--- layout: post status: publish published: true title: ! 'XSF: Cross Site Flashing' wordpress_id: 282 wordpress_url: http://pro.grammatic.org/post-xsf-cross-site-flashing-17.aspx date: !binary |- MjAwNy0wNS0xOSAxNjoxNDozOCArMDIwMA== date_gmt: !binary |- MjAwNy0wNS0xOSAxNjoxNDozOCArMDIwMA== categories: - Technology - InfoSec tags: - information security comments: [] ---
Stefano Di Paola presented an interesting paper on Flash security at OWASP 2007 which highlights the dangers of HTML being rendered from within Flash via GET querystrings. Of particular note is the non-sanitization of comments (filter evasion by // .jpg) so check it out.