The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)

“The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper’s print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as “The Gray Lady”, The New York Times is long regarded within the industry as a national “newspaper of record”. It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper’s publisher and the company’s chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times. The paper’s motto, “All the News That’s Fit to Print”, appears in the upper left-hand corner of the front page.” (Wikipedia)

(1) Vulnerability Description:

The New York Times has a computer cyber security problem. Hacker can exploit its users by XSS bugs.

The code program flaw occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its pages. However, it seems that Nytimes does not filter the content used for the construction at all before 2013.

Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All pages of articles). In fact, all article pages that contain “PRINT” button, “SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected.

Nytimes changed this mechanism since 2013. It decodes the URLs sent to its server. This makes the mechanism much safer now.

However, all URLs before 2013 are still using the old mechanism. This means almost all article pages before 2013 are still vulnerable to XSS attacks. I guess the reason Nytimes does not filter URLs before is cost. It costs too much (money & human capital) to change the database of all posted articles before.

Living POCs Codes:

http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//’ “><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0

http://www.nytimes.com/2010/12/07/opinion/07brooks.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2009/08/06/technology/06stats.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2008/07/09/dining/091crex.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//’ “><img src=x onerror=prompt(/justqdjing/)>

POC Video:
https://www.youtube.com/watch?v=RekCK5tjXWQ

Blog Details:
http://tetraph.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html

(2) Vulnerability Analysis:
Take the following link as an example,
http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/“><vulnerabletoattack

It can see that for the page reflected, it contains the following codes. All of them are vulnerable.

<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=print”>Print</testtesttest?pagewanted=print”></a>

</li>

<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><testtesttest?pagewanted=all”> Single Page</vulnerabletoattack?pagewanted=all”></a>

</li>

</li>

</li>

(3) What is XSS?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

“Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.” (Acunetix)

The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.

Discover and Reporter:

Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

http://www.tetraph.com/wangjing

More Details:
http://lists.openwall.net/full-disclosure/2014/10/16/2
http://www.tetraph.com/blog/xss-vulnerability/new-york-times-xss
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102
http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss
http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-xss
https://progressive-comp.com/?l=full-disclosure&m=141343993908563&w=1
http://webtech.lofter.com/post/1cd3e0d3_6f57c56
http://tetraph.blog.163.com/blog/static/2346030512014101270479/
https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-xss
http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles
http://securityrelated.blogspot.com/2014/10/new-york-times-design.html
https://mathfas.wordpress.com/2014/11/01/new-york-times-xss
http://computerobsess.blogspot.com/2014/10/new-york-times-design.html
http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-xss
http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-xss

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities

Macro computer screen shot with binary code and password tex, great concept for computer, technology and online security.

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: CVE-2015-2349 – SuperWebMailer /defaultnewsletter.php” HTMLForm Parameter XSS Web Security Vulnerabilities

Product: SuperWebMailer

Vendor: SuperWebMailer

Vulnerable Versions: 5.*.0.* 4.*.0.*

Tested Version: 5.*.0.* 4.*.0.*

Advisory Publication: March 11, 2015

Latest Update: May 03, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2015-2349

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Author and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Information Details:

(1) Vendor & Product Description:

Vendor:

SuperWebMailer

Product & Vulnerable Versions:

SuperWebMailer

5.60.0.01190

5.50.0.01160

5.40.0.01145

5.30.0.01123

5.20.0.01113

5.10.0.00982

5.05.0.00970

5.02.0.00965

5.00.0.00962

4.50.0.00930

4.40.0.00917

4.31.0.00914

4.30.0.00907

4.20.0.00892

4.10.0.00875

Vendor URL & Download:

SuperWebMailer can be gained from here,

http://www.superwebmailer.de/

Product Introduction Overview:

“Super webmail is a web-based PHP Newsletter Software. The web-based PHP Newsletter Software Super webmail is the optimal solution for the implementation of a successful e-mail marketing.”

“To use the online PHP Newsletter Script is your own website / server with PHP 4 or newer, MySQL 3.23 or later and the execution of CronJobs required. Once installed, the online newsletter software Super webmail can be served directly in the browser. The PHP Newsletter Tool Super webmail can therefore be used platform-independent all operating systems such as Windows, Linux, Apple Macintosh, with Internet access worldwide. The PHP Newsletter Script allows you to manage your newsletter recipients including registration and deregistration from the newsletter mailing list by double-opt In, Double Opt-Out and automatic bounce management. Send online your personalized newsletter / e-mails in HTML and Text format with embedded images and attachments immediately in the browser or by CronJob script in the background immediately or at a later. With the integrated tracking function to monitor the success of the newsletter mailing, if thereby the openings of the newsletter and clicks on links in the newsletter graphically evaluated and presented. Put the integrated autoresponder to autorun absence messages or the receipt of e-mails to confirm.”

