What is the crossdomain.xml file?The crossdomain.xml file is a cross-domain policy file. It grants the Flash Player permission to talk to servers other than the one it's hosted on.
In what circumstances do I need to use one?You need a crossdomain.xml file when your Speedtest uses external hosts as testing servers.
Crossdomain.xml filesFlash Player’s default security model enforces the same origin policy similar to contemporary browsers and does not allow cross domain data read operations. However, it can make exception to this rule and disregard its default security model if a website in question hosts a cross-domain policy file (named crossdomain.xml) to allow data access from other domains. Insecurely written cross-domain policy files can expose critical application data over the internet. The example policy file below shows once such example where the website opens itself to read access from every running instance of Flash Player.
When flash requests to access that domain, it first asks the domain if it’s okay to snoop its contents. It does that by requesting domain.com/crossdomain.xml file and reading it, that crossdomain file says "Allow-access-from *(all) domains". This means, where ever our flash file is hosted (attacker.com/hack.swf), it will be able to read the contents of domain.com. This is much like a Cross Site scripting, but less in some case. We can only request and read, we cannot write. So it less.
- A user logs on to the banking website.
- The user then visits another website in different browser tab and that website hosts a malicious Flash file to retrieve user information from the bank website.
- When the Flash Player notices an attempt to perform cross-domain read operation, it retrieves crossdomain.xml file from the bank website to discover the permitted operations.
- It then sends out a read request to a known bank URL that returns sensitive information like user bank account numbers, account balance etc…
- The browser adds user’s session cookies to the outgoing requests and since the user is logged in, the malicious Flash file is served with critical user information.
- Th Flash file then passes it on to the malicious server.
The exploit Scenario follows as:
Facebook had an amazing (better?) support about this. I got the fix (less than 9hrs)
Hope you enjoyed the post! Comments would be nice! :)
Great cooperation guys! and I would like to thank the Facebook Security team and the program it self.