2 Replies Latest reply on Mar 30, 2016 10:57 AM by GoddessDoc

    Allowing a URL to direct to an attacker's content, is there a fix?

    GoddessDoc Level 1

      Our application uses Flash and one of the files allows a URL parameter to direct it to receive content. An attacker can exploit this by tricking a user into visiting a crafted URL making it look as though it’s our company’s content, but actually from the attacker.

       

      Further attempts to exploit this, such as with cross-site flashing, failed as only content could be displayed, but no code was able to be executed.