“It is now included CKEditor 4.4.7. An upgrade to the latest version is recommended as an in CKEditor 4.4.5 Vulnerability found. Super webmail from immediately contains new chart component for the statistics that do not need a flash and are therefore also represented on Apple devices. For the Newsletter tracking statistics is now an easy print version of the charts available that can be printed or saved with PDF printer driver installed in a PDF file. When viewing the e-mails in the mailing lists of the sender of the email is displayed in a column that sent the e-mail to the mailing list. For form creation for the newsletter subscription / cancellation are now available variant”

(2) Vulnerability Details:

SuperWebMailer web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other related products 0-day vulnerabilities have been found by some other bug hunter researchers before. SuperWebMailer has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to web application vulnerabilities.

(2.1) The programming code flaw occurs at “&HTMLForm” parameter in “defaultnewsletter.php?” page.

http://www.securityfocus.com/bid/73063

http://lists.openwall.net/full-disclosure/2015/03/07/3

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819

http://packetstormsecurity.com/files/131288/ECE-Projects-Cross-Site-Scripting.html

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551542201539&w=2

https://cxsecurity.com/issue/WLB-2015030043

http://aibiyi.lofter.com/post/1cc9f4e9_6edf9bf

http://tetraph.tumblr.com/post/118764414962/canghaixiao-cve-2015-2349-superwebmailer

http://canghaixiao.tumblr.com/post/118764381217/cve-2015-2349-superwebmailer-5-50-0-01160-xss

http://essaybeans.lofter.com/post/1cc77d20_6edf28c

https://www.facebook.com/essaybeans/posts/561250300683107

https://twitter.com/essayjeans/status/598021595974602752

https://www.facebook.com/pcwebsecurities/posts/687478118064775

http://tetraph.blog.163.com/blog/static/234603051201541231655569/

https://plus.google.com/112682696109623633489/posts/djqcrDw5dQp

http://essayjeans.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html

https://mathfas.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

https://vulnerabilitypost.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

http://aibiyi.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html

724CMS 5.01 Information Leakage Security Vulnerabilities

724CMS 5.01 Multiple Information Leakage Security Vulnerabilities

Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

Discover and Author: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

Vendor URL & download:

724CMS can be got from here,

http://724cms.com/

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. Meanwhile, 724CMS provides procedures to manage workflow in a collaborative environment.”

“A CMS helps you create and store content in a shared repository. It then manages the relationships between content items for you (e.g. keeping track of where they fit into the site hierarchy). Finally, it ensures that each content item is connected to the right style sheet when it comes to be published. Some CMSs also provide facilities to track the status of content items through editorial processes and workflows.”

(2) Vulnerability Details:

724CMS web application has a security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Several 724CMS products vulnerabilities have been found by some other bug hunter researchers before. 724CMS has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to 724CMS vulnerabilities.

(2.1) The first code programming flaw occurs at “index.php” page with “&Lang”, “&ID” parameters.

(2.2) The second code programming flaw occurs at “section.php” page with “&Lang”, “&ID” parameters.

References:

http://tetraph.com/security/information-leakage-vulnerability/724cms-5-01-information-leakage-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/724cms-501-information-leakage-security.html

http://www.inzeed.com/kaleidoscope/computer-web-security/724cms-5-01-information-leakage-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/724cms-5-01-information-leakage-security-vulnerabilities/

https://infoswift.wordpress.com/2015/03/14/724cms-5-01-information-leakage-security-vulnerabilities/

http://marc.info/?l=full-disclosure&m=142576280203098&w=4

http://en.hackdig.com/wap/?id=17055

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities

Exploit Title: Comsenz SupeSite CMS SQL Injection Security Vulnerabilities

Product: SupeSite CMS (Content Management System)

Vendor: Comsenz

Vulnerable Versions: 6.0.1UC 7.0

Tested Version: 7.0

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’ [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

Comsenz

Product & Version:

SupeSite6.0.1UC

SupeSite7.0

Vendor URL & Download:

SupeSite can be bought from here,

http://www.comsenz.com/products/other/supesite

http://www.comsenz.com/downloads/install/supesite#down_open

Source code:

http://www.8tiny.com/source/supesite/nav.html?index.html

Product Introduction:

“SupeSite is an independent content management (CMS) function, and integrates Web2.0 community personal portal system X-Space, has a strong aggregation of community portal systems. SupeSite station can be achieved within the forum (Discuz!), personal space (X-Space) information content aggregation. Any webmaster , are available through SupeSite, easy to build a community portal for Web2.0.”

