In my original "Forging HTTP request headers with Flash" paper
(http://www.securityfocus.com/archive/1/441014), I mentioned forcing multipart/form-data
input format to ensure that Flash's LoadVars isn't used to forge the request.
However, there's a work-around for the attacker - usin...
In my original "Forging HTTP request headers with Flash" paper
(http://www.securityfocus.com/archive/1/441014), I mentioned forcing multipart/form-data
input format to ensure that Flash's LoadVars isn't used to forge the request.
However, there's a work-around for the attacker - usin...
[ more ]