Report post Posted June 12, 2017 I've seen a lot of people also using insecure crossdomain.xml configs. This file is for domains that can connect etc. When it's insecure, an attacker can upload malicious SWF content. Insecure crossdomain.xml: <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy> The following is a correct crossdomain.xml: <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.xdd.com" /> <allow-access-from domain="xdd.com" /> </cross-domain-policy> Share this post Link to post Share on other sites
