May 2017
Intermediate to advanced
416 pages
21h 33m
English
Use the following Nmap command to check the cross-domain policies of a web server:
$ nmap --script http-cross-domain-policy <target>
A vulnerability report will show up if the client access or cross-domain policy files are found. Additional information will be included to manually analyze the issue:
PORT STATE SERVICE REASON 8080/tcp open http-proxy syn-ack | http-cross-domain-policy: | VULNERABLE: | Cross-domain policy file (crossdomain.xml) | State: VULNERABLE | A cross-domain policy file specifies the permissions that a web client such as Java, Adobe Flash, Adobe Reader, | etc. use to access data across different domains. A client access policy file is similar to cross-domain policy | but is used for M$ Silverlight ...
Read now
Unlock full access