Jump to content
Sign in to follow this  

confusing aspects of Flash (AS2) security

Recommended Posts

Hi all, 


I would like to clarify 2 aspects of flash security and confirm if they can be intermixed to make an attack.


SO the aspects areis :- 

1. The flash application on the original domian is embedded by a hacker/cracker in another page served from another (hacker) domain.

2. The flash is decompiled and served from the hacker domain.


The one that actually worries me and i would like to ask about is the intermixing of the two. 


Let's assume that the flash application (swf file) has been downloaded and de-compiled by a hacker and he removes whatever little protection there is in there to check if the swf is running in it's original domain . Now he can upload that into another domain (hacker domain) and serve it from there. The question is


a) What about the data that the movie requires to be run. This data is placed on the original server. Can hacker domain somehow get the data from original server in real time and server it to users from hacker domain to whomsoever? if so how and how difficult it would be.


b) if the original server uses secured sessions and user verification (via a login panel of-course) before serving the files , would the above (a) still be possible if at all ?


c) What if the hacker is also a legitimate user and is able to log in into the original server as a user? Or is that not a big deal ?


if the data can be hijacked and used in real time by the hacker domain, what measures can effective block it and prevent it?


Thanks all !

Edited by ajoo

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.