inurl:clientaccesspolicy filetype:xml intext:allow-from

  • 日期:2014-03-27
  • 类别:
  • 作者:anonymous
  • 语法:inurl:clientaccesspolicy filetype:xml intext:allow-from
  • Locates clientaccesspolicy.xml files used by silverlight to determine

    the cross domain policy of that site's silverlight apps. An open

    setting of will allow a weaponized silverlight

    application hosted on an attacker's site to read information from the

    target site while running in a victim's browser.



    Red Team

    Blue Team