‘Forging HTTP Request Headers with Flash ActionScript’

Summary

This write-up presents the mechanism that can be used to send arbitrary HTTP requests via Flash ActionScript. The security consequences for this ability are also discussed here.’

Credit:

‘The information has been provided by http://www.adobe.com/products/player_census/flashplayer/tech_breakdown.html

[2] ‘Macromedia Flash Player Version Penetration’ (Adobe website) http://www.adobe.com/products/player_census/flashplayer/version_penetration.html

[3] ‘Re: ‘Exploiting the XmlHttpRequest object in IE’ – paper by Amit Klein’ by Anonymous, BugTraq posting, September 27th, 2005http://www.securityfocus.com/archive/1/411823

[4] ‘Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1’ by Thiago Zaninotti, BugTraq posting, May 8th, 2006 http://www.securityfocus.com/archive/1/433280

[5] ‘Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1’ by Amit Klein, BugTraq posting, May 18th, 2006 http://www.securityfocus.com/archive/1/434729

[6] ‘Client Side Trojans’, Zope developers mailing list, May 2000 http://www.zope.org/Members/jim/ZopeSecurity/ClientSideTrojan

[7] ‘Cross Site Request Forgeries’ by Peter Watkins, BugTraq posting, June 15th, 2001 http://www.tux.org/~peterw/csrf.txt

[8] ‘Exploiting the XmlHttpRequest object in IE – Referrer spoofing, and a lot more…’ by Amit Klein, BugTraq posting,
September 24th, 2005 http://www.securityfocus.com/archive/1/411585

[9] ‘Adobe Flash Player 9 Leads a New Generation of Dynamic Media and Rich Internet Applications’ (Adobe website), June 28th, 2006 http://www.adobe.com/aboutadobe/pressroom/pressreleases/200606/062806Flash9.html

[10] ‘HTTP Request Smuggling’ by Chaim Linhart, Amit Klein, Ronen Heled and Steve Orrin, June 6th, 2005 http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf

Categories: Reviews