inurl:clientaccesspolicy filetype:xml intext:allow-from

GHDB-ID:

3938

Author:

anonymous

Google Dork Description:

inurl:clientaccesspolicy filetype:xml intext:allow-from

Locates clientaccesspolicy.xml files used by silverlight to determine

the cross domain policy of that site's silverlight apps. An open

setting of will allow a weaponized silverlight

application hosted on an attacker's site to read information from the

target site while running in a victim's browser.



-- 

Google+ http://google.com/+EricGragsone

Red Team http://www.crimsonagents.com/

Blue Team http://www.erisresearch.org/

Coding http://maetrics.github.io