Author: jianxin [80sec]
EMail: jianxin#80sec.com
Site: http://www.80sec.com
Date: 2009-07-25
From: http://www.80sec.com/release/flash-security.txt
[ 目录 ]
0×00 前言 阅读全文
0×01 安全的服务端flash安全策略
0×02 安全的客户端flash安全规范
0×03 flash安全的checklist
fly_flash — Jump/XSS/CSRF in Flash
Author: lake2@80sec.com
Site: http://www.80sec.com
Date: 2009-8-26
From: http://www.80sec.com/release/fly_flash.txt
80SEC — know it then hack it !
[ description ]
fly_flash is a tool for penetration in flash
阅读全文
西瓜注:从HDWiki很老的版本我就发现了他有很多的跨站漏洞,但是我一直没有对外公布过。只是把自己发现的问题直接邮件给其开发人员。但是现在有人开始直接对外公布了,而且还是在我的友链站点进行了挂恶意代码,看来以后我还是发现问题后就直接对外公布,这样Hdiwiki可能会关注度高一些吧。
From:clin
今天下午在“百科”里发现异常情况:点开一个词条后,刚刚看到内容,就跳转到一个电影网站(要真是个电影网站还好点,可看到的是三个弹出网页,然后 就广告广告,连那个最大的很像播放器的东东也是个广告,人渣啊)啦!郁闷的还以为是浏览器出问题啦,后退后退还是不行,看看链接也没有错啊,怀疑是不是域 名被劫持啦,于是ping,对啊,换个浏览器打开域名首页,正
阅读全文
From: HP
After months of hard work and late caffeine-fueled nights, HP’s Web Security Research Group is proud to release HP SWFScan.
HP SWFScan is a free security tool to help developers find and fix security vulnerabilities in applications developed with the Adobe Flash Platform. The tool is the first of its kind to decompile applications developed with the Flash platform and perform static analysis to understand their behaviors. This helps developers without security backgrounds identify vulnerabilities hidden within the application which cannot be detected with dynamic analysis methods.
阅读全文
订阅我的博客
