Does this still work?

[marcelo321]

i reported to a program that they had a weak cross domain policy like this:

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

they asked me for a proof of concept and i tried this tool, but for some reason i am not getting any logs. does this tool or this attack still work? i need help

[sethsec]

the attack still works, yea. It helps if you do it all through burp or another proxy so you can see what is happening. check out https://sethsec.blogspot.com/2014/10/bsidesdc-2014.html for live examples.

just like csrf, you should see the victim clicking the link and going to your site, then you should see the victim making an authenticated request to the vulnerable site, and then you should see the victim sending the sensitive data back to your site.

as explained in the video, if the site with the * does not have anything sensitive on it, there is no risk.

good luck!

[marcelo321]

@sethsec thanks for the informative response. if you like, we can talk this in another platform and test if the site is vulnerable. The bug bounty program i found this vulnerability offers a pretty high bounty if i make a proof of concept that this attack is possible. if you want, you can help me make PoC and then we can share the possible bounty 50/50, what do you think?? my discord name and number is nestorr #5226. mail: [email protected]

[marcelo321]

i get to work the .SWF SERVER and i can see the logs of exploit.swf and index.html but the /bounty doesn't collect anything... i need help bro plz? i am trying to get whatever the victim has in example.com/edit_profile so ican get his personal information, but it doesn't seem to work.