Insecure crossdomain.xml

From Hackipedia
Jump to: navigation, search
Hackerone #44652
Target: Mobile Vikings
Target Module:
Type: Best Practice
Payload:
Original: Link
CVE:
Archive Screenshot

Many Flash plugins and modules use URL parameters to make calls to URLs. Something like so

loadVideo.swf?url=http://example.com/flash_video

It is possible to set up a crossdomain.xml on your site to give Flash a final say on what URLs are allowed to be contacted.

The Mobile Vikings site had

<?xml version="1.0"?>
<cross-domain-policy>
  <allow-access-from domain="*" secure="true" />
</cross-domain-policy>

Which would allow access to any URL.

The report did not show that any vulnerability existed on to take advantage of this open door policy.

How To Perform

  1. Use Google dorks
    1. site:example.com filetype:xml
  2. Or check example.com/crossdomain.xml