Category Archives: Flash

Content-Type Blues

By | February 29, 2012

Assuming an attacker can control the start of a CSV file served up by a web application, what damage could be done?  The example PHP code below serves up a basic CSV file, but allows the user to control the column names. Note that the Content-Type header is at least set properly. <?php header(‘Content-Type: text/csv’);… Read More »

Bypassing Flash’s local-with-filesystem Sandbox Redux

By | December 12, 2011

I suppose I should explain what Adobe refers to as a security control bypass (CVE-2011-2429).  There exists a number of different security sandboxes that the Flash Player uses to restrict SWFs. In this case, I was able to create a SWF that bypassed the restrictions imposed by a local-with-filesystem sandbox. “The local-with-filesystem sandbox–For security purposes,… Read More »