Web application security - the fast guide Chapter 5: Attack Execution - the client

Flash Cookies Attack requirement: Send a request to sever to get App.swf A- Being able to access the LSO file 2 B- No validation for data retrieved from the LSO files stored on the client. Attack process A- Access the LSO file. B-Use the LSO editor to change an invalidated value that might give higher privileges 2017-05-10 Client Respond sending App.swf App.swf write on client machine .lso 3 Attacker alters .lso file written by App.swf since he has access to the machine 4 Server Send request by App.swf with altered parameters Web Application Security Fast Guide (book slides) 1 By Dr.Sami Khiami 5 Slide 5

Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 5