Ebay - Advertisement

Sunday, March 27, 2011

Need a good reference for Microsoft SQL Server 2005/2008 hardening?

This paper contains administrative and operational tasks that should be taken in account from security perspective when using Mircosoft SQL Server. The article covers operative instructions and example of code snippets needed for DBA's and Server administrators.

Sunday, March 13, 2011

ExternalInterface.call() in ActionScript - can expose Flash applications to XSS attacks

The ExternalInterface class is the External API, an application programming interface that enables straightforward communication between ActionScript and the Flash Player container– for example, an HTML page with JavaScript.
TheExternalInterface.call("functionNameInJavaScript",inputFromUser) function in ActionScript - allows making calls from ActionScript to JavaScript functions.
The first parameter is the name of the function in javascript, and the second one can be one or more parameters that this function receives.

Call to such method would be translated on the embedding page to a javascript code which would look as follows:

try {
    __flash__toXML(functionNameInJavaScript, "the value from inputFromUser"));
  } catch (e) {
    //Do something useful;

If the inputFromUser parameter's value is Hey"people, backslash escaping character will be added automatically and the value will become to be Hey\"people .
However, the function does not escape any stray backslash characters. So input like Hello world!\"+alert('XSS')); } catch(e) {} // can lead to Cross Site Scripting attacks.

This vulnerability was found by lcamtuf and was first posted on his blog.