家庭小木屋

家是什么?众说纷纭。社会学家说,家是社会的最小细胞;婚姻学家说,家是风雨相依的两人世界;文学家说,家是宝盖下面养着的一群猪……究竟什么是家呢?记得在一个朋友的结婚典礼上司仪饱含深情的那句话:家不是讲理的地方,家不是放钱的地方,家不是两个人凑合过日子的地方……

文豆 & 文库:

日常生活點滴的記錄:

谷雨 醉心 冬小麦:


亚马逊隐蔽重定向(Covert Redirect)计算机网络安全漏洞基于脸书


Amazon Covert Redirect Security Vulnerability Based on Facebook Simulate Attacks     



“Amazon.com, Inc. (/ˈæməzɒn/ or /ˈæməzən/) is an American electronic commerce company with headquarters in Seattle, Washington. It is the largest Internet-based retailer in the United States. Amazon.com started as an online bookstore, but soon diversified, selling DVDs, VHSs, CDs, video and MP3 downloads/streaming, software, video games, electronics, apparel, furniture, food, toys, and jewelry. The company also produces consumer electronics—notably, Amazon Kindle e-book readers, Fire tablets, Fire TV and Fire Phone — and is a major provider of cloud computing services.” (Wikipedia)



Discover:

Wang Jing, School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.

http://www.tetraph.com/wangjing/



The vulnerability exists at “redirect.html?” page with “&location” parameter.



The vulnerability can be attacked without user login. Tests were performed on Safari 6.1.6 in Mac OS X 10.7.5, IE 8 in Windows 7, Chromium version 37.0.2062.120 in Ubuntu 12.04 (281580) (64-bit).



More Detail:

http://tetraph.com/covert_redirect/



POC Videos:

https://www.youtube.com/watch?v=ss3ALnvU63w&feature=youtu.be

https://www.youtube.com/watch?v=f4W63YXnbIk



Blog Details:

http://tetraph.blogspot.com/2014/05/amazon-covert-redirect-vulnerability.html

http://securityrelated.blogspot.com/2015/01/amazon-covert-redirect-security.html


评论

热度(19)

  1. 计算机网络技术IT 计算机信息网络安全技术 转载了此视频  到 IT 计算机&信息网络 技术
  2. 琐事,日常之事计算机网络技术 转载了此视频  到 IT 计算机信息网络安全技术
  3. 琐事,日常之事乡土情深 转载了此视频  到 夜如墨
  4. 计算机网络技术點滴的記錄 转载了此视频
  5. 琐事,日常之事谷雨 醉心 冬小麦 转载了此视频
  6. 白帽子安全點滴的記錄 转载了此视频  到 湛天雲海碧波影
  7. 白帽子安全點滴的記錄 转载了此视频  到 文豆 & 文库
  8. 白帽子安全谷雨 醉心 冬小麦 转载了此视频