View Full Version : Why allow flash footers?
kamyab
April 20th, 2003, 04:48 AM
Why does this community allow flash footers? Isn't there a potential exploit, allowing users to hijack accounts and steal passwords?
senocular
April 20th, 2003, 06:48 AM
A while ago, yes. It has since been 'corrected' - its effects can be avoided by the html code used to embed the swf.
mlk
April 20th, 2003, 01:38 PM
Isn't there a potential exploit, allowing users to hijack accounts and steal passwords?
hehe we are a peaceful community - who would ever think of hacking into our little Kirupaville ?
Besides Flash Footers Rock - get one :beam: !
mlk
April 20th, 2003, 01:45 PM
whaddya mean you lock your files ???
mlk
April 20th, 2003, 01:47 PM
Senocular, what you said is not true. The issue has not been corrected.
senocular
April 20th, 2003, 01:51 PM
I read somewhere it can be prevented with the html embed
kamyab
April 20th, 2003, 02:00 PM
Not here, apparently
ahmed
April 20th, 2003, 02:04 PM
unless you dont have any recent flash player installed, everything should be fine..
mlk
April 20th, 2003, 02:10 PM
I (kamyab) am able to sign into mlk's account, so something is deffinately wrong.
Jubba
April 20th, 2003, 02:11 PM
how did you do that?
ahmed
April 20th, 2003, 02:15 PM
ooops
jubba - http://eyeonsecurity.net/papers/flash-xss.htm :)
mlk
April 20th, 2003, 02:16 PM
I will let you know in a PM
[edit]
ahmed, thats it. Well, almost.
senocular
April 20th, 2003, 02:17 PM
Maybe what Im thinking of is something completely different
ahmed
April 20th, 2003, 02:26 PM
well that's odd. Over at another forum we have contacted macromedia about this security hole back in july.. they said they "have this issue resolved and will be releasing a player very shortly (but within the month of July) as we announced previous." By now i think everyone would've upgraded they're player.. :-\
kamyab
April 20th, 2003, 02:31 PM
I think senocular was talking about this
http://www.macromedia.com/support/flash/ts/documents/allow_script_access.htm
AllowScriptAccess can prevent a SWF file hosted from one domain from accessing a script in an HTML page that comes from another domain. Using AllowScriptAccess="never" for all SWF files hosted from another domain can ensure security of scripts located in an HTML page.
What if both the swf and script are on the same domain?
Powered by vBulletin® Version 4.1.10 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.