Vulnerabilities in rich Web 2.0 applications are definitely a problem when you start deploying more of your business to the cloud. Here is a good article from a Norwegian developer and security researcher – Erlend Oftedal on exploiting crossdomain.xml and clientaccesspolicy.xml in RIAs (rich internet applications).
Unrestricted crossdomain.xml and clientaccesspolicy.xml files can be abused by malicious RIAs – or MalaRIAs – to perform actions on behalf of the user. For this PoC (proof of concept) I setup a malicious RIA to act as a proxy by comibining it with a server side application. This would allow the attacker to use the combined solution as a proxy and surf web sites with unrestricted cross domain policies through the victim’s browser.
See the full article – MalaRIA – I’m in your browser and surfing your Intranet
