April 5, 2010 - 12:02 UTC
Unrestricted crossdomain.xml and clientaccesspolicy.xml files can be abused by malicious RIA
s - or MalaRIAs - to perform actions on behalf of the user. For this PoC (proof of concept) I setup a malicious RIA to act as a proxy by comibining it with a server side application. This would allow the attacker to use the combined solution as a proxy and surf web sites with unrestricted cross domain policies through the victim's browser.