This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Insecure Third Party Domain Access"
From OWASP
| Line 1: | Line 1: | ||
{{Template:Stub}} | {{Template:Stub}} | ||
{{Template:Vulnerability}} | {{Template:Vulnerability}} | ||
| − | |||
| − | |||
| − | |||
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| + | [[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]] | ||
==Description== | ==Description== | ||
Latest revision as of 01:26, 21 February 2009
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 02/21/2009
Vulnerabilities Table of Contents
Description
Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.
Environments Affected
- Web servers
- Application servers
- Client Machines
Risk Factors
- Allowing hosted content from an untrusted server into a trusted application: affecting the server, server environment, and client machine.
- No confirmation of Third Party Controls.
Examples
This following example is a common method to insert third party hosted content into a trusted an application. If the hosting site is vulnerable to attack, all content delivered to an application would be vulnerable malicious changes.
<iframe src="http://site.com/share/Action.swf" width="720" height="420" marginwidth="0" marginheight="0" scrolling="Auto" frameborder="0"></iframe>
Related Attacks
Related Vulnerabilities
TBD
Related Controls
TBD
