inurl:clientaccesspolicy filetype:xml intext:allow-from

• SHDB
• 1896 views

• 日期：2014-03-27
• 类别：
  • Files Containing Juicy Info
• 作者：anonymous
• 语法：inurl:clientaccesspolicy filetype:xml intext:allow-from

• Locates clientaccesspolicy.xml files used by silverlight to determine

  the cross domain policy of that site's silverlight apps. An open

  setting of will allow a weaponized silverlight

  application hosted on an attacker's site to read information from the

  target site while running in a victim's browser.

  --

  Google+ http://google.com/+EricGragsone

  Red Team http://www.crimsonagents.com/

  Blue Team http://www.erisresearch.org/

  Coding http://maetrics.github.io