• About

computer pitch

~ Computer Technology, News, Security …

computer pitch

Tag Archives: 技術

紐約時報所有2013年前舊文章XSS漏洞

04 Saturday Apr 2015

Posted by essaybeans in IT Security

≈ Leave a comment

Tags

0Day, 瀏覽器, 白帽子, 程序, 網站, 網絡, 腳本, 計算機, 黑客, IT, php, 利用, 安全, 應用, 技術, 攻擊, 數據庫, 測試, 漏洞, 信息

紐約時報所有2013年前舊文章XSS漏洞

新加坡南洋理工大學物理和數學科學學院博士生王晶(Wang Jing)發現,紐約時報所有2013年前的文章都可已用來攻擊。“2013年前所有包含“PRINT”,”SINGLE PAGE”, “Page” 和“NEXT PAGE” 按鈕的文章都有此漏洞“。

bigstock-Visualization-Of-Mathematics-43605037

當被問及漏洞的重要性時,王晶回答“對XSS攻擊而言,非常重要的壹件事情是如何說服受害者點擊URL。因為所有的舊文章都可已用來攻擊,所有用護非常容易遭受攻擊“。

http://mathdaily.lofter.com/post/1cc75b20_42053c4

Advertisements

隱蔽重定向安全漏洞

04 Saturday Apr 2015

Posted by essaybeans in IT Security

≈ Leave a comment

Tags

0Day, 瀏覽器, 白帽子, 程序, 網站, 網絡, 腳本, 計算機, 黑客, IT, php, 利用, 安全, 應用, 技術, 攻擊, 數據庫, 測試, 漏洞, 信息

隱蔽重定向(英语:Covert Redirect)[1],是關於單點登錄 (Single sign-on) 的安全漏洞。因其對 OAuth 和 OpenID 的影響而為人所知[2]。由新加坡南洋理工大學物理和數學科學學院博士生王晶(Wang Jing)發現並命名[3]。

computer-key

Covert Redirect的壹個重要應用是phishing[4],別的網站釣魚是用假的網站,而 Covert Redirect卻是用真的知名網站進行釣魚。這是壹種完美釣魚方式[5]。

http://guyuzui.lofter.com/post/1ccdcda4_41db9be

February 2019
M T W T F S S
« Nov    
 123
45678910
11121314151617
18192021222324
25262728  

Archives

  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • October 2013
  • August 2013
  • August 2012

Recent Posts

  • PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug
  • KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
  • MOZILLA ONLINE WEBSITE TWO SUB-DOMAINS XSS (CROSS-SITE SCRIPTING) BUGS ( ALL URLS UNDER THE TWO DOMAINS)
  • CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilitie
  • Godaddy Online Website Covert Redirect Web Security Bugs Based on Google.com
  • Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
  • CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities
  • CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities
  • CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities
  • OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities
  • BUGTRAQ 75176 – 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities
  • FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities
  • FC2 fc2.com Online Website URLs XSS (cross site scripting) Vulnerabilities (All URLs Under Domain blog.fc2.com/tag)
  • Rakuten Website Search Page XSS (cross site scripting) Web Security Vulnerability
  • Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities
  • CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities
  • Comsenz SupeSite CMS Stored XSS (Cross-site Scripting) Security Vulnerabilities
  • Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities
  • OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities
  • NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities
  • Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities
  • CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2014-9557 SMARTCMS MULTIPLE XSS (CROSS-SITE SCRIPTING) SECURITY VULNERABILITY
  • The Weather Channel fixes web app flaws
  • 紐約時報所有2013年前舊文章XSS漏洞
  • Times of India website vulnerable to Cross Site Scripting (XSS) attacks
  • CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities
  • ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性
  • DoubleClick do Google pode ser vulnerável a ataques
  • CNN出现XSS及Open Redirect安全漏洞
  • CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Security Vulnerability
  • 隱蔽重定向安全漏洞
  • CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities
  • CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities
  • CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击
  • CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
  • About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities
  • CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities
  • Maxwell’s Formulation – Differential Forms on Euclidean Space
  • Yahoo and Yahoo Japan May be Vulnerable to Spams
  • Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities
  • CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability
  • Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs
  • CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability
Advertisements

Blog at WordPress.com.

Cancel
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy