Web application security - the fast guide 1.1 | Page 97

Chapter 5 - Attack Execution the client P a g e | 97 field in .hhp file WebBrowser XMLHTTP Potentially all exploits that affect IE Old: LMZ access New: none, used to read/ download files from/to LMZ Arbitrary code execution as caller Read/write arbitrary content from/to known locations 5.10 Attack Execute- Pass JavaScript through Flash Http:Host.com/pathToSwf/app.swf? url=javascript: any code This attack depends on the ability to pass a URL through Flash (.swf) file without any validation of the inserted url Attack requirement  A flash file (.swf) on the site.  No validation for the url passed to the .swf file. Attack process Use javascript directly in the url Attack Example: The following code will allow the execution of javascript and showing the alert, thus successful XSS attack. http://site/flash.swf?url=javascript:alert('XSS') 5.11 Max Length User Name User Name Max length is a restriction from client side to control the number of characters entered in input field.