“Through grade audit operations, audit managers can publish information on the station to rank classification, shield, remove the handle, which can display information on the effective control of the site’s pages. When the audit information, the audit level is set to shield information, the information will no longer appear on the page aggregation site, but the user’s own personal space is still displayed above. If you want to completely shield the information, use the delete function. Audit information is divided into five levels, you can page polymerization conditions, freedom of information conducted classification. The default user information released pending state audit level. Administrators can set up the site, set whether to allow the pending status of the information displayed on the site aggregation page.”

(2) Vulnerability Details:

SupeSite web application has a security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Other Comsenz products vulnerabilities have been found by some other bug hunter researchers before. Comsenz has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to similar vulnerabilities.

(2.1) The code programming flaw occurs at “batch.common.php” page with “name” parameter.

References:

http://tetraph.com/security/sql-injection-vulnerability/comsenz-supesite-7-0-cms-sql-injection-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/comsenz-supesite-70-cms-sql-injection.html

http://www.inzeed.com/kaleidoscope/computer-web-security/comsenz-supesite-7-0-cms-sql-injection-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/comsenz-supesite-7-0-cms-sql-injection-security-vulnerabilities/

https://infoswift.wordpress.com/2015/03/14/comsenz-supesite-7-0-cms-sql-injection-security-vulnerabilities/

http://marc.info/?a=139222176300014&r=1&w=4

http://en.hackdig.com/?13972.htm

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities

Vendor: Innovative Interfaces Inc

Product: WebPAC Pro

Vulnerable Versions: 2.0

Tested Version: 2.0

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

Innovative Interfaces Inc

Product & Version:

WebPAC Pro

2.0

Vendor URL & Download:

WebPAC Pro can be got from here,

http://www.iii.com/products/webpac_pro.shtml

http://lj.libraryjournal.com/2005/12/ljarchives/innovative-releasing-webpac-pro/

Libraries that have installed WebPac Pro:

https://wiki.library.oregonstate.edu/confluence/display/WebOPAC/Libraries+that+have+installed+WebPac+Pro

Product Introduction Overview:

“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the “library portal” model to better integrate the latest Web functionality. With WebPAC Pro, libraries will be able to take advantage of the latest Web technologies and engage Web-savvy users more effectively than ever before. WebPAC Pro is a complete update of the Web OPAC interface”

“WebPAC Pro breaks through the functional and design limitations of the traditional online catalog. Its solid technology framework supports tools for patron access such as Spell Check; integrated Really Simple Syndication (RSS) feeds; a suite of products for seamless Campus Computing; and deep control over information content and presentation with Cascading Style Sheets (CSS). WebPAC Pro is also a platform for participation when integrated with Innovative’s Patron Ratings features and Community Reviews product. What’s more, with WebPAC Pro’s RightResult™ search technology, the most relevant materials display at the top so patrons get to the specific items or topics they want to explore immediately. WebPAC Pro can also interconnect with Innovative’s discovery services platform, Encore. And for elegant access through Blackberry® Storm™ or iPhone™, the AirPAC provides catalog searching, item requesting, and more.”

(2) Vulnerability Details:

WebPAC Pro web application has a security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker’s choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Other Innovative Interfaces products vulnerabilities have been found by some other bug hunter researchers before. Innovative has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to Innovative vulnerabilities.

(2.1) The first code programming flaw occurs at “showres?” page with “&url” parameter.

