Episode Details
Back to Episodes
Course 38 - Web Security Known Web Attacks | Episode 5: SOP Fundamentals and SOME Attack Exploitation via Flash Callbacks
Published 6 days, 10 hours ago
Description
In this lesson, you’ll learn about: Same Origin Policy (SOP), its controlled exceptions, and how attackers exploit it using SOME via Flash callbacks1. What is the Same Origin Policy (SOP)🔹 Definition:
Two URLs can interact only if all match:
SOP prevents unauthorized access between different websites2. Why SOP Exists🔹 Purpose:
SOP is the foundation of web security isolation3. Soft Exclusions to SOP🔹 Allowed interactions:
SOP is strict—but not absolute4. Introducing SOME (Same Origin Method Execution)🔹 Definition:
SOME doesn’t break SOP—it works around it5. Role of Flash in SOME Attacks🔹 Technology involved:
Flash acts as a bridge to execute JS indirectly6. How Flash Callbacks Become Vulnerable🔹 Weakness:
Limited input ≠ safe input7. SOME Attack Lifecycle🔹 Step-by-step:
Attack uses tab relationships + timing8. DOM Manipulation via SOME🔹 Target:
User actions are simulated without consent9. Real-World Example: WordPress Exploit🔹 Platform:
Even mature platforms can have legacy weak points10. Bypassing Filters🔹 Challenge:
Attackers reuse existing trusted functions11. Chaining Actions🔹 Advanced technique:
Simple actions can be chained into full compromise12. Why SOME is Powerful🔹 Works when:
- A core browser security rule that restricts how documents interact
- Web Browsers
Two URLs can interact only if all match:
- Protocol (HTTP / HTTPS)
- Host (domain)
- Port
SOP prevents unauthorized access between different websites2. Why SOP Exists🔹 Purpose:
- Protect user data (cookies, sessions, DOM)
- Any site could read or modify another site
SOP is the foundation of web security isolation3. Soft Exclusions to SOP🔹 Allowed interactions:
- embedding
- postMessage API
- Enable cross-origin communication safely
SOP is strict—but not absolute4. Introducing SOME (Same Origin Method Execution)🔹 Definition:
- A technique to execute methods across windows using references
- Reverse clickjacking
SOME doesn’t break SOP—it works around it5. Role of Flash in SOME Attacks🔹 Technology involved:
- Adobe Flash Player
- ActionScript ↔ JavaScript
- ExternalInterface.call()
Flash acts as a bridge to execute JS indirectly6. How Flash Callbacks Become Vulnerable🔹 Weakness:
- Accept user-controlled input
- Often limited to:
- Letters (a–z, A–Z)
- Numbers (0–9)
- Dot (.)
- Can call existing JS functions
Limited input ≠ safe input7. SOME Attack Lifecycle🔹 Step-by-step:
- Victim visits attacker page
- Malicious page opens new tab
- Uses window.opener reference
- Parent tab redirected to target site
- Payload executes via callback
Attack uses tab relationships + timing8. DOM Manipulation via SOME🔹 Target:
- Document Object Model (DOM)
- Trigger clicks
- Submit forms
- Change UI state
User actions are simulated without consent9. Real-World Example: WordPress Exploit🔹 Platform:
- WordPress
- Flash file (video-js.swf) with weak callback
- Plugin activated automatically
Even mature platforms can have legacy weak points10. Bypassing Filters🔹 Challenge:
- Only alphanumeric + dot allowed
- Call existing functions like:
- window.opener.someFunction
Attackers reuse existing trusted functions11. Chaining Actions🔹 Advanced technique:
- Open multiple tabs
- Simulate complex workflows:
- Activate plugin
- Delete files
- Change settings
Simple actions can be chained into full compromise12. Why SOME is Powerful🔹 Works when:
- XSS is blocked
- CSRF is mitigated
- Uses legitimate browser behavior