1 Reply Latest reply on Mar 30, 2016 1:24 PM by Chris W. Griffith

    What can be done about Flash allowing  a URL parameter to point to an attacker's content?

    GoddessDoc

      Our application uses Flash and one of the files allows a URL parameter to direct it to receive content. An attacker can exploit this by tricking a user into visiting a crafted URL making it look as though it’s our company’s content, but actually from the attacker.

       

      Further attempts to exploit this, such as with cross-site flashing, failed as only content could be displayed, but no code was able to be executed.