家庭小木屋

家是什么?众说纷纭。社会学家说,家是社会的最小细胞;婚姻学家说,家是风雨相依的两人世界;文学家说,家是宝盖下面养着的一群猪……究竟什么是家呢?记得在一个朋友的结婚典礼上司仪饱含深情的那句话:家不是讲理的地方,家不是放钱的地方,家不是两个人凑合过日子的地方……

谷雨 醉心 冬小麦:

文豆 & 文库:

Green Life 的喜欢:

IT 计算机&信息网络 技术:

ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Web Security Vulnerabilities


Domain:
http://espn.go.com/


“ESPN (originally an acronym for Entertainment and Sports Programming Network) is a U.S.-based global cable and satellite television channel that is owned by ESPN Inc., a joint venture between The Walt Disney Company (which operates the network, through its 80% controlling ownership interest) and Hearst Corporation (which holds the remaining 20% interest). The channel focuses on sports-related programming including live and recorded event telecasts, sports news and talk shows, and other original programming.


ESPN broadcasts primarily from studio facilities located in Bristol, Connecticut. The network also operates offices in Miami, New York City, Seattle, Charlotte, and Los Angeles. John Skipper currently serves as president of ESPN, a position he has held since January 1, 2012. While ESPN is one of the most successful sports networks, it has been subject to criticism, which includes accusations of biased coverage, conflict of interest, and controversies with individual broadcasters and analysts. ESPN headquarters in Bristol, Connecticut. As of February 2015, ESPN is available to approximately 94,396,000 paid television households (81.1% of households with at least one television set) in the United States. In addition to the flagship channel and its seven related channels in the United States, ESPN broadcasts in more than 200 countries, operating regional channels in Australia, Brazil, Latin America and the United Kingdom, and owning a 20% interest in The Sports Network (TSN) as well as its five sister networks and NHL Network in Canada.”(Wikipedia)


Vulnerability description:
Espn.go.com has a cyber security bug problem. It is vulnerable to XSS (Cross Site Scripting) and Dest Redirect Privilege Escalation (Open Redirect) attacks.


Those vulnerabilities are very dangerous. Since they happen at ESPN’s “login” & “register” pages that are credible. Attackers can abuse those links to mislead ESPN’s users. The success rate of attacks may be high.


During the tests, besides the links given above, large number of ESPN’s links are vulnerable to those attacks.


The programming code flaw occurs at “espn.go.com”’s “login?” & “register” pages with “redirect” parameter, i.e.

http://streak.espn.go.com/en/login?redirect=

https://r.espn.go.com/members/login?appRedirect=http%3A%2F%2Fr.espn.go.com

http://games.espn.go.com/world-cup-bracket-predictor/2014/es/login?redirect=

https://register.go.com/go/sendMemberNames?regFormId=espn&appRedirect=http://register.go.com/



Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 8.



Disclosed by:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.  (@justqdjing)
http://www.tetraph.com/wangjing/





“The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!” A great many of the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to XSS and Open Redirect vulnerabilities and cyber intelligence recommendations.




(1) XSS Web Security Vulnerability
XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results

  • Identity theft

  • Accessing sensitive or restricted information

  • Gaining free access to otherwise paid for content

  • Spying on user’s web browsing habits

  • Altering browser functionality

  • Public defamation of an individual or corporation

  • Web application defacement

  • Denial of Service attacks




Detail:
http://seclists.org/fulldisclosure/2014/Dec/36




More Details:
http://lists.openwall.net/full-disclosure/2014/12/09/6
http://marc.info/?l=full-disclosure&m=141815942329008&w=4
https://packetstormsecurity.com/files/129450/espngocom-xssredirect.txt
http://inzeed.tumblr.com/post/118510896051/webcabinet-espn-are-suffering
https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts/EdBhzmtNLts
https://www.facebook.com/pcwebsecurities/posts/701707826641804
https://hackertopic.wordpress.com/2014/12/17/espn-espn-go-com-
http://lifegreen.lofter.com/post/1cfbf37e_731a270
http://tetraph.blog.163.com/blog/static/234603051201555111422339/
http://frenchairing.blogspot.fr/2015/06/espn-espngocom-login-register-page-xss.html
http://webtech.lofter.com/post/1cd3e0d3_6e6902d
https://twitter.com/essayjeans/status/606833415166394368
https://www.facebook.com/tetraph/posts/1659649470921679
http://www.weibo.com/1644370627/Clc3JaGP7?from=page_1005051644370627
http://russiapost.blogspot.ru/2015/06/espn-espngocom-login-register-page-xss.html
http://ithut.tumblr.com/post/120779685303/inzeed-espn-xss-open-redirect
https://progressive-comp.com/?l=full-disclosure&m=141815942329008&w=1
http://www.inzeed.com/kaleidoscope/xss-vulnerability/espn-xss-open-redirect/


行者路上有風有雨有彩虹:

tetraph的喜欢:

日常生活點滴的記錄:

测试想法:

Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs


Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all.


Multiple Open Redirect vulnerabilities were reported Yahoo. All Yahoo's responses were "It is working as designed". However, these vulnerabilities were patched later.


Several other security researcher complained about getting similar treatment, too.
http://seclists.org/fulldisclosure/2014/Jan/51
http://seclists.org/fulldisclosure/2014/Feb/119


All Open Redirect Vulnerabilities are intended behavior? If so, why patch them later?


From report of CNET, Yahoo's users were attacked by redirection vulnerabilities. "Yahoo.com visitors over the last few days may have been served with malware via the Yahoo ad network, according to Fox IT, a security firm in the Netherlands. Users visiting pages with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware. "




Moreover, since Yahoo is well-known worldwide. these vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, Amazon, Godaddy, Alibaba, Netease, e.g. by bypassing their Open Redirect filters (Covert Redirect). These cyber security bug problems have not been patched. Other similar web and computer flaws will be published in the near future.




The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7.


Disclosed by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing



Both Yahoo and Yahoo Japan online web application has a computer cyber security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.


BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to Open Redirect vulnerabilities and cyber intelligence recommendations.



Detail:
http://seclists.org/fulldisclosure/2014/Dec/88




Related Articles:
http://lists.openwall.net/full-disclosure/2014/12/19/10
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1355
http://diebiyi.com/articles/security/open-redirect/yahoo-yahoo-com-yahoo-co-jp
http://essaybeans.blogspot.com/2015/06/yahoo-yahoocom-yahoocojp-open-redirect.html
https://webtechwire.wordpress.com/2014/12/23/yahoo-yahoo-com-yahoo-co-jp
https://twitter.com/essayjeans/status/606789286428438528
http://inzeed.tumblr.com/post/118511483471/securitypost-yahoo-and-yahoo-japan-may-be
http://essayjeans.lofter.com/post/1cc7459a_7314ba3
https://plus.google.com/u/0/+essayjeans/posts/GxcKENw4ira
http://www.weibo.com/3973471553/ClaSVxObt?from=page_1005053973471553
http://computerobsess.blogspot.com/2015/06/yahoo-yahoocom-yahoocojp-open-redirect.html
https://www.facebook.com/permalink.php?story_fbid=841616792540365
http://xingti.tumblr.com/post/120770694665/lifegrey-yahoo-url-redirection-bug
http://xingzhehong.lofter.com/post/1cfd0db2_6e68fe3
https://redysnowfox.wordpress.com/2014/12/25/yahoo-open-redirect/
http://whitehatpost.blog.163.com/blog/static/24223205420155581240158
https://www.facebook.com/websecuritiesnews/posts/803277513125754
http://www.inzeed.com/kaleidoscope/spamming/yahoo-url-redirection/


行者路上有風有雨有彩虹:

数学日记:

IT 计算机信息网络安全技术:

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities


Vulnerability Description:
About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame Scripting) attacks. This means all sub-domains of about.com are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. Meanwhile, some about.com main pages are vulnerable to XSS attack, too. This means no more than 0.125% links are not affected. At least 99.875% links of About Group are vulnerable to XSS and Iframe Injection attacks. In fact, for about.com’s structure, the main domain is something just like a cover. So, very few links belong to them.

Simultaneously, the About.com main page’s search field is vulnerable to XSS attacks, too. This means all domains related to about.com are vulnerable to XSS attacks.

For the Iframe Injection vulnerability. They can be used to do DDOS (Distributed Denial-of-Service Attack) to other websites, too.
Here is one example of DDOS based on Iframe Injection attacks of others.
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html

In the last, some “Open Redirect” vulnerabilities related to about.com are introduced. There may be large number of other Open Redirect Vulnerabilities not detected. Since About.com are trusted by some the other websites. Those vulnerabilities can be used to do “Covert Redirect” to these websites.



