CyberCode Academy
In this lesson, you’ll learn about: Same Origin Policy (SOP), its controlled exceptions, and how attackers exploit it using SOME via Flash callbacks1. What is the Same Origin Policy (SOP)🔹 Definition: * A core browser security rule that restricts how documents interact 🔹 Enforced in: * Web Browsers 🔹 Rule: Two URLs can interact only if all match: * Protocol (HTTP / HTTPS) * Host (domain) * Port 👉 Key Insight SOP prevents unauthorized access between different websites2. Why SOP Exists🔹 Purpose: * Protect user data (cookies, sessions, DOM) 🔹 Without SOP: * Any site could read or modify another site 👉 Key Insight SOP is the foundation of web security isolation3. Soft Exclusions to SOP🔹 Allowed interactions: * * embedding * postMessage API 🔹 Why they exist: * Enable cross-origin communication safely 👉 Key Insight SOP is strict—but not absolute4. Introducing SOME (Same Origin Method Execution)🔹 Definition: * A technique to execute methods across windows using references 🔹 Related concept: * Reverse clickjacking 👉 Key Insight SOME doesn’t break SOP—it works around it5. Role of Flash in SOME Attacks🔹 Technology involved: * Adobe Flash Player 🔹 Bridge: * ActionScript ↔ JavaScript 🔹 Key function: * ExternalInterface.call() 👉 Key Insight Flash acts as a bridge to execute JS indirectly6. How Flash Callbacks Become Vulnerable🔹 Weakness: * Accept user-controlled input 🔹 Restrictions: * Often limited to: * Letters (a–z, A–Z) * Numbers (0–9) * Dot (.) 🔹 Still dangerous because: * Can call existing JS functions 👉 Key Insight Limited input ≠ safe input7. SOME Attack Lifecycle🔹 Step-by-step: 1. Victim visits attacker page 2. Malicious page opens new tab 3. Uses window.opener reference 4. Parent tab redirected to target site 5. Payload executes via callback 👉 Key Insight Attack uses tab relationships + timing8. DOM Manipulation via SOME🔹 Target: * Document Object Model (DOM) 🔹 What attacker can do: * Trigger clicks * Submit forms * Change UI state 👉 Key Insight User actions are simulated without consent9. Real-World Example: WordPress Exploit🔹 Platform: * WordPress 🔹 Vulnerability: * Flash file (video-js.swf) with weak callback 🔹 Attack outcome: * Plugin activated automatically 👉 Key Insight Even mature platforms can have legacy weak points10. Bypassing Filters🔹 Challenge: * Only alphanumeric + dot allowed 🔹 Solution: * Call existing functions like: * window.opener.someFunction 👉 Key Insight Attackers reuse existing trusted functions11. Chaining Actions🔹 Advanced technique: * Open multiple tabs 🔹 Result: * Simulate complex workflows: * Activate plugin * Delete files * Change settings 👉 Key Insight Simple actions can be chained into full compromise12. Why SOME is Powerful🔹 Works when: * XSS is blocked * CSRF is mitigated 🔹 Because: * Uses legitimate browser behavior 👉 Key Insight Security controls can be bypassed via unexpected paths13. How to Prevent SOME Attacks🔹 Remove legacy risks: * Disable Flash completely 🔹 Secure callbacks: * Validate inputs strictly * Avoid dynamic execution 🔹 Protect windows: * Use rel="noopener noreferrer" 👉 Key Insight Modern security = eliminate legacy + validate everything14. Big PictureYou are learning:👉 How SOP protects—but also limits 👉 How attackers abuse allowed behaviors 👉 Why legacy tech (Flash) is dangerousMental ModelSOP restriction → allowed exceptions → weak callback → window reference → method execution → silent attack You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]
293 episoder
Kommentarer
0Vær den første til at kommentere
Tilmeld dig nu og bliv en del af CyberCode Academy-fællesskabet!