References:

http://tetraph.com/security/open-redirect/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/innovative-webpac-pro-20-unvalidated.html

http://www.inzeed.com/kaleidoscope/computer-web-security/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/

https://infoswift.wordpress.com/2015/03/14/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/

http://marc.info/?l=full-disclosure&m=142527148510581&w=4

http://en.hackdig.com/wap/?id=17054

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)

CVE Reference: CVE-2014-9560

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

http://mathswift.blogspot.com/2015/02/cve-2014-9560-softbbnet-softbb-sql.html

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9561

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/

CVE-2014-2452 Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS

Alle Links zu New York Times Artikel Vor 2013 anfällig für XSS-Angriffe

<span style=”font-size: medium;”><strong>Alle Links zu New York Times Artikel Vor 2013 anfällig für XSS-Angriffe</strong>
</span>

URLs, um Artikel in der New York Times (NYT) vor 2013 veröffentlicht wurden gefunden anfällig für einen XSS (Cross-Site Scripting) Angriff der Lage ist, Code im Kontext des Web-Browsers ausgeführt werden zu können.

<span style=”font-size: medium;”>
Basierend auf nytimes die Gestaltung, fast alle URLs vor 2013 sind betroffen (Alle Seiten von Artikeln). In der Tat, alle Artikel Seiten, die Schaltfläche “Drucken”, “Jede Seite” Taste enthalten, werden “Seite *” Taste “NEXT PAGE” -Taste beeinflusst.</span>

Nytimes geändert diesen Mechanismus seit 2013. Es decodiert die URLs, seine Server gesendet. Dadurch ist der Mechanismus nun viel sicherer.

Jedoch werden alle URLs vor 2013 immer noch mit dem alten Mechanismus. Das bedeutet fast allen Artikelseiten vor 2013 sind immer noch anfällig für XSS-Angriffe. Ich denke, der Grund, nytimes keine URLs filtern, bevor die Kosten. Es kostet zu viel (Geld und Humankapital), um in der Datenbank nach Artikel gepostet, bevor ändern.

Die Sicherheitslücke wurde von einem Mathematik Doktorand <a href=”http://tetraph.com/wangjing”>Wang Jing</a> von der Schule für Physikalische und Mathematische Wissenschaften (SPMS), Nanyang Technological University, Singapur.

POC und Blog Erklärung von Wang gegeben,
<a href=”https://www.youtube.com/watch?v=RekCK5tjXWQ”>https://www.youtube.com/watch?v=RekCK5tjXWQ</a>
<a href=”http://tetraph.com/security/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/”>http://tetraph.com/security/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/</a>

Unterdessen sagte Wang: “Die New York Times hat einen neuen Mechanismus jetzt angenommen. Dies ist eine bessere Schutzmechanismus.”

<strong>Auch wenn die Artikel sind alt, sind die Seiten noch relevant</strong>
Ein Angriff auf neueren Artikel würde auf jeden Fall haben erhebliche Auswirkungen gehabt, aber Artikeln von 2012 oder sogar noch älter sind alles andere als überholt. Es wäre immer noch im Rahmen eines Angriffs von Bedeutung sein.

Cyberkriminelle können verschiedene Möglichkeiten, um den Link, um potenzielle Opfer zu senden und aufzuzeichnen hohen Erfolgsraten, alle mit mehr gezielte Angriffe zu entwickeln.

<strong>Was ist XSS?</strong>
Cross-Site Scripting (XSS) ist eine Art von Computer-Sicherheitslücke in der Regel in Web-Anwendungen gefunden. XSS ermöglicht es Angreifern, clientseitige Skript in Webseiten, die von anderen Benutzern eingesehen zu injizieren. Eine Cross-Site-Scripting-Schwachstelle kann von Angreifern wie der Same Origin Policy verwendet werden, um Zugangskontrollen zu umgehen. Cross-Site Scripting auf Webseiten durchgeführt entfielen rund 84% aller Sicherheitslücken von Symantec ab 2007 dokumentiert (Wikipedia)

 
<div><strong><span style=”font-size: medium;”>Referenzen:<a href=”http://securitynewswire.com/securitynews2012/article.php?title=XSS_Risk_Found_in_Links_to_New_York_Times_Articles_Prior_to_2013″ target=”_blank”>
</a></span></strong><span style=”font-size: medium;”><a href=”http://securitynewswire.com/securitynews2012/article.php?title=XSS_Risk_Found_in_Links_to_New_York_Times_Articles_Prior_to_2013″ target=”_blank”>http://securitynewswire.com/</a></span><span style=”font-size: medium;”><a href=”http://securitynewswire.com/securitynews2012/article.php?title=XSS_Risk_Found_in_Links_to_New_York_Times_Articles_Prior_to_2013″ target=”_blank”>securitynews2012/article.php?title=XSS_Risk_Found_in_Links_to_New_York_Times_Articles_Prior_to_2013</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.veooz.com/news/FHb0__Q.html” target=”_blank”>http://www.veooz.com/news/<wbr />FHb0__Q.html</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.tomsguide.com/us/xss-flaw-ny-times,news-19784.html” target=”_blank”>http://www.tomsguide.com/us/<wbr />xss-flaw-ny-times,news-19784.<wbr />html</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.hotforsecurity.com/blog/cross-site-scripting-xss-vulnerability-in-new-york-times-articles-before-2013-10555.html” target=”_blank”>http://www.hotforsecurity.com/<wbr />blog/cross-site-scripting-xss-<wbr />vulnerability-in-new-york-<wbr />times-articles-before-2013-<wbr />10555.html</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://news.softpedia.com/news/XSS-Risk-Found-In-Links-to-New-York-Times-Articles-Prior-to-2013-462334.shtml” target=”_blank”>http://news.softpedia.com/<wbr />news/XSS-Risk-Found-In-Links-<wbr />to-New-York-Times-Articles-<wbr />Prior-to-2013-462334.shtml</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://itsecuritynews.info/tag/wang-jing/” target=”_blank”>http://itsecuritynews.info/<wbr />tag/wang-jing/</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://telezkope.com/Technology/Programming/3321242/cross-site-scripting-xss-vulnerability-in-new-york-times-articles-before-2013″ target=”_blank”>http://telezkope.com/<wbr />Technology/Programming/<wbr />3321242/cross-site-scripting-<wbr />xss-vulnerability-in-new-york-<wbr />times-articles-before-2013</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.tetraph.com/wangjing”>http://www.tetraph.com/wangjing</a>
</span></div>
<div><span style=”font-size: medium;”><a href=”http://news.silobreaker.com/google-doubleclicknetadvertising-system-url-redirection-vulnerabilities-can-be-used-by-spammers-5_2268368584637939712″ target=”_blank”>http://news.silobreaker.com/<wbr />google-<wbr />doubleclicknetadvertising-<wbr />system-url-redirection-<wbr />vulnerabilities-can-be-used-<wbr />by-spammers-5_<wbr />2268368584637939712</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://worldnew.org/xss-flaw-may-exist-in-the-old-new-york-times-article-pages.html” target=”_blank”>http://worldnew.org/xss-flaw-<wbr />may-exist-in-the-old-new-york-<wbr />times-article-pages.html</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://tetraph.wordpress.com/2014/11/01/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-before-2013-are-affected/” target=”_blank”>http://tetraph.wordpress.com/<wbr />2014/11/01/new-york-times-<wbr />nytimes-com-page-design-xss-<wbr />vulnerability-almost-all-<wbr />article-pages-before-2013-are-<wbr />affected/</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://tetraph.tumblr.com/post/101472580032/new-york-times-nytimes-com-page-design-xss” target=”_blank”>http://tetraph.tumblr.com/<wbr />post/101472580032/new-york-<wbr />times-nytimes-com-page-design-<wbr />xss</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/” target=”_blank”>http://www.inzeed.com/<wbr />kaleidoscope/xss-<wbr />vulnerability/new-york-times-<wbr />nytimes-com-page-design-xss-<wbr />vulnerability-almost-all-<wbr />article-pages-are-affected/</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/” target=”_blank”>http://diebiyi.com/articles/%<wbr />E5%AE%89%E5%85%A8/xss-<wbr />vulnerability/new-york-times-<wbr />nytimes-com-page-design-xss-<wbr />vulnerability-almost-all-<wbr />article-pages-are-affected/</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://securityrelated.blogspot.sg/2014/10/new-york-times-nytimescom-page-design.html?view=mosaic” target=”_blank”>http://securityrelated.<wbr />blogspot.com/2014/10/new-york-<wbr />times-nytimescom-page-design.<wbr />html?view=mosaic</a></span></div>
<div></div>
<div></div>
<div></div>
<div></div>
<div></div>

Tencent QQ OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

Tencent QQ OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

(1) Domain:
qq.com

“Tencent QQ, popularly known as QQ, is an instant messaging software service developed by Chinese company Tencent Holdings Limited. QQ also offers a variety of services, including online social games, music, shopping, microblogging, movies, platform of games and group and voice chat. As of January 2015, there are 829 million active QQ accounts, with a peak of 176.4 million simultaneous online QQ users.” (Wikipedia)

(2) Vulnerability Description:

Tencent QQ web application has a computer security problem. Hacker can exploit it by Covert Redirect cyber attacks.

The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04)，Apple Safari 6.1.6 of Mac OS X Lion 10.7.

(2.1) Vulnerability Detail:

QQ’s SSO system is susceptible to Attacks. More specifically, the authentication of parameter “&redirct_uri” in SSO system is insufficient. It can be misused to design Open Redirect Attacks to QQ.

At the same time, it can be used to collect sensitive information of both third-party app and users by using the following parameters (sensitive information is contained in HTTP header.),

“&response_type”=sensitive_info,token…

“&scope”=get_user_info%2Cadd_share…

It increases the likelihood of successful Open Redirect Attacks to third-party websites, too.

The vulnerabilities occurs at page “/oauth/show?” with parameter “&redirect_uri”, e.g.
http://openapi.qzone.qq.com/oauth/show?which=ConfirmPage&display=pc&client_id=100261282&redirect_uri=http%3A%2F%2Fuc.cjcp.com.cn%2Findex.php%3Fm%3DUser%26a%3Dcallback%26type%3Dqq&response_type=code&scope=get_user_info%2Cadd_share [1]

Before acceptance of third-party application:

When a logged-in QQ user clicks the URL ([1]) above, he/she will be asked for consent as in whether to allow a third-party website to receive his/her information. If the user clicks OK, he/she will be then redirected to the URL assigned to the parameter “&redirect_uri”.

If a user has not logged onto QQ and clicks the URL ([1]) above, the same situation will happen upon login.

After acceptance of third-party application:

A logged-in QQ user would no longer be asked for consent and could be redirected to a webpage controlled by the attacker when he/she clicks the URL ([1]).

For a user who has not logged in, the attack could still be completed after a pop-up page that prompts him/her to log in.

(2.1.1) QQ would normally allow all the URLs that belong to the domain of an authorized third-party website. However, these URLs could be prone to manipulation. For example, the “&redirect_uri” parameter in the URLs is supposed to be set by the third-party websites, but an attacker could change its value to make Attacks.

Hence, a user could be redirected from QQ to a vulnerable URL in that domain first and later be redirected from this vulnerable site to a malicious site unwillingly. This is as if the user is redirected from QQ directly. The number of QQ’s SSO client websites is so huge that such Attacks could be commonplace.

Before acceptance of the third-party application, QQ’s SSO system makes the redirects appear more trustworthy and could potentially increase the likelihood of successful Open Redirect Attacks of third-party website.

Once the user accepts the application, the attackers could completely bypass QQ’s authentication system and attack more easily.

Used one of webpages for the following tests. The webpage is “https://dailymem.wordpress.com/“. Can suppose it is malicious and contains code that collect sensitive information of both third-party app and users.

Below is an example of a vulnerable third-party domain:
cjcp.com.cn

Vulnerable URL in this domain:
http://uc.cjcp.com.cn/?m=user&a=otherLogin&type=qq&furl=http%3A%2F%2Ftetraph.com%2Fessayjeans%2Fseasons%2F%25E7%25A2%258E%25E5%25A4%258F.html

Vulnerable URL from QQ that is related to cjcp.com.cn:
http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&client_id=100261282&redirect_uri=http%3A%2F%2Fuc.cjcp.com.cn%2Findex.php%3Fm%3DUser%26a%3Dcallback%26type%3Dqq&response_type=code&scope=get_user_info%2Cadd_share

POC:
http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&client_id=100261282&redirect_uri=http%3A%2F%2Fuc.cjcp.com.cn%2F%3Fm%3Duser%26a%3DotherLogin%26type%3Dqq%26furl%3Dhttp%253A%252F%252Ftetraph.com%252Fessayjeans%252Fseasons%252F%2525E7%2525A2%25258E%2525E5%2525A4%25258F.html&response_type=code&scope=get_user_info%2Cadd_share [2]

(2.2) Another method for attackers.

Attackers enter the following URL in browser,
http://uc.cjcp.com.cn/?m=user&a=otherLogin&type=qq&furl=http%3A%2F%2Ftetraph.com%2Fessayjeans%2Fseasons%2F%25E7%25A2%258E%25E5%25A4%258F.html

Then, attackers can get URL below,
http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&client_id=100261282&redirect_uri=http%3A%2F%2Fuc.cjcp.com.cn%2Findex.php%3Fm%3DUser%26a%3Dcallback%26type%3Dqq&response_type=code&scope=get_user_info%2Cadd_share [3]

If users click URL [3], the same thing will happen as URL [2].

