Rich Internet Applications use Adobe’s crossdomain.xml policy files to allow cross-domain access to data. These policy files serve the usage via Oracle Java, Adobe Flash and so on. For using these policy files, the domain must grant remote access to other domains. These policy files can describe access restrictions if these restrictions are poorly configured, the server will be vulnerable to attacks like Cross-site request forgery attacks and might allow 3rd party domains to access sensitive information.
A cross-domain policy file specifies the permissions for web clients (like Adobe Flash, Adobe Reader, Java and many more) to access different domains. Microsoft’s Silverlight has a file named clientaccesspolicy.xml to replace Adobe’s crossdomain.xml.
There are mainly three methods to exploit this vulnerability:-
The following code is the example of a vulnerable cross-domain policy.
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>
Using this vulnerability, an attacker can:-
Beagle recommends the following fixes:-
<cross-domain-policy>
<allow-access-from domain="example.beaglesecurity.com" />
</cross-domain-policy>