家庭小木屋

家是什么?众说纷纭。社会学家说,家是社会的最小细胞;婚姻学家说,家是风雨相依的两人世界;文学家说,家是宝盖下面养着的一群猪……究竟什么是家呢?记得在一个朋友的结婚典礼上司仪饱含深情的那句话:家不是讲理的地方,家不是放钱的地方,家不是两个人凑合过日子的地方……

文豆 & 文库:

琐事,日常之事:

湛天雲海碧波影:

About Group About.com All Topics (At least 99.88% links) Vulnerable to XSS (Cross-Site Scripting) Security Attacks


Vulnerability Description:

About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting) attacks. This means all sub-domains of about.com are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. Meanwhile, some about.commain pages are vulnerable to XSS attack, too. This means no more than 0.125% links are not affected. At least 99.875% links of About Group are vulnerable to XSS attacks. In fact, for about.com's structure, the main domain is something just like a cover. So, very few links belong to them.

Simultaneously, the About.com main page’s search field is vulnerable to XSS attacks, too. This means all domains related to about.com are vulnerable to XSS attacks.

"As of May 2013, About.com was receiving about 84 million unique monthly visitors." (TechCrunch. AOL Inc.)




Vulnerability Discover:

Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.

http://www.tetraph.com/wangjing




Vulnerability Disclosure:

Those vulnerabilities were reported to About on Sunday, Oct 19, 2014. No one replied. Until now, they are still unpatched.



Result of Exploiting XSS Attacks

"Exploited XSS is commonly used to achieve the following malicious results    Identity theft    Accessing sensitive or restricted information    Gaining free access to otherwise paid for content    Spying on user’s web browsing habits    Altering browser functionality    Public defamation of an individual or corporation    Web application defacement    Denial of Service attacks (DOS)" (Acunetix)


       Blog Detail:      
       http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-xss-cross-site-scripting-security-attacks/      


   

评论

热度(17)

  1. 白帽子安全琐事,日常之事 转载了此视频  到 测试想法
  2. 白帽子安全琐事,日常之事 转载了此视频  到 竹意
  3. 白帽子安全琐事,日常之事 转载了此视频  到 文豆 & 文库
  4. 白帽子安全琐事,日常之事 转载了此视频
  5. 计算机网络技术琐事,日常之事 转载了此视频  到 行者路上有風有雨有彩虹
  6. 计算机网络技术琐事,日常之事 转载了此视频  到 绿意蛙鸣
  7. 计算机网络技术琐事,日常之事 转载了此视频  到 IT 计算机&信息网络 技术
  8. 计算机网络技术琐事,日常之事 转载了此视频