Cross-domain Flash and Silverlight (crossdomain.xml)

Now I’ve posted previously about cross-domain communication with things like HTML5 CORS and HTML5 postMessages, I’ve also written about the browsers built in protections through Same-Origin Policy. However, recently I saw a discussion about Cross-domain Flash and Silverlight and how those are different, how specifically the exploitation works and what it offers an attacker.

Read More