Latest News: (loading..)

1

crossdomain.xml

Started by Ken44, Jan 23 2012, 18:50

You cannot reply to this topic
Go to first unread post

5 replies to this topic

#1 Ken44

Community Member
223 posts

Real Name:Ken
Gender:Male
Location:UK

@Mention

Posted 23 January 2012, 18:50

Hi

I have had oscv2.3.1 installed and working fine for over a year now, however, recently I keep seeing this in whos online

http://tinyurl.com/8y2ecd2

The strange thing is that this only happens when using a Win7 PC. When I look at my admin from 2 other WinXP PCs I never see admin looking for crossdomain.xml
Today, for the first time, I noticed a customer also looking for crossdomain.xml

http://tinyurl.com/8xdz742

I checked my OSC2.3.1 code and there is no reference to crossdomain.xml in the code.

Does anyone know what this could be?

Regards

Ken

Edited by Ken44, 23 January 2012, 19:00.

Back to top

#2 kymation

Community Sponsor
5,663 posts

Real Name:Jim Keebaugh
Gender:Male
Location:Aberdeen WA USA

@Mention

Posted 23 January 2012, 21:16

A crossdomain.xml file is used by Adobe Flash to allow your Flash content to include content from another domain. It's a security hole if not done properly, so this could be an attempt to find a vulnerability to exploit. Or, if you have Flash content on your site, it could be perfectly normal.

Regards
Jim

My Addons

Banners Box 2.3.1 Support
Categories Accordion Box 2.3.1 Support
Categories Images Box 2.2x 2.3.1 Support
Closest Shipper 2.2x Support
Document Manager 2.2x Support
Generic Box 2.3.1 Support
Get 1 Free 2.2x Support
Include HTML and Text Boxes 2.2x
jQuery Banner Rotator 2.2x 2.3.1 Support
Modular Front Page 2.3.1 Support
Modular SEO Header Tags 2.3.1 Support
More Pics 2.2x Support
MVS 2.2x Support
osC Catalog 2.2x Support
PDF Datasheet 2.3.1 Support
Price Updater 2.2x
Products Specifications 2.2x 2.3.1 Development Version Support Bugs/Suggestions
Request a Review 2.2x - 2.3.1 Support
Similar Products Box 2.2x
Theme Switcher 2.3.1 Support

Back to top

#3 Ken44

Community Member
223 posts

Real Name:Ken
Gender:Male
Location:UK

@Mention

Posted 24 January 2012, 09:50

Hi Jim

Thanks for your reply.

My site is fairly basic, it can be seen at the links above. (just go up a level)
I have no flashy add-ons. The only thing that may use Flash Player is PHPmyVisites, however this has been installed since the site was built and has never caused a problem before.
Also, a customer does not have access to this software. Why is a customer looking for crossdomain.xml?

Regards

Ken

Back to top

#4 nottheusual1

Community Member
24 posts

Real Name:[you decide]
Location:Backwater, OH

@Mention

Posted 24 January 2012, 17:53

They aren't a customer - probably fishing for the file to see if they can exploit its presence. First clue is that there is no reason for them to naturally create that file call - they have to form the URL. Are you using a scanning service that might be testing for that file?

:not_the_usual1
[you decide]

-- Trying to figure it out, just like everyone else --

Back to top

#5 Ken44

Community Member
223 posts

Real Name:Ken
Gender:Male
Location:UK

@Mention

Posted 25 January 2012, 19:19

Hi.

It appears to be myself that is looking for this file. In ‘whos online’ it is Admin that is looking at crossdomain.xml (see the images in the first post)

Since this is only happening on Win7 then I guess this must be something to do with the operating system rather than my website.

Very strange though.

Ken

Back to top

#6 RMD27

Community Member
259 posts

Real Name:Ricardo
Gender:Male

@Mention

Posted 19 May 2012, 14:17

kymation, on 23 January 2012, 21:16, said:

A crossdomain.xml file is used by Adobe Flash to allow your Flash content to include content from another domain. It's a security hole if not done properly, so this could be an attempt to find a vulnerability to exploit. Or, if you have Flash content on your site, it could be perfectly normal.

Regards
Jim

jim, how do you stop it?

Back to top

Back to Security · Next Unread Topic →