-
Recent Posts
- Trying New Things: Risk and Reward – It Is Important in Internet Days (Tetraph Suggestion)
- 关于海的诗句
- CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
- 带山的经典古文
- Youth – Beautiful Time
- CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities
- CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities
- CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities
- CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities
- OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities
- OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities
- 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities
- 熱帶雨林 – S.H.E – 青春株式會社 柔美溫和華文歌曲
- CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
- CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities
- CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
- CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities
- Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities
- Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities
- NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities
- NetCat CMS 3.12 HTML Injection Security Vulnerabilities
- Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities
- Comsenz SupeSite CMS Stored XSS (Cross-site Scripting) Security Vulnerabilities
- CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
- CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
- 15條經典愛情語錄:青春的日子,愛情必不可少
- ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性
- DoubleClick do Google pode ser vulnerável a ataques
- CNN出现XSS及Open Redirect安全漏洞
- CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Security Vulnerability
- Vigilantes testing security of IT systems
- 隱蔽重定向安全漏洞
- The Weather Channel fixes web app flaws
- Times of India website vulnerable to Cross Site Scripting (XSS) attacks
- 紐約時報所有2013年前舊文章XSS漏洞
- Times of India website vulnerable to Cross Site Scripting (XSS) attacks
- নতুন নিরাপত্তা ত্রুটি, হুমকির সম্মুখীন ফেসবুক গুগল ব্যবহারকারীরা
- 雅虎日本公开重定向安全漏洞
- Alvorlig feil i utbredt innloggingssystem
- CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
- 描寫秋天的古詩 —— 常用古詩詞19首
- CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
- VE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Security Vulnerability
- CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability
- CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability
- CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability
- CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability
- CVE-2014-2404 Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure
- CVE-2014-2404 Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure
- Cross-Site Scripting in Two Subdomain of Mozilla Website
Archives
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- November 2013
- August 2013
- April 2013
- February 2013
- November 2012
- October 2012
- September 2012
- April 2012
- February 2012
- October 2011
- April 2011
- November 2010
- April 2010
- February 2010
- April 2009
- February 2009
- July 2008
Categories
- 0Day
- Article
- Celebration
- Computer & Web Technology
- Computer Technology
- Computing Science
- Covert Redirect
- CRLF
- CSRF
- CVE
- CXSecurity
- Database Technology
- Directory Traversal
- DOS
- Essay
- FPD
- Happiness
- Health
- HTML Injection
- Information Leakage
- IT Technology
- Life
- Love
- Mathematics & Statistics
- Memory
- Music
- Open Redirect
- OSVDB
- Phishing
- Poem
- Privilege Escalation
- Spam
- SQL Injection
- Weak Encryption
- Web Application
- Web Application Technology
- Web Technology
- XFS
- XSS
Monthly Archives: December 2014
CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities
CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities Domain: http://cnn.com “The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time … Continue reading
Posted in Computing Science, Open Redirect, XSS
Tagged 0day-exploit, Ads.cnn.com, CNN, Computer Science, cyber-intelligence, Hack Train, IEEE, Information Security, Interent Flaw, IT-news, justqdjing, Open Redirect, Security Vulnerability, Travel.cnn.com, URF, wang Jing, Website Testing, XSS
Leave a comment
OAuthとOpenIDに深刻な脆弱性か–Facebookなど大手サイトに影響も