(2.3) The following URLs have the same vulnerabilities.
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=209717&oauth_token=14921471022138330625&oauth_callback=http://user.nipic.com/api/login/qq/callback.asp

https://graph.qq.com/oauth2.0/authorize?client_id=100246654&redirect_uri=http://youxi.baidu.com/tp/QQAuth.jsp&response_type=code

https://open.t.qq.com/cgi-bin/oauth2/authorize?client_id=801132217&response_type=code&redirect_uri=http://passport.tianya.cn/login/txwb.do

POC Video:
https://www.youtube.com/watch?v=-lxaX9xvUfE

Blog Detail:
http://tetraph.blogspot.com/2014/05/tencent-qq-oauth-20-covert-redirect.html

(3) What is Covert Redirect?

Covert Redirect is a class of security bugs disclosed in May 2014. It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation. This often makes use of Open Redirect and XSS (Cross-site Scripting) vulnerabilities in third-party applications.

Covert Redirect is also related to single sign-on, such as OAuth and OpenID. Hacker may use it to steal users’ sensitive information. Almost all OAuth 2.0 and OpenID providers worldwide are affected. Covert Redirect can work together with CSRF (Cross-site Request Forgery) as well.

Discover and Reporter:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://tetraph.com/wangjing/

===========

腾讯 QQ 网站 OAuth 2.0 隐蔽重定向 (Covert Redirect) 网络安全漏洞 (信息泄漏 & 公开重定向)

(1) 域名:
qq.com

” 腾讯QQ（简称“QQ”）是腾讯公司开发的一款基于Internet的即时通信（IM）软件。腾讯QQ支持在线聊天、视频通话、点对点断点续传文件、共享文件、网络硬盘、自定义面板、QQ邮箱等多种功能，并可与多种通讯终端相连。2015年，QQ继续为用户创造良好的通讯体验！其标志是一只戴着红色围巾的小企鹅。目前QQ已经覆盖Microsoft Windows、OS X、Android、iOS、Windows Phone等多种主流平台” (百度百科)

(2) 漏洞描述:

腾讯 QQ 网站有有一个计算机安全问题，黑客可以对它进行隐蔽重定向 (Covert Redirect) 网络攻击。

这个漏洞不需要用户登录，测试是基于微软 Windows 8 的 IE (10.0.9200.16750); Ubuntu (14.04) 的 Mozilla 火狐 (Firefox 34.0) 和谷歌 Chromium 39.0.2171.65-0; 以及苹果 OS X Lion 10.7 的 Safari 6.16。

(2.1) 漏洞细节:

QQ 的 SSO 系统可能遭到攻击。更确切地说， QQ 对 SSO 系统的 parameter “&redirect_uri“ 验证不够充分。可以用来构造对 QQ 的 URL跳转攻击。

与此同时，这个漏洞可以用下面的参数来收集第三方 App 和用户的敏感信息（敏感信息包含在 HTTP header里），

“&response_type”=sensitive_info,token…

“&scope”=get_user_info%2Cadd_share…

它也增加了对第三方网站 URL跳转攻击的成功率。

漏洞地点 “/oauth/show?”，参数”&redirect_uri”, e.g.
http://openapi.qzone.qq.com/oauth/show?which=ConfirmPage&display=pc&client_id=100261282&redirect_uri=http%3A%2F%2Fuc.cjcp.com.cn%2Findex.php%3Fm%3DUser%26a%3Dcallback%26type%3Dqq&response_type=code&scope=get_user_info%2Cadd_share [1]

同意三方 App 前：

当一个已经登录的 QQ 用户点击上面的 URL ([1]), 对话框会询问他是否接受第三方 App 接收他的信息。如果同意，他会被跳转到参数 “&redirect_uri” 的 URL。

如果没有登录的 QQ 用户点击 URL ([1]), 他登录后会发生同样的事情。

同意三方 App 后：

已经登录的 QQ 用户不会再被询问是否接受三方 App。当他点击 URL ([1]) 时，他会被直接跳转到攻击者控制的页面。

如果 QQ 用户没有登录，攻击依然可以在要求他登录的QQ的对话框被确认后完成（这个过程不会提示任何和三方 App 有关的内容）。

(2.1.1) QQ 一般会允许属于已被验证过得三方 App domain 的所有 URLs。然而，这些 URLs 可以被操控。比如，参数 “&redirect_uri” 是被三方 App 设置的，但攻击者可以修改此参数的值。

