Comments on: Cross-site File Upload Attacks

By: Top Ten Web Hacking Techniques of 2008 : RootBrain.Com · The Best IT Security Training & Consulting · Pusat Pelatihan dan Konsultasi TI Terbaik di Yogyakarta

Mon, 14 May 2012 08:39:45 +0000

[...] Cross-site File Upload Attacks [...]

By: Submit Your Top Web Hacking Techniques for 2008 | GNUCITIZEN

Submit Your Top Web Hacking Techniques for 2008 | GNUCITIZEN — Fri, 13 May 2011 23:35:33 +0000

[...] Cross-site File Upload Attacks [...]

By: What’s new in web hacking techniques of 2008

What’s new in web hacking techniques of 2008 — Tue, 09 Feb 2010 05:36:14 +0000

[...] Cross-site File Upload Attacks [...]

By: Sohbet

Sohbet — Wed, 22 Jul 2009 04:52:07 +0000

Thank you for article. I took great pleasure to read (:

By: site ekle

site ekle — Tue, 09 Jun 2009 08:29:23 +0000

Thank you for article. I took great pleasure to read

By: Le migliori tecniche di Web Hacking del 2008 | lonerunners.net

Le migliori tecniche di Web Hacking del 2008 | lonerunners.net — Sun, 15 Mar 2009 17:19:35 +0000

[...] Cross-site File Upload Attacks [...]

By: Heuristic Delta :: Top 70 Hacking Methods :: http://blogs.heuristicdelta.com

Heuristic Delta :: Top 70 Hacking Methods :: http://blogs.heuristicdelta.com — Wed, 25 Feb 2009 07:44:05 +0000

[...] Cross-site File Upload Attacks [...]

By: blake

blake — Tue, 24 Feb 2009 22:03:10 +0000

it works great for webmail (yahoo/symantec & gmail).

see screenshots of yahoo and gmail in .ppt presentation back in July ‘08 on http://www.appfuzzer.com

By: CSRF-ing File Upload Fields | secdefence.com

CSRF-ing File Upload Fields | secdefence.com — Thu, 05 Feb 2009 14:58:13 +0000

[...] Oh well, pdp has an interesting post over at gnucitizen.org about how to perform CSRF attacks against File upload fields using Flash: http://www.gnucitizen.org/blog.....d-attacks/ [...]

By: ??? » Blog Archive » What’s new in web hacking techniques of 2008

Tue, 03 Feb 2009 04:18:02 +0000

[...] Cross-site File Upload Attacks [...]

By: pdp

pdp — Tue, 23 Dec 2008 14:36:59 +0000

this method should work although it could also fail from time to time.

By: maosud

maosud — Tue, 23 Dec 2008 10:45:58 +0000

i want to upload file with a large size

By: Protocolos de publicaciÃ³n remota en WordPress en Buayacorp - DiseÃ±o y ProgramaciÃ³n

Wed, 02 Jul 2008 03:01:08 +0000

[...] [1] Por ejemplo las pÃ¡ginas que permiten subir archivos y que generalmente no tienen protecciÃ³n contra ataques CSRF. Actualmente casi todas las versiones de WordPress sufren este problema y se puede explotar usando lo descrito en Cross-site File Upload Attacks. [...]

By: CSRF-ing File Upload Fields » Inking's Security Blog

CSRF-ing File Upload Fields » Inking's Security Blog — Sat, 15 Mar 2008 05:23:44 +0000

[...] Oh well, pdp has an interesting post over at gnucitizen.org about how to perform CSRF attacks against File upload fields using Flash: http://www.gnucitizen.org/blog.....d-attacks/ [...]

By: Danno

Danno — Sat, 08 Mar 2008 10:07:24 +0000

Routers and modems bypassed, now cross site file upload attacks. Good thing I stopped playing poker online for cash. I don’t use this thing to bank or trade stock on either. Cheeky, aren’t they.

What is a n00b to do?

By: Matt Presson

Matt Presson — Mon, 03 Mar 2008 22:54:19 +0000

Just a thought here, but after doing some simple research on Flash and file access, an attacker could use “one of the wrapper programs that have been written to allow local file access (SWF Studio, Zinc, Screenweaver, etc)” (per http://www.flash-creations.com.....xtfile.php) along with the above code to create a drive-by file upload service. Especially if you used sendToURL().

If I understand what is presented on the above referenced page, and I may not, then if you could get anyone to visit your page you could upload any file you wished to your server from their local machine.

Any thoughts? Am I crazy?

By: pdp

pdp — Wed, 27 Feb 2008 11:16:20 +0000

it used to work but not sure what is the situation right now.

By: guesty

guesty — Wed, 27 Feb 2008 10:57:07 +0000

and how about spoofing the refe(f)rer with flash?

By: 757362

757362 — Sun, 24 Feb 2008 17:56:45 +0000

Interesting project.

“Like CSRF attacks, there are plenty of things one can do with this type of technique.”

- DOM XSS attack entry point.

Using haXe with the Flex2 Framework
http://haxe.org/manual/3/inter....._framework

By: pdp

pdp — Fri, 22 Feb 2008 07:44:08 +0000

LoadVars is inferior when compared to URLRequest combined with navigateToURL or even better sendToURL. Simply put, the navigateToURL function will open the result into a browser window/tab while sendToURL will silently execute it in the background. No restrictions applied! btw, setting up flex environment is not very hard. you just need the FlexSDK .zip file. Decompress it somewhere on the disk. write your MXML or AS and compile with mxmlc like this:

path/to/flexsdk/bin/mxmlc path/to/app.mxml