Vulnerability Disclosure:
Those vulnerabilities were reported to About on Sunday, Oct 19, 2014. No one replied. Until now, they are still unpatched.



Vulnerability Discover:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@Justqdjing)
http://www.tetraph.com/wangjing



(1) Some Basic Background

(1.1) Domain Description:
http://www.about.com/
http://www.alexa.com/siteinfo/about.com

“For March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month.” (The New York Times)

“About.com, also known as The About Group (formerly About Inc.), is an Internet-based network of content that publishes articles and videos about various subjects on its "topic sites,” of which there are nearly 1,000. The website competes with other online resource sites and encyclopedias, including those of the Wikimedia Foundation, and, for March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month. As of August 2012, About.com is the property of IAC, owner of Ask.com and numerous other online brands, and its revenue is generated by advertising.“ (Wikipedia)

"As of May 2013, About.com was receiving about 84 million unique monthly visitors.” (TechCrunch. AOL Inc.)

“According to About’s online media kit, nearly 1,000 "Experts” (freelance writers) contribute to the site by writing on various topics, including healthcare and travel.“ (About.com)



(1.2) Topics Related to About.com

"The Revolutionary About.com Directory and Community Metasite. Hundreds of real live passionate Guides covering Arts, Entertainment, Business, Industry, Science, Technology, Culture, Health, Fitness, Games,Travel, News, Careers, Jobs, Sports, Recreation, Parenting, Kids, Teens, Moms, Education, Computers, Hobbies and Local Information.” (azlist.about.com)

About.com - Sites A to Z

Number of Topics

A: 66

B: 61

C: 118

D: 49

E: 33

F: 57

G: 39

H: 48

I: 32

J: 15

K: 13

L: 36

M: 70

N: 26

O: 23

P: 91

Q: 4

R: 32

S: 104

T: 47

U: 12

V: 9

W: 43

X: 1

Y: 4

Z: 1

SUM: 1039

Reference: azlist.about.com/

In fact, those are not all topics of about.com. Some of the topics are not listed here such as,
http://specialchildren.about.com

So, there are more than 1000 topics related to about.com.



(1.3) Result of Exploiting XSS Attacks

XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results:

   "Identity theft

   Accessing sensitive or restricted information

   Gaining free access to otherwise paid for content

   Spying on user’s web browsing habits

   Altering browser functionality

   Public defamation of an individual or corporation

   Web application defacement

   Denial of Service attacks (DOS)

“ (Acunetix)

… …




More:
http://seclists.org/fulldisclosure/2015/Feb/9





Related Articles:
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1547
http://marc.info/?l=full-disclosure&m=142289980219878&w=4
https://packetstormsecurity.com/files/130211/About.com-Cross-Site-Scripting.html
http://computerobsess.blogspot.com/2015/06/about-group-aboutcom-all-topics-at.html
https://www.facebook.com/computersecurities/posts/384674738385985
http://www.weibo.com/1644370627/Clk7CaKvL?from=page_1005051644370627
http://guyuzui.lofter.com/post/1ccdcda4_6f03224
https://twitter.com/yangziyou/status/607145647037284352
http://webtechhut.blogspot.com/2015/06/about-group-aboutcom-all-topics-at.html
https://computertechhut.wordpress.com/2015/02/02/about-group-about-com-
http://inzeed.tumblr.com/post/118845379331/securitypost-about-group-99-88-xss
https://www.facebook.com/permalink.php?story_fbid=1043670099006327
https://dailymem.wordpress.com/2015/02/11/about-group
http://mathdaily.lofter.com/post/1cc75b20_7340000
http://xingti.tumblr.com/post/120847740060/itinfotech-about-group-xss-xfs
http://diebiyi.com/articles/security/xss-vulnerability/about-group-xss-xrf-open-redirect/
http://www.tetraph.com/blog/xss-vulnerability/about-group-xss-xrf-open-redirect/


     

行者路上有風有雨有彩虹:

文豆 & 文库:

IT 计算机&信息网络 技术:

白帽子计算机安全:

CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities


Domain:
cnn.com


"The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time Warner. The 24-hour cable news channel was founded in 1980 by American media proprietor Ted Turner. Upon its launch, CNN was the first television channel to provide 24-hour news coverage, and was the first all-news television channel in the United States. While the news channel has numerous affiliates, CNN primarily broadcasts from the Time Warner Center in New