April 5, 2010 - 12:02 EDT
Unrestricted crossdomain.xml and clientaccesspolicy.xml files can be abused by malicious RIA
s - or MalaRIAs - to perform actions on behalf of the user. For this PoC (proof of concept) I setup a malicious RIA to act as a proxy by comibining it with a server side application. This would allow the attacker to use the combined solution as a proxy and surf web sites with unrestricted cross domain policies through the victim's browser.
March 1, 2010 - 19:37 EST
To allow a Silverlight application to fetch data across domains, Silverlight employs a security policy in called clientaccesspolicy.xml. The policy allows a server admin to specify whether or not a Silverlight application running on a given domain is allowed to connect to the server to read data on behalf of the user. Unfortunately some people specify an unrestricted clientaccesspolicy.xml, which allows any server to make requests on behalf of the user, and thus allows a malicious Silverlight application to steal user data or perform actions on behalf of the user.