O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Flash comes to the rescue

These days almost all web applications store files in some way or another; take, for example, social networking websites that store our pictures or dedicated storage services like Dropbox. One common problem with this is that we can upload Flash or SWF files with benign extensions like .jpg, .gif, or .png and it will be happily accepted by the server backend. The problem arises if the file is hosted on the main domain or subdomain (not sandboxed domain) of the website, but we can create a Flash file to read the HTML source of the vulnerable website and upload it there with the allowed extensions mentioned earlier. Once it is uploaded on the vulnerable website, the attacker simply needs to embed the Flash file and pass ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required