without express, written permission
Filters the Flash! Attack
A previously unpublished way to inject CSS (Cross site scripting)
attack on Web Applications which allow Flash content. Many sites
may currently be vulnerable to this kind of attack.
This paper describes the following points:
- How Cross-site scripting effects web applications and what major
do to prevent this kind of attack
- Show that what is described by standard authorities as a solution
XSS is not always enough.
- How to create a demonstration Flash document which launches XSS
- Examples of major sites which are vulnerable to this kind of attack
- Solutions to the issue
- DEMO pages!
Download Paper (need pdf view eg. acrobat
View online version