OpenSSLの脆弱性「Heartbleed」に続き、人気のオープンソースセキュリ ティソフトウェアでまた1つ大きな脆弱性が見つかった。今回、脆 弱性が見つかったのはログインツールの「OAuth」と「OpenID」で、これらのツールは多数のウェブサイトと、Google、Facebook、 Microsoft、LinkedInといったテクノロジ大手に使われている。 シンガポールにあるNanyang Technological University(南洋理工大学)で学ぶ博士課程の学生Wang Jing氏は、「Covert Redirect」という深刻な脆弱性によって、影響を受けるサイトのドメイン上でログイン用ポップアップ画面を偽装できることを発見した。Covert Redirectは、既知のエクスプロイトパラメータに基づいている。 たとえば、悪意あるフィッシングリンクをクリックすると、 Facebook内でポップアップウィンドウが開き、アプリを許可するよう求められる。 Covert Redirect脆弱性の場合、本物に似た偽ドメイン名を使ってユーザーをだますのではなく、本物のサイトアドレスを使って許可を求める。 ユーザーがログインの許可を選択すると、正当なウェブサイトではなく攻撃者に個人データが送られてしまう。渡される個人データは、何を要求されるかにもよるが、メールアドレス、誕生日、連絡先リスト、さらにはアカウント管理情報にも及ぶ可能性がある。 アプリを許可したかどうかにかかわらず、標的になったユーザーはその後、攻撃者が選ぶウェブサイトにリダイレクトされ、そこでさらなる攻撃を受ける可能性がある。 Wang 氏によると、すでにFacebookには連絡し、この脆弱性を報告したが、同社は「OAuth 2.0に関連するリスクは理解していた」と述べた上で、「当プラットフォーム上の各アプリケーションにホワイトリストの利用を強制することが難しい」た め、このバグを修正することは「短期間で達成できるものではない」と返答したという。 影響を受けるサイトはFacebookだけではない。Wang氏は、Google、LinkedIn、Microsoftにもこの件を報告したが、問題への対処についてさまざまな回答を受け取ったと述べている。 Google(OpenID を利用している)はWang氏に、現在この問題に取り組んでいると伝えた。LinkedInは、この件に関するブログを公開 したと述べた。一方でMicrosoftは、調査を行ったところ、脆弱性はサードパーティーのドメインに存在しており、自社サイトには存在しないと述べ た。 この記事は海外CBS Interactive発の記事を朝日インタラクティブが日本向けに編集したものです。 ソース: http://sp05rdcy.jugem.jp/?eid=1934 … Continue reading
CVE-2014-7294 NYU Opensso Integration Open Redirect Security Vulnerability
Exploit Title: NYU Opensso Integration Logon Page url Parameter Open Redirect Product: Opensso Integration Vendor:NYU Vulnerable Versions: 2.1 and probability prior Tested Version: 2.1 Advisory Publication: DEC 29, 2014 Latest Update: DEC 29, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: … Continue reading
Posted in Computer & Web Technology
Tagged 0-day, application, attack, browser, coding, computer, cve, cyber-security, database, exploit, hacker, information, internet, IT, php, scripting, security, technology, test, vulnerability, web, white-hat
Leave a comment
Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs
Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all. Multiple Open … Continue reading
Posted in Open Redirect, Phishing, Web Application Technology
Tagged 0day-share, Covert Redirect, cyber-intelligence, Dest Priviledge Escalation, Hack Prevention, IEEE, Internet Exploit, New bugs, Open Redirect, Security Vulnerability, wang Jing, Whitehat-Topics, Yahoo, Yahoo Japan, Yahoo.co.jp, Yahoo.com
Leave a comment
76.3% WEATHER CHANNEL WEBSITE LINKS VULNERABLE TO REFLECTED CROSS-SITE SCRIPTING (XSS)
Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to security researcher Wang Jing’s research. The vulnerability lies in that Weather.com does not filter malicious script codes when constructing … Continue reading
ESPN Are Suffering Serious XSS and Dest Redirect Privilege Escalation Security Vulnerabilities
ESPN Are Suffering Serious XSS and Dest Redirect Privilege Escalation Security Vulnerabilities Popular ESPN website (espn.go.com) has been found to be vulnerable to multiple serious XSS and Dest Redirect Privilege Escalation security vulnerabilities according to Jing Wang, a mathematics student from … Continue reading
Posted in Computer & Web Technology, Computer Technology
Tagged 0day-exploit, 0pen redirect, attack-defense, bug-vulnerability, Computer Science, Computer Security, computer-engineering, crime-prevent, cve-information, cyber-intelligence, cyber-security, ESPN, hacker-prevention, IEEE, Internet-information, IT-news, login, math student, PHP Code, spam, wangjing, web-application-test, whitehat-technology, XSS
Leave a comment
ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Web Security Vulnerabilities
ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Web Security Vulnerabilities Domain: http://espn.go.com/ “ESPN (originally an acronym for Entertainment and Sports Programming Network) is a U.S.-based global cable and satellite television channel that … Continue reading
CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities
Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS Product: SnipSnap Vulnerable Versions: 0.5.2a 1.0b1 1.0b2 Tested Version: 0.5.2a 1.0b1 1.0b2 Advisory Publication: Jan 30, 2015 Latest Update: Jan 30, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-9559 CVSS Severity (version … Continue reading
Posted in Computer & Web Technology
Tagged 0-day, application, attack, browser, coding, computer, cve, cyber-security, database, exploit, hacker, information, internet, IT, php, scripting, security, technology, test, vulnerability, web, white-hat
Leave a comment
XSS κίνδυνοι εντοπίστηκαν σε συνδέσμους στο New York Times σε άρθρα πριν το 2013
Originally posted on INZEED Business Information & Counsel:
Οι διευθύνσεις URL σε άρθρα στους New York Times (NYT) που δημοσιεύτηκαν πριν από το 2013 έχουν βρεθεί να είναι ευάλωτες σε XSS (cross-site scripting) επίθεση, ικανή να μεταφέρει κώδικα που θα…
Posted in Computer & Web Technology, Web Application Technology
Tagged 0 – ημέρα, IT ευπάθεια, παλαιό άρθρο, σφάλμα, τη Σιγκαπούρη, της έρευνας, την πρόληψη του εγκλήματος, την ασφάλεια στον κυβερνοχώρο, την επίθεση, την εφαρμογή, το 2013, το πρόβλημα, τον κωδικό ελάττωμα, υπολογιστή, χάκερ, ΙΕΕΕ, Νέα Υόρκη φορές, δοκιμές, εκμεταλλεύονται, ιστοσελίδα, λευκό καπέλο, μαθηματικά, JingWang, justqdjing, php, tetraph, web, XSS
Leave a comment