HTTP Cross Domain Policy File Scanner

Checks the cross-domain policy file (/crossdomain.xml) and the client-acces-policy file (/clientaccesspolicy.xml) in web applications and lists the trusted domains. Overly permissive settings enable Cross Site Request Forgery attacks and may allow attackers to access sensitive data. This script is useful to detect permissive configurations and possible domain names available for purchase to exploit the application.

The script queries instantdomainsearch.com to lookup the domains. This functionality is turned off by default, to enable it set the script argument http-cross-domain-policy.domain-lookup.

References:

• http://sethsec.blogspot.com/2014/03/exploiting-misconfigured-crossdomainxml.html
• http://gursevkalra.blogspot.com/2013/08/bypassing-same-origin-policy-with-flash.html
• https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
• https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf
• http://acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file