HTTP Cross Domain Policy File Scanner
This script can be used to find permissive setups and domain names that are available for purchase in order to manipulate the app.
Short Info
Level
Information
Type
Single Scan
Can be used by
Everyone
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
HTTP Cross Domain Policy File Scanner Detail
Checks the cross-domain policy file (/crossdomain.xml) and the client-acces-policy file (/clientaccesspolicy.xml) in web applications and lists the trusted domains. Overly permissive settings enable Cross Site Request Forgery attacks and may allow attackers to access sensitive data. This script is useful to detect permissive configurations and possible domain names available for purchase to exploit the application.
The script queries instantdomainsearch.com to lookup the domains. This functionality is turned off by default, to enable it set the script argument http-cross-domain-policy.domain-lookup.
References:
- http://sethsec.blogspot.com/2014/03/exploiting-misconfigured-crossdomainxml.html
- http://gursevkalra.blogspot.com/2013/08/bypassing-same-origin-policy-with-flash.html
- https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
- https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf
- http://acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file
control security posture