Episode Details

Back to Episodes
Course 38 - Web Security Known Web Attacks | Episode 5: SOP Fundamentals and SOME Attack Exploitation via Flash Callbacks

Course 38 - Web Security Known Web Attacks | Episode 5: SOP Fundamentals and SOME Attack Exploitation via Flash Callbacks

Published 6 days, 10 hours ago
Description
In this lesson, you’ll learn about: Same Origin Policy (SOP), its controlled exceptions, and how attackers exploit it using SOME via Flash callbacks1. What is the Same Origin Policy (SOP)🔹 Definition:
  • A core browser security rule that restricts how documents interact
🔹 Enforced in:
  • Web Browsers
🔹 Rule:
Two URLs can interact only if all match:
  • Protocol (HTTP / HTTPS)
  • Host (domain)
  • Port
👉 Key Insight
SOP prevents unauthorized access between different websites2. Why SOP Exists🔹 Purpose:
  • Protect user data (cookies, sessions, DOM)
🔹 Without SOP:
  • Any site could read or modify another site
👉 Key Insight
SOP is the foundation of web security isolation3. Soft Exclusions to SOP🔹 Allowed interactions:
  • embedding
  • postMessage API
🔹 Why they exist:
  • Enable cross-origin communication safely
👉 Key Insight
SOP is strict—but not absolute4. Introducing SOME (Same Origin Method Execution)🔹 Definition:
  • A technique to execute methods across windows using references
🔹 Related concept:
  • Reverse clickjacking
👉 Key Insight
SOME doesn’t break SOP—it works around it5. Role of Flash in SOME Attacks🔹 Technology involved:
  • Adobe Flash Player
🔹 Bridge:
  • ActionScript ↔ JavaScript
🔹 Key function:
  • ExternalInterface.call()
👉 Key Insight
Flash acts as a bridge to execute JS indirectly6. How Flash Callbacks Become Vulnerable🔹 Weakness:
  • Accept user-controlled input
🔹 Restrictions:
  • Often limited to:
    • Letters (a–z, A–Z)
    • Numbers (0–9)
    • Dot (.)
🔹 Still dangerous because:
  • Can call existing JS functions
👉 Key Insight
Limited input ≠ safe input7. SOME Attack Lifecycle🔹 Step-by-step:
  1. Victim visits attacker page
  2. Malicious page opens new tab
  3. Uses window.opener reference
  4. Parent tab redirected to target site
  5. Payload executes via callback
👉 Key Insight
Attack uses tab relationships + timing8. DOM Manipulation via SOME🔹 Target:
  • Document Object Model (DOM)
🔹 What attacker can do:
  • Trigger clicks
  • Submit forms
  • Change UI state
👉 Key Insight
User actions are simulated without consent9. Real-World Example: WordPress Exploit🔹 Platform:
  • WordPress
🔹 Vulnerability:
  • Flash file (video-js.swf) with weak callback
🔹 Attack outcome:
  • Plugin activated automatically
👉 Key Insight
Even mature platforms can have legacy weak points10. Bypassing Filters🔹 Challenge:
  • Only alphanumeric + dot allowed
🔹 Solution:
  • Call existing functions like:
    • window.opener.someFunction
👉 Key Insight
Attackers reuse existing trusted functions11. Chaining Actions🔹 Advanced technique:
  • Open multiple tabs
🔹 Result:
  • Simulate complex workflows:
    • Activate plugin
    • Delete files
    • Change settings
👉 Key Insight
Simple actions can be chained into full compromise12. Why SOME is Powerful🔹 Works when:
  • XSS is blocked
  • CSRF is mitigated
🔹 Because:
  • Uses legitimate browser behavior
👉 K
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us