Note: Sorry for cross posting - but I think this concerns various discussion lists. [ Bypassing JavaScript Filters - the Flash! Attack ] In this paper we will be describing a loophole, with security implications, found in many web-sites that allow Flash documents to be embedded within HTML, or uploaded to the server. We will be describing how Web application developers make use of complex filters for HTML pages but tend to trust Flash content, and as a result introduce a security issue. More details: http://eyeonsecurity.net/papers/ -- Best regards, Obscure mailto:obscure@eyeonsecurity.net ------------------------------ http://eyeonsecurity.net ------------------------------
