Cross-domain and client access policies need to be check for overly permissive permissions. Insecure configurations allow cross-site request forgery attacks and could be abused to obtain sensitive data from web servers. The script http-cross-domain-policy
will help us detect these insecure configurations and check automatically whether there are any domain names available for purchase to abuse the configuration.
This recipe shows how to detect insecure cross-domain policies in web servers with Nmap.
Use the following Nmap command to check the cross-domain policies of a web server:
$ nmap --script http-cross-domain-policy <target>
A vulnerability report will show up if the client access or cross-domain policy files are found. Additional information will be included to manually analyze the issue:
PORT STATE SERVICE REASON 8080/tcp open http-proxy syn-ack | http-cross-domain-policy: | VULNERABLE: | Cross-domain...