因此，QQ 用户意识不到他会被先从 QQ 跳转到第三方 App 的网页，然后从此网页跳转到有害的网页。这与从 QQ 直接跳转到有害网页是一样的。

因为 QQ 的 SSO 客户很多，这样的攻击可以很常见。

在同意三方 App 之前，QQ 的 SSO 让用户更容易相信被跳转的页面是安全的。这增加了三方 App 被 URL跳转攻击的成功率。

同意三方 App 后，攻击者可以完全绕过 QQ 的 URL跳转验证系统。

用了一个页面进行了测试，页面是 “http://whitehatpostlike.lofter.com/“. 可以假定它是有害的，并且含有收集三方 App 和用户敏感信息的 code。

下面是一个有漏洞的三方 domain:
cjcp.com.cn

这个 domain 有漏洞的 URL:
http://uc.cjcp.com.cn/?m=user&a=otherLogin&type=qq&furl=http%3A%2F%2Ftetraph.com%2Fessayjeans%2Fseasons%2F%25E7%25A2%258E%25E5%25A4%258F.html

QQ 与 cjcp.com.cn 有关的有漏洞的 URL:
http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&client_id=100261282&redirect_uri=http%3A%2F%2Fuc.cjcp.com.cn%2Findex.php%3Fm%3DUser%26a%3Dcallback%26type%3Dqq&response_type=code&scope=get_user_info%2Cadd_share

(2.2) 攻击的另一个方法.

攻击者在浏览器输入 URL,
http://uc.cjcp.com.cn/?m=user&a=otherLogin&type=qq&furl=http%3A%2F%2Ftetraph.com%2Fessayjeans%2Fseasons%2F%25E7%25A2%258E%25E5%25A4%258F.html

然后，攻击者可以得到 URL,
http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&client_id=100261282&redirect_uri=http%3A%2F%2Fuc.cjcp.com.cn%2Findex.php%3Fm%3DUser%26a%3Dcallback%26type%3Dqq&response_type=code&scope=get_user_info%2Cadd_share [3]

如果用户点击 URL [3], 发生的事情和 URL [2] 一样.

(2.3)下面的 URLs 有同样的漏洞.
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=209717&oauth_token=14921471022138330625&oauth_callback=http://user.nipic.com/api/login/qq/callback.asp

https://graph.qq.com/oauth2.0/authorize?client_id=100246654&redirect_uri=http://youxi.baidu.com/tp/QQAuth.jsp&response_type=code

https://open.t.qq.com/cgi-bin/oauth2/authorize?client_id=801132217&response_type=code&redirect_uri=http://passport.tianya.cn/login/txwb.do

POC 视频:
https://www.youtube.com/watch?v=-lxaX9xvUfE

博客细节:
http://tetraph.blogspot.com/2014/05/tencent-qq-oauth-20-covert-redirect.html

(3) 什么是隐蔽重定向?

隐蔽重定向 (Covert Redirect) 是一个计算机网络安全漏洞。这个漏洞发布于 2014年5月。漏洞成因是网络应用软件对跳转到合作者的跳转没有充分过滤。这个漏洞经常利用第三方网站 (包括合作网站) 的公开重定向 (Open Redirect) 或者跨站脚本漏洞 (XSS – Cross-site Scripting) 问题。

隐蔽重定向也对单点登录 (single sign-on) 有影响。最初发布的是对两款常用登录软件 OAuth 2.0 和 OpenID 的影响。黑客可以利用真实的网站进行网络钓鱼，从而窃取用户敏感信息。几乎所用提供 OAuth 2.0 和 OpenID 服务的网站都被影响。隐蔽重定向也可以和跨站请求伪造 (CSRF – Cross-site Request Forgery) 一起利用。

漏洞发布:
王晶 (Wang Jing)
新加坡南洋理工大学物理与数学学院数学系 @justqdjing)
http://www.tetraph.com/wangjing/

IT Information Technology Swift News

Computer & Web Technology, Information Security Vulnerability, Application Developer, New Product

computer

The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities

724CMS 5.01 Information Leakage Security Vulnerabilities

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-2452 Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS

Alle Links zu New York Times Artikel Vor 2013 anfällig für XSS-Angriffe

Tencent QQ OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)