March 8, 2010 - 21:15 UTC
A lot of flash and flex applications use an XML-file for configuration. The XML-file sets up which texts and images to show. However if we don't pay attention, this flash application can be abused for phishing or spam, because the attacker can specify which file to use in the flash - a client-side RFI (Remote File Inclusion
). Luckily this is not as dangerous as server-side RFI, but it's still something you want to avoid.