không có tách chặt chẽ tồn tại giữa các hướng dẫn chương trình và dữ liệu người dùng (còn gọi là người dùng nhập vào). Vấn đề này cho phép kẻ tấn công để lẻn hướng dẫn chương trình vào những nơi mà các nhà phát triển dự kiến sẽ dữ liệu chỉ lành tính. | 30 Hacking Exposed Web Flash Security Model Flash is a popular plug-in for most web browsers. Recent versions of Flash have very complicated security models that can be customized to the developer s preference. We describe some interesting aspects to Flash s security model here. However first we briefly describe some interesting features of Flash that JavaScript does not possess. Flash s scripting language is called ActionScript. ActionScript is similar to JavaScript and includes some interesting classes from an attacker s perspective The class Socket allows the developer to create raw TCP socket connections to allowed domains for purposes such as crafting complete HTTP requests with spoofed headers such as referrer. Also Socket can be used to scan some network computers and ports accessible that are not accessible externally. The class Externallnterface allows the developer to run JavaScript in the browser from Flash for purposes such as reading from and writing to . The classes XML and URLLoader perform HTTP requests with the browser cookies on behalf of the user to allowed domains for purposes such as crossdomain requests. By default the security model for Flash is similar to that of the same origin policy. Namely Flash can read responses from requests only from the same domain from which the Flash application originated. Flash also places some security around making HTTP requests but you can make cross-domain GET requests via Flash s getURL function. Also Flash does not allow Flash applications that are loaded over HTTP to read HTTPS responses. Flash does allow cross-domain communication if a security policy on the other domain permits communication with the domain where the Flash application resides. The security policy is an XML file usually named and usually located in the root directory of the other domain. The worst policy file from a security perspective looks something like this cross-domain-policy allow-access-from .
