About Group About.com Main Page’s Search Field XSS (Cross-Site Scripting) Security Vulnerabilities
(1) Domain Description:
"For March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month." (The New York Times)
"About.com, also known as The About Group (formerly About Inc.), is an Internet-based network of content that publishes articles and videos about various subjects on its "topic sites," of which there are nearly 1,000. The website competes with other online resource sites and encyclopedias, including those of the Wikimedia Foundation" (Wikipedia)
(2) Result of Exploiting XSS Attacks
"Exploited XSS is commonly used to achieve the following malicious results
Identity theft
Accessing sensitive or restricted information
Gaining free access to otherwise paid for content
Spying on user’s web browsing habits
Altering browser functionality
Public defamation of an individual or corporation
Web application defacement
Denial of Service attacks (DOS)
" (Acunetix)Vulnerability Discover:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing
Blog Details:
http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-main-pages-search.html
家庭小木屋
家是什么?众说纷纭。社会学家说,家是社会的最小细胞;婚姻学家说,家是风雨相依的两人世界;文学家说,家是宝盖下面养着的一群猪……究竟什么是家呢?记得在一个朋友的结婚典礼上司仪饱含深情的那句话:家不是讲理的地方,家不是放钱的地方,家不是两个人凑合过日子的地方……
评论