RFD is a new web based attack that extends reflected attacks beyond the context of the web browser. Attackers can build malicious URLs which once accessed, download files, and store them with any desired extension, giving a new malicious meaning to reflected input, even if it is properly escaped. Moreover, this attack allows running shell commands on the victim’s computer.
Find out more:
https://drive.google.com/file/d/0B0KLoHg_gR_XQnV4RVhlNl96MHM/view
