Flash comes to the rescue
These days almost all web applications store files in some way or another; take, for example, social networking websites that store our pictures or dedicated storage services like Dropbox. One common problem with this is that we can upload Flash or SWF files with benign extensions like .jpg, .gif, or .png and it will be happily accepted by the server backend. The problem arises if the file is hosted on the main domain or subdomain (not sandboxed domain) of the website, but we can create a Flash file to read the HTML source of the vulnerable website and upload it there with the allowed extensions mentioned earlier. Once it is uploaded on the vulnerable website, the attacker simply needs to embed the Flash file and pass the HTML output from the Flash file to a JavaScript callback function to perform source parsing. The page in which the Flash is embedded can be hosted anywhere, but once the Flash file is executed, it will simply send a request to the affected site...
