Web application security - the fast guide 1.1 | Page 97
Chapter 5 - Attack Execution the client
P a g e | 97
field in .hhp file
WebBrowser
XMLHTTP
Potentially all exploits that
affect IE
Old: LMZ access
New: none, used to read/
download files from/to LMZ
Arbitrary code execution as
caller
Read/write arbitrary content
from/to known locations
5.10 Attack Execute- Pass JavaScript through Flash
Http:Host.com/pathToSwf/app.swf? url=javascript: any code
This attack depends on the ability to pass a URL through Flash (.swf) file without
any validation of the inserted url
Attack requirement
A flash file (.swf) on the site.
No validation for the url passed to the .swf file.
Attack process
Use javascript directly in the url
Attack Example:
The following code will allow the execution of javascript and showing the alert,
thus successful XSS attack.
http://site/flash.swf?url=javascript:alert('XSS')
5.11 Max Length
User Name
User Name
Max length is a restriction from client side to control the number of characters
entered in input field.