Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
crossdomain.xml
Flash Cross-Domain Policy
What an attacker could do
An overly permissive policy (allow-access-from domain="*") lets any site make cross-domain requests with the user's credentials, enabling data theft via legacy Flash/Silverlight clients.
How to defend it
Remove the file if no Flash/Silverlight clients exist, or restrict allow-access-from to specific trusted domains and set permitted-cross-domain-policies to none.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation