The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks

Domain Description:
http://www.weather.com/

“The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and analyses, along with documentaries and entertainment programming related to weather. Launched on May 2, 1982, the channel broadcasts weather forecasts and weather-related news and analysis, along with documentaries and entertainment programming related to weather.”

“As of February 2015, The Weather Channel was received by approximately 97.3 million American households that subscribe to a pay television service (83.6% of U.S. households with at least one television set), which gave it the highest national distribution of any U.S. cable channel. However, it was subsequently dropped by Verizon FiOS (losing its approximately 5.5 millions subscribers), giving the title of most distributed network to HLN. Actual viewership of the channel averaged 210,000 during 2013 and has been declining for several years. Content from The Weather Channel is available for purchase from the NBCUniversal Archives.” (Wikipedia)

Vulnerability description:

The Weather Channel has a cyber security problem. Hacker can exploit it by XSS bugs.

Almost all links under the domain weather.com are vulnerable to XSS attacks. Attackers just need to add script at the end of The Weather Channel’s URLs. Then the scripts will be executed.

10 thousands of Links were tested based a self-written tool. During the tests, 76.3% of links belong to weather.com were vulnerable to XSS attacks.

The reason of this vulnerability is that Weather Channel uses URLs to construct its HTML tags without filtering malicious script codes.

The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.

POC Codes, e.g.

http://www.weather.com/slideshows/main/“–/>”><img src=x onerror=prompt(‘justqdjing’)>

http://www.weather.com/home-garden/home/white-house-lawns-20140316%22–/“–/>”><img src=x onerror=prompt(‘justqdjing’)>t%28%27justqdjing%27%29%3E

http://www.weather.com/news/main/“><img src=x onerror=prompt(‘justqdjing’)>

POC Video:
https://www.youtube.com/watch?v=Ij78WnzKB4M&feature=youtu.be

Blog Details:
http://securityrelated.blogspot.com/2014/11/the-weather-channel-weather.html

The Weather Channel has patched this Vulnerability in late November, 2014 (last Week). “The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!” A great many of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. This bug was published at The Full Disclosure in November, 2014.

Discovered by:

Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

http://www.tetraph.com/wangjing

The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)

Domain:
http://www.nytimes.com/

“The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper’s print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as “The Gray Lady”, The New York Times is long regarded within the industry as a national “newspaper of record”. It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper’s publisher and the company’s chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times. The paper’s motto, “All the News That’s Fit to Print”, appears in the upper left-hand corner of the front page.” (Wikipedia)

(1) Vulnerability Description:

The New York Times has a computer cyber security problem. Hacker can exploit its users by XSS bugs.

The code program flaw occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its pages. However, it seems that Nytimes does not filter the content used for the construction at all before 2013.

Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All pages of articles). In fact, all article pages that contain “PRINT” button, “SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected.

Nytimes changed this mechanism since 2013. It decodes the URLs sent to its server. This makes the mechanism much safer now.

However, all URLs before 2013 are still using the old mechanism. This means almost all article pages before 2013 are still vulnerable to XSS attacks. I guess the reason Nytimes does not filter URLs before is cost. It costs too much (money & human capital) to change the database of all posted articles before.

Living POCs Codes:

http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//’ “><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0

http://www.nytimes.com/2010/12/07/opinion/07brooks.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2009/08/06/technology/06stats.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2008/07/09/dining/091crex.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//’ “><img src=x onerror=prompt(/justqdjing/)>

POC Video:
https://www.youtube.com/watch?v=RekCK5tjXWQ

Blog Details:
http://tetraph.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html

(2) Vulnerability Analysis:
Take the following link as an example,
http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/“><vulnerabletoattack

It can see that for the page reflected, it contains the following codes. All of them are vulnerable.

<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=print”>Print</testtesttest?pagewanted=print”></a>

</li>

<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><testtesttest?pagewanted=all”> Single Page</vulnerabletoattack?pagewanted=all”></a>

</li>

</li>

</li>

(3) What is XSS?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

“Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.” (Acunetix)

The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.

Discover and Reporter:

Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

http://www.tetraph.com/wangjing

More Details:
http://lists.openwall.net/full-disclosure/2014/10/16/2
http://www.tetraph.com/blog/xss-vulnerability/new-york-times-xss
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102
http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss
http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-xss
https://progressive-comp.com/?l=full-disclosure&m=141343993908563&w=1
http://webtech.lofter.com/post/1cd3e0d3_6f57c56
http://tetraph.blog.163.com/blog/static/2346030512014101270479/
https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-xss
http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles
http://securityrelated.blogspot.com/2014/10/new-york-times-design.html
https://mathfas.wordpress.com/2014/11/01/new-york-times-xss
http://computerobsess.blogspot.com/2014/10/new-york-times-design.html
http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-xss
http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-xss

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)

Domains:
http://lxr.mozilla.org/
http://mxr.mozilla.org /
(The two domains above are almost the same)

Websites information:
“lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the mainline of the mozilla.org CVS server, Mercurial Server, and Subversion Server; these pages are updated many times a day, so they should be pretty close to the latest‑and‑greatest.” (from Mozilla)

“Mozilla is a free-software community which produces the Firefox web browser. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, with only minor exceptions. The community is supported institutionally by the Mozilla Foundation and its tax-paying subsidiary, the Mozilla Corporation. In addition to the Firefox browser, Mozilla also produces Thunderbird, Firefox Mobile, the Firefox OS mobile operating system, the bug tracking system Bugzilla and a number of other projects.” (Wikipedia)

(1) Vulnerability description:
Mozilla website has a computer cyber security problem. Hacker can attack it by XSS bugs. Here is the description of XSS: “Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.” (Acunetix)

All pages under the following two URLs are vulnerable.
http://lxr.mozilla.org/mozilla-central/source
http://mxr.mozilla.org/mozilla-central/source

This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla’s users.

Since there are large number of pages under them. Meanwhile, the contents of the two domains vary. This makes the vulnerability very dangerous. Attackers can use different URLs to design XSS attacks to Mozilla’s variety class of users.

POC Codes:

http://lxr.mozilla.org/mozilla-central/source/<body onload=prompt(“justqdjing”)>

http://lxr.mozilla.org/mozilla-central/source/mobile/android/<body onload=prompt(“justqdjing”)>

http://lxr.mozilla.org/mozilla-central/source/Android.mk/<body onload=prompt(“tetraph”)>

http://lxr.mozilla.org/mozilla-central/source/storage/public/mozIStorageBindingParamsArray.idl/<body onload=prompt(“tetraph”)>

http://lxr.mozilla.org/mozilla-central/source/netwerk/protocol/device/AndroidCaptureProvider.cpp<body onload=prompt(“tetraph”)>

http://mxr.mozilla.org/mozilla-central/source/<body onload=prompt(“justqdjing”)>

http://mxr.mozilla.org/mozilla-central/source/webapprt/<body onload=prompt(“justqdjing”)>

http://mxr.mozilla.org/mozilla-central/source/mozilla-config.h.in/<body onload=prompt(“justqdjing”)>

http://mxr.mozilla.org/mozilla-central/source/chrome/nsChromeProtocolHandler.h/<body onload=prompt(“tetraph”)>

http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/x86_32_linux_syscalls.h/<body onload=prompt(“tetraph”)>

POC Video:
https://www.youtube.com/watch?v=onA5BgC3zIY

(2) Vulnerability Analysis:
Take the following link as an example,
http://lxr.mozilla.org/mozilla-central/source/chrome/<attacktest>

In the page reflected, it contains the following codes.

</a>

If insert “<body onload=prompt(“justqdjing”)>” into the URL, the code can be executed.

The vulnerability can be attacked without user login. Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.

(3) Vulnerability Disclosure:
The vulnerability have been reported to bugzilla.mozilla.org. Mozilla are dealing with this issue.

Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/

More Details:
http://lists.openwall.net/full-disclosure/2014/10/20/8
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure
http://seclists.org/fulldisclosure/2014/Oct/92
http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss
http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla
http://tetraph.blog.163.com/blog/static/2346030512014101115642885/
http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html
https://tetraph.wordpress.com/2014/11/26/mozilla-two-sub-domains-xss
http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html
http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f
http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross
http://diebiyi.com/articles/security/xss-vulnerability/mozilla-xss
http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-xss
https://mathfas.wordpress.com/2014/11/01/mozilla-xss
http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121

CVE-2014-7294 NYU Opensso Integration Open Redirect Security Vulnerability

Exploit Title: NYU Opensso Integration Logon Page url Parameter Open Redirect

Product: Opensso Integration

Vendor:NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Open Redirect [CWE-601]

CVE Reference: CVE-2014-7294

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

http://computerobsess.blogspot.com/2015/02/cve-2014-7294-nyu-opensso-integration.html

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-7293

Risk Level: Medium

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

http://blog.163.com/greensun_2006/blog/static/111221122015110915287/

Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities

Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities

Domains Basics:

Alibaba Taobao, AliExpress, Tmall are the top three online shopping websites belonging to Alibaba.

Vulnerability Discover:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/

(1) Domains Descriptions:

(1.1) http://www.taobao.com

“Taobao is a Chinese website for online shopping similar to eBay and Amazon that is operated in China by Alibaba Group.” (Wikipedia)

“With around 760 million product listings as of March 2013, Taobao Marketplace is one of the world’s top 10 most visited websites according to Alexa. For the year ended March 31, 2013, the combined gross merchandise volume (GMV) of Taobao Marketplace and Tmall.com exceeded 1 trillion yuan.” (Wikipedia)

Alexa ranking 9 at 10:40 am Thursday, 22 January 2015 (GMT+8).

(1.2) http://aliexpress.com

“Launched in 2010, AliExpress.com is an online retail service made up of mostly small Chinese businesses offering products to international online buyers. It is the most visited e-commerce website in Russia” (Wikipedia)

(1.3) http://www.tmall.com

“Taobao Mall, is a Chinese-language website for business-to-consumer (B2C) online retail, spun off from Taobao, operated in the People’s Republic of China by Alibaba Group. It is a platform for local Chinese and international businesses to sell brand name goods to consumers in mainland China, Hong Kong, Macau and Taiwan.” (Wikipedia)

(2) Vulnerability descriptions:

Alibaba Taobao AliExpress Tmall online electronic shopping website has a cyber security bug problem. It can be exploited by XSS and Covert Redirect attacks.

(3) Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS

The vulnerability can be exploited without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (8.0.7601) in Windows 7.

(3.1) Alibaba Taobao Online Electronic Shopping Website (Taobao.com ) XSS (cross site scripting) Security Vulnerability

The vulnerabilities occur at “writecookie.php?” page with “ck” parameter, e.g

http://www.taobao.com/go/rgn/tw/writecookie.php?ck=tw&redirect=0

POC Code:

http://www.taobao.com/go/rgn/tw/writecookie.php?ck=tw“–>’-alert(/justqdjing/ )-‘”;&redirect=0

POC Video:

https://www.youtube.com/watch?v=cLzKxZ74i6Q&feature=youtu.be

Blog Details:

http://securityrelated.blogspot.com/2015/01/alibaba-taobao-online-electronic.html

(3.2)Alibaba AliExpress Online Electronic Shopping Website (Aliexpress.com) XSS Security Vulnerabilities

The vulnerabilities occur at “landing.php?” page with “cateid” “fromapp” parameters, e.g

http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=3&fromapp=

POC Code:

/’ “><img src=x onerror=prompt(/tetraph/)>

http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=6&fromapp=/‘ “><img src=x onerror=prompt(/justqdjing/)>

http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=6</script>/’ “><img src=x onerror=prompt(/tetraph/)><!–&fromapp=

POC Video:

https://www.youtube.com/watch?v=YShEdXo3q2c&feature=youtu.be

Blog Details:

http://securityrelated.blogspot.com/2015/01/alibaba-aliexpress-online-electronic.html

(3.3) Alibaba Tmall Online Electronic Shopping Website (Tmall.com) XSS Security Vulnerability

The vulnerabilities occur at “writecookie.php?” page with “ck” parameter, e.g

http://www.tmall.com/go/app/sea/writecookie.php?ck=cn&redirect=11

POC Code:

http://www.tmall.com/go/app/sea/writecookie.php?ck=cn“–>’-alert(/tetraph/ )-‘”;&redirect=1

POC Video:

https://www.youtube.com/watch?v=k1QkoacdI1U&feature=youtu.be

Blog Details:

http://securityrelated.blogspot.com/2015/01/alibaba-tmall-online-electronic.html

This vulnerabilities were disclosed at Full Disclosure. “The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!” All the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards.

(4) Alibaba Taobao（taobao.com）Covert Redirect Security Vulnerability Based on Apple.com

(4.1) Vulnerability description:

Alibaba Taobao has a security problem. It can be exploited by Covert Redirect attacks. Taobao will check whether the redirected URL belongs to domains in Taobao’s whitelist, e.g.

apple.com

If this is true, the redirection will be allowed.

However, if the URLs in a redirected domain have open URL redirection vulnerabilities themselves, a user could be redirected from Taobao to a vulnerable URL in that domain first and later be redirected from this vulnerable site to a malicious site. This is as if being redirected from Taobao directly.

In fact, Apple.com was found can be exploited by Open Redirect vulnerabilities. Those vulnerabilities details will be published in the near future.

(4.2) The vulnerability occurs at “redirect.htm?” page, with parameter “&url”, i.e.

http://app.taobao.com/redirect.htm?url=http://itunes.apple.com/

The vulnerabilities can be attacked without user login. Tests were performed on IE (10.0) of Windows 8, Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04)，Safari 6.1.6 of Mac OS X Lion 10.7.

(4.3) Use a website for the tests，the redirected webpage is “http://www.tetraph.com/blog“. Just suppose it is malicious.

Vulnerable URL:

http://app.taobao.com/redirect.htm?url=http://itunes.apple.com/

POC Code:

http://app.taobao.com/redirect.htm?url=http://apple.com/yahoo

http://app.taobao.com/redirect.htm?url=http://apple.com/facebook

http://app.taobao.com/redirect.htm?url=http://apple.com/amazon

Poc Video:

https://www.youtube.com/watch?v=jhnaoB_eus0&feature=youtu.be

Blog Detail:

http://securityrelated.blogspot.com/2015/01/alibaba-taobao-taobaocom-open-redirect.html

http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

http://tetraph.com/covert_redirect/

Those vulnerablities were reported to Alibaba in 2014 and have been patched by the security team (just checked). Name was listed in the hall of fame by Alibaba.
http://security.alibaba.com/people.htm?id=2048213134

Related Articles:

http://seclists.org/fulldisclosure/2015/Jan/100

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1503

http://securityrelated.blogspot.com/2015/01/alibaba-taobao-aliexpress-tmall-online.html

http://lists.openwall.net/full-disclosure/2015/01/22/8

http://www.tetraph.com/blog/computer-security/alibaba-xss-open-redirect/

http://diebiyi.com/articles/security/alibaba-xss-open-redirect/

https://plus.google.com/u/0/107140622279666498863/posts/QFoYGEjbiTX

https://progressive-comp.com/?l=full-disclosure&m=142196709216464&w=1

https://www.facebook.com/websecuritiesnews/posts/802525526534286

https://www.facebook.com/permalink.php?story_fbid=841091885926189&id=767438873291491

https://infoswift.wordpress.com/2015/01/27/alibaba-xss-open-redirect/

http://tetraph.blog.163.com/blog/static/2346030512015545132356/

http://webtechhut.blogspot.com/2015/06/alibaba-xss-open-redirect.html

https://computertechhut.wordpress.com/2015/01/25/alibaba-xss-open-redirect/

http://frenchairing.blogspot.com/2015/06/alibaba-xss-open-redirect.html

http://whitehatpost.lofter.com/post/1cc773c8_72d7c93

http://webtech.lofter.com/post/1cd3e0d3_72d5d2f

http://ithut.tumblr.com/post/120682447708/webcabinet-alibaba-taobao-aliexpress-tmall

http://webcabinet.tumblr.com/post/120682398002/alibaba-taobao-aliexpress-tmall-online

https://twitter.com/buttercarrot/status/606387198355632128

========================================================

阿里巴巴淘宝, 天猫, 全球苏卖通线上电子购物网跨站脚本攻击 (XSS) & 公开重定向 (Open Redirect) 安全漏洞

域名:

http://www.taobao.com

http://www.tmall.com

http://activities.aliexpress.com

阿里巴巴淘宝, 天猫, 全球苏卖通线上电子购物网是阿里巴巴集团最大的前三家网上购物电子商务网站.

(1) 漏洞描述:

阿里巴巴淘宝, 天猫, 全球苏卖通线上电子购物网有一个安全问题. 它容易遭受跨站脚本攻击 (XSS) & 公开重定向 (Open Redirect) 安全漏洞攻击.

漏洞不需要用户登录，测试是基于Windows 7 的 IE (8.0. 7601) 和 Ubuntu (14.04) 的 Firefox (34.0)。

(1.1) 阿里巴巴淘宝线上电子购物网 (Taobao.com) XSS (跨站脚本攻击) 安全漏洞

漏洞链接地点 “writecookie.php?”, 参数 “ck” e.g.

http://www.taobao.com/go/rgn/tw/writecookie.php?ck=tw&redirect=0

POC:

http://www.taobao.com/go/rgn/tw/writecookie.php?ck=tw“–>’-alert(/tetraph/ )-‘”;&redirect=0

POC Video:

https://www.youtube.com/watch?v=cLzKxZ74i6Q&feature=youtu.be

Blog Details:

http://securityrelated.blogspot.com/2015/01/alibaba-taobao-online-electronic.html

(1.2) 阿里巴巴全球速卖通在线交易平台 (aliexpress.com) XSS (跨站脚本攻击) 安全漏洞

漏洞链接地点 “mobile_325_promotion_landing.php”, 参数 “cateid” 和 “fromapp” e.g.

http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=3&fromapp=

POC:

/’ “><img src=x onerror=prompt(/tetraph/)>

http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=6&fromapp=/‘ “><img src=x onerror=prompt(/tetraph/)>

http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=6</script>/’ “><img src=x onerror=prompt(/tetraph/)><!–&fromapp=

POC Video:

https://www.youtube.com/watch?v=YShEdXo3q2c&feature=youtu.be

Blog Details:

http://securityrelated.blogspot.com/2015/01/alibaba-aliexpress-online-electronic.html

(1.3) 阿里巴巴天猫线上电子购物网 (Tmall.com) XSS (跨站脚本攻击) 安全漏洞

漏洞链接地点 “writecookie.php?”, 参数 “ck” e.g.

http://www.tmall.com/go/app/sea/writecookie.php?ck=cn

POC:

http://www.tmall.com/go/app/sea/writecookie.php?ck=cn“–>’-alert(/tetraph/ )-‘”;&redirect=1

POC Video:

https://www.youtube.com/watch?v=k1QkoacdI1U&feature=youtu.be

Blog Details:

http://securityrelated.blogspot.com/2015/01/alibaba-tmall-online-electronic.html

(2) 阿里巴巴淘宝线上电子购物网（taobao.com）Covert Redirect（隐蔽重定向跳转）安全漏洞基于苹果网站

(2.1) 漏洞描述:

阿里巴巴淘宝购物网有一个安全问题. 它容易遭受 Covert Redirect (Open Redirect 公开重定向) 漏洞攻击. 所有属于 Apple.com 的链接都在白名单内。故而如果苹果的网站本身有公开重定向问题。那么受害者相当于首先被导向到苹果官网然后到有害网站。事实上苹果网站被发现有公开重定向问题，过段时间会公布细节。

有漏洞的文件是 “redirect.htm?”, 参数 “&url”, i.e.

http://app.taobao.com/redirect.htm?url=http://itunes.apple.com/

这个漏洞不需要用户登录。测试是基于Windows 8 的 IE (10.0) 和 Ubuntu (14.04) 的 Firefox (34.0) 及 Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit)，Mac OS X Lion 10.7 的 Safari 6.1.6。

(2.2) 用一个创建的网页进行测试，这个网页是“http://www.tetraph.com/blog“。可以假定这个页面是有害的。

漏洞网址:

http://app.taobao.com/redirect.htm?url=http://itunes.apple.com/

POC 代码:

http://app.taobao.com/redirect.htm?url=http://apple.com/twitter

http://app.taobao.com/redirect.htm?url=http://apple.com/ebay

http://app.taobao.com/redirect.htm?url=http://apple.com/yandex.ru

Poc Video:

https://www.youtube.com/watch?v=jhnaoB_eus0&feature=youtu.be

Blog Detail:

http://securityrelated.blogspot.com/2015/01/alibaba-taobao-taobaocom-open-redirect.html

http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

http://tetraph.com/covert_redirect/

这些漏洞在2014年被报告给阿里巴巴安全应急中心，到今天已被修补（刚刚检查），名字被列在了白帽子名单感谢表里。
http://security.alibaba.com/people.htm?id=2048213134

漏洞发现者:
王晶, 数学科学系 (MAS), 物理与数学科学学院 (SPMS), 南洋理工大学 (NTU), 新加坡.
http://www.tetraph.com/wangjing/

Alle Links zu New York Times Artikel Vor 2013 anfällig für XSS-Angriffe

<span style=”font-size: medium;”><strong>Alle Links zu New York Times Artikel Vor 2013 anfällig für XSS-Angriffe</strong>
</span>

URLs, um Artikel in der New York Times (NYT) vor 2013 veröffentlicht wurden gefunden anfällig für einen XSS (Cross-Site Scripting) Angriff der Lage ist, Code im Kontext des Web-Browsers ausgeführt werden zu können.

<span style=”font-size: medium;”>
Basierend auf nytimes die Gestaltung, fast alle URLs vor 2013 sind betroffen (Alle Seiten von Artikeln). In der Tat, alle Artikel Seiten, die Schaltfläche “Drucken”, “Jede Seite” Taste enthalten, werden “Seite *” Taste “NEXT PAGE” -Taste beeinflusst.</span>

Nytimes geändert diesen Mechanismus seit 2013. Es decodiert die URLs, seine Server gesendet. Dadurch ist der Mechanismus nun viel sicherer.

Jedoch werden alle URLs vor 2013 immer noch mit dem alten Mechanismus. Das bedeutet fast allen Artikelseiten vor 2013 sind immer noch anfällig für XSS-Angriffe. Ich denke, der Grund, nytimes keine URLs filtern, bevor die Kosten. Es kostet zu viel (Geld und Humankapital), um in der Datenbank nach Artikel gepostet, bevor ändern.

Die Sicherheitslücke wurde von einem Mathematik Doktorand <a href=”http://tetraph.com/wangjing”>Wang Jing</a> von der Schule für Physikalische und Mathematische Wissenschaften (SPMS), Nanyang Technological University, Singapur.

POC und Blog Erklärung von Wang gegeben,
<a href=”https://www.youtube.com/watch?v=RekCK5tjXWQ”>https://www.youtube.com/watch?v=RekCK5tjXWQ</a>
<a href=”http://tetraph.com/security/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/”>http://tetraph.com/security/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/</a>

Unterdessen sagte Wang: “Die New York Times hat einen neuen Mechanismus jetzt angenommen. Dies ist eine bessere Schutzmechanismus.”

<strong>Auch wenn die Artikel sind alt, sind die Seiten noch relevant</strong>
Ein Angriff auf neueren Artikel würde auf jeden Fall haben erhebliche Auswirkungen gehabt, aber Artikeln von 2012 oder sogar noch älter sind alles andere als überholt. Es wäre immer noch im Rahmen eines Angriffs von Bedeutung sein.

Cyberkriminelle können verschiedene Möglichkeiten, um den Link, um potenzielle Opfer zu senden und aufzuzeichnen hohen Erfolgsraten, alle mit mehr gezielte Angriffe zu entwickeln.

<strong>Was ist XSS?</strong>
Cross-Site Scripting (XSS) ist eine Art von Computer-Sicherheitslücke in der Regel in Web-Anwendungen gefunden. XSS ermöglicht es Angreifern, clientseitige Skript in Webseiten, die von anderen Benutzern eingesehen zu injizieren. Eine Cross-Site-Scripting-Schwachstelle kann von Angreifern wie der Same Origin Policy verwendet werden, um Zugangskontrollen zu umgehen. Cross-Site Scripting auf Webseiten durchgeführt entfielen rund 84% aller Sicherheitslücken von Symantec ab 2007 dokumentiert (Wikipedia)

 
<div><strong><span style=”font-size: medium;”>Referenzen:<a href=”http://securitynewswire.com/securitynews2012/article.php?title=XSS_Risk_Found_in_Links_to_New_York_Times_Articles_Prior_to_2013″ target=”_blank”>
</a></span></strong><span style=”font-size: medium;”><a href=”http://securitynewswire.com/securitynews2012/article.php?title=XSS_Risk_Found_in_Links_to_New_York_Times_Articles_Prior_to_2013″ target=”_blank”>http://securitynewswire.com/</a></span><span style=”font-size: medium;”><a href=”http://securitynewswire.com/securitynews2012/article.php?title=XSS_Risk_Found_in_Links_to_New_York_Times_Articles_Prior_to_2013″ target=”_blank”>securitynews2012/article.php?title=XSS_Risk_Found_in_Links_to_New_York_Times_Articles_Prior_to_2013</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.veooz.com/news/FHb0__Q.html” target=”_blank”>http://www.veooz.com/news/<wbr />FHb0__Q.html</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.tomsguide.com/us/xss-flaw-ny-times,news-19784.html” target=”_blank”>http://www.tomsguide.com/us/<wbr />xss-flaw-ny-times,news-19784.<wbr />html</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.hotforsecurity.com/blog/cross-site-scripting-xss-vulnerability-in-new-york-times-articles-before-2013-10555.html” target=”_blank”>http://www.hotforsecurity.com/<wbr />blog/cross-site-scripting-xss-<wbr />vulnerability-in-new-york-<wbr />times-articles-before-2013-<wbr />10555.html</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://news.softpedia.com/news/XSS-Risk-Found-In-Links-to-New-York-Times-Articles-Prior-to-2013-462334.shtml” target=”_blank”>http://news.softpedia.com/<wbr />news/XSS-Risk-Found-In-Links-<wbr />to-New-York-Times-Articles-<wbr />Prior-to-2013-462334.shtml</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://itsecuritynews.info/tag/wang-jing/” target=”_blank”>http://itsecuritynews.info/<wbr />tag/wang-jing/</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://telezkope.com/Technology/Programming/3321242/cross-site-scripting-xss-vulnerability-in-new-york-times-articles-before-2013″ target=”_blank”>http://telezkope.com/<wbr />Technology/Programming/<wbr />3321242/cross-site-scripting-<wbr />xss-vulnerability-in-new-york-<wbr />times-articles-before-2013</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.tetraph.com/wangjing”>http://www.tetraph.com/wangjing</a>
</span></div>
<div><span style=”font-size: medium;”><a href=”http://news.silobreaker.com/google-doubleclicknetadvertising-system-url-redirection-vulnerabilities-can-be-used-by-spammers-5_2268368584637939712″ target=”_blank”>http://news.silobreaker.com/<wbr />google-<wbr />doubleclicknetadvertising-<wbr />system-url-redirection-<wbr />vulnerabilities-can-be-used-<wbr />by-spammers-5_<wbr />2268368584637939712</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://worldnew.org/xss-flaw-may-exist-in-the-old-new-york-times-article-pages.html” target=”_blank”>http://worldnew.org/xss-flaw-<wbr />may-exist-in-the-old-new-york-<wbr />times-article-pages.html</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://tetraph.wordpress.com/2014/11/01/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-before-2013-are-affected/” target=”_blank”>http://tetraph.wordpress.com/<wbr />2014/11/01/new-york-times-<wbr />nytimes-com-page-design-xss-<wbr />vulnerability-almost-all-<wbr />article-pages-before-2013-are-<wbr />affected/</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://tetraph.tumblr.com/post/101472580032/new-york-times-nytimes-com-page-design-xss” target=”_blank”>http://tetraph.tumblr.com/<wbr />post/101472580032/new-york-<wbr />times-nytimes-com-page-design-<wbr />xss</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/” target=”_blank”>http://www.inzeed.com/<wbr />kaleidoscope/xss-<wbr />vulnerability/new-york-times-<wbr />nytimes-com-page-design-xss-<wbr />vulnerability-almost-all-<wbr />article-pages-are-affected/</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/” target=”_blank”>http://diebiyi.com/articles/%<wbr />E5%AE%89%E5%85%A8/xss-<wbr />vulnerability/new-york-times-<wbr />nytimes-com-page-design-xss-<wbr />vulnerability-almost-all-<wbr />article-pages-are-affected/</a></span></div>
<div><span style=”font-size: medium;”><a href=”http://securityrelated.blogspot.sg/2014/10/new-york-times-nytimescom-page-design.html?view=mosaic” target=”_blank”>http://securityrelated.<wbr />blogspot.com/2014/10/new-york-<wbr />times-nytimescom-page-design.<wbr />html?view=mosaic</a></span></div>
<div></div>
<div></div>
<div></div>
<div></div>
<div></div>

Falha de segurança afeta logins de Facebook, Google e Microsoft

Um estudante de PHD de Singapura, Wang Jing, identificou a falha, chamada de “Covert Redirect”, que consegue usar domínios reais de sites para verificação de páginas de login falsas, enganando os internautas.

Os cibercriminosos podem criar links maliciosos para abrir janelas pop-up do Facebook pedindo que o tal aplicativo seja autorizado. Caso seja realizada esta sincronização, os dados pessoais dos usuários serão passados para os hackers.

Wang afirma que já entrou em contato com o Facebook, porém recebeu uma resposta de que “entende os riscos de estar associado ao OAuth 2.0″ e que corrigir a falha “é algo que não pode ser feito por enquanto”.

O Google afirmou que o problema está sendo rastreado, o LinkedIn publicou nota em que garante que já tomou medidas para evitar que a falha seja explorada, e a Microsoft negou que houvesse vulnerabilidade em suas páginas, apenas nas de terceiros.

A recomendação do descobridor da falha para os internautas é que evitem fazer o login com dados de confirmação de Facebook, Google ou qualquer outro serviço sem terem total certeza de que estão em um ambiente seguro.

Especialistas: erro é difícil de corrigir

O site CNET ouviu dois especialistas em segurança virtual sobre o assunto. Segundo Jeremiah Grossman, fundador e CEO interino da WhiteHat Security, afirma que a falha “não é fácil de corrigir”. Segundo Chris Wysopal, diretor da Veracode, a falha pode enganar muita gente.

“A confiança que os usuários dão ao Facebook e outros serviços que usam OAuth pode tornar mais fácil para os hackers enganarem as pessoas para que elas acabem dando suas informações pessoais a ele”, afirma Wsyopal.

notícias relacionadas:

http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/

http://techxplore.com/news/2014-05-math-student-oauth-openid-vulnerability.html

http://phys.org/news/2014-05-math-student-oauth-openid-vulnerability.html

http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html

http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html

http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html

http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/

http://computerobsess.blogspot.com/2014/10/id-oauth.html

http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

http://russiapost.blogspot.ru/2014/11/openid-oauth-20.html?view=sidebar

https://hackertopic.wordpress.com/2014/07/11/oauth-openid-covert-redirect

http://germancast.blogspot.de/2014/11/sicherheitslucke-in-oauth-20-und-openid.html

http://diebiyi.com/articles/security/covert-redirect/sicherheitslucke-in-oauth-2-0-und-openid-gefunden/

http://www.inzeed.com/kaleidoscope/covert-redirect/openid-oauth-2.0

https://webtechwire.wordpress.com/2014/12/09/oauth%E3%81%A8openid%E3%81

http://tetraph.tumblr.com/post/118850487757/itinfotech-covert

http://frenchairing.blogspot.fr/2014/11/des-vulnerabilites-pour-les-boutons.html

https://itswift.wordpress.com/2014/06/06/covert-redirect-openid-oauth

http://blog.kaspersky.com/facebook-openid-oauth-vulnerable/

http://whitehatpost.lofter.com/post/1cc773c8_6f0b389

http://itprompt.blogspot.com/2014/12/falha-de-seguranca-afeta-logins-de.html

http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/

http://www.tetraph.com/blog/covert-redirect/sicherheitslucke-in-oauth-2-0-und-openid-gefunden/

http://www.inzeed.com/kaleidoscope/covert-redirect/372/

Sicherheitslücke in OAuth 2.0 und OpenID gefunden

Wang Jing, Student an der Nanyang Technological University in Singapur, hat nach dem Bekanntwerden des OpenSSL-Heartbleed-Lecks, eine weitere schwere Sicherheitslücke entdeckt, diesmal in den Authentifizierungsmethoden OAuth 2.0 und OpenID. Die als “Covert Redirect” (“Heimliche Umleitung”) benannte Sicherheitslücke ermöglicht es Angreifern, dem Nutzer einen echt aussehenden Login-Screen unterzujubeln und sich so Zugriff auf die bereitgestellten Daten zu verschaffen. Das gefährliche daran: Die Sicherheitslücke besitzt – anders als bisher bekannte Fishing-Versuche – eine legitime Domainadresse, kann also über einen Blick in die URL-Zeile des Browsers nicht oder nur sehr schwer entlarvt werden. Auf OAuth 2.0 und OpenID bieten inzwischen zahlreiche Webdienste um einen direkten Login in andere Dienste und Apps zu ermöglichen, darunter auch Google, Facebook, Microsoft und Co.

So ist es möglich, dem Nutzer eine Mail mit einem speziell präparierten Link zukommen zu lassen, ein Klick auf diesen öffnet eben wie gesagt eine legitime Adresse samt entsprechendem Logo. Autorisiert der Nutzer dann diese Anfrage und loggt sich in den Dienst ein, so werden die Daten nicht an die vermeintliche App weitergeleitet, sondern gelangen eben in den Besitz des Angreifers. Je nachdem, welche Daten abfragt werden, bekommt dieser somit also E-Mail-Adresse, Geburtsdatum, Kontaktlisten und dergleichen. Ebenso ist es möglich, den Nutzer nach dem Login auf eine beliebige Webseite, welche unter Umständen Malware verbreitet, weiterzuleiten.

Die Lösung des Problems könnte aber – wenn es überhaupt einmal eine geben sollte – eine langwierige Sache sein. Wang Jing hat bereits etliche größere Anbieter der Loginmethoden angeschrieben und über die gefundene Sicherheitslücke aufgeklärt, hierbei gab es jedoch unterschiedliche Aussagen. Im Hause Google beobachtet man das Problem, Microsoft ist sich keiner Schuld bewusst und schiebt die Sicherheitslücke an Drittanbieter ab. Lediglich Facebook scheint hier ehrlich zu sein und gibt an, dass es sich dabei um ein grundsätzliches Problem von OAuth 2.0 und OpenID handelt – möchte man nicht eine umfangreiche Whitelist mit sämtlichen nicht-schädlichen Apps pflegen, ist die Sicherheitslücke nicht “mal eben so” zu beheben. Im Grunde dürften sich sämtliche Gegenmaßnahmen negativ auf die Nutzererfahrung auswirken, was natürlich keiner der Dienste in Kauf nehmen möchte – und so bleibt es hierbei scheinbar beim “kleineren Übel” für die Anbieter.

Direktlink zum Video:

https://www.youtube.com/watch?v=HUE8VbbwUms

So bleibt eigentlich nur die Möglichkeit, auf OAuth 2.0 oder OpenID als Login-Methode für Drittanbieter Dienste und Apps zu verzichten oder genauestens darauf zu achten, auf was man klickt. Hat man keine explizite Autorisierung angestoßen, sollte man die geöffneten Tabs umgehend schließen und darauf hoffen, dass sich nicht doch irgendwo ein falscher Link eingepfercht hat.

Quelle:
http://www.blogtogo.de/sicherheitsluecke-in-oauth-2-0-und-openid-gefunden/

http://phys.org/news/2014-05-math-student-oauth-openid-vulnerability.html

http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html

http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html

http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html

http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/

http://tech.ifeng.com/internet/detail_2014_05/03/36130721_0.shtml/
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
http://russiapost.blogspot.ru/2014/11/openid-oauth-20.html?view=sidebar

http://germancast.blogspot.de/2014/11/sicherheitslucke-in-oauth-20-und-openid.html

http://diebiyi.com/articles/security/covert-redirect/sicherheitslucke-in-oauth-2-0-und-openid-gefunden/

http://www.inzeed.com/kaleidoscope/covert-redirect/%D1%81%D1%82%

https://webtechwire.wordpress.com/2014/12/09/oauth%E3%81%A8openid%E3%81
http://frenchairing.blogspot.fr/2014/11/des-vulnerabilites-pour-les-boutons.html

https://itswift.wordpress.com/2014/12/06/%D1%81%D0%B8%D0%BD%D0%B3%D0%B0%D
http://blog.kaspersky.com/facebook-openid-oauth-vulnerable/
http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/
https://www.facebook.com/tetraph/posts/1600081260211834

Covert Redirect Mengancam OAuth 2.0 dan OpenID

Covert Redirect Mengancam OAuth 2.0 dan OpenID

Pada Jumat lalu, Wang Jing, seorang mahasiswa program PhD di Nanyang Technological University di Singapura, menerbitkan sebuah laporan yang memjabarkan tentang metode serangan yang disebut dengan “Covert Redirect” dan memperkenalkannya sebagai kerentanan atau vulnerable di OAuth 2.0 dan OpenID.

Cara kerja OAuth 2.0 dan OpenID sendiri adalah dengan memberikan akses bagi pengguna layanan ini untuk mendapatkan domain yang dapat mengakses menggunakan kredensial yang telah ada kepada website lain seperti Facebook, Google, Microsoft atau LinkedIn. Dengan akses yang didapatkan pengguna layanan ini dapat menghapus sebuah akun dan menggantinya dengan akun yang baru.

http://www.inzeed.com/kaleidoscope/computer-security/covert-redirect-mengancam-oauth-2-0-dan-openid/

IT Information Technology Swift News

Computer & Web Technology, Information Security Vulnerability, Application Developer, New Product

website

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks

The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)

CVE-2014-7294 NYU Opensso Integration Open Redirect Security Vulnerability

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Alle Links zu New York Times Artikel Vor 2013 anfällig für XSS-Angriffe

Falha de segurança afeta logins de Facebook, Google e Microsoft

Sicherheitslücke in OAuth 2.0 und OpenID gefunden

Covert Redirect Mengancam OAuth 2.0 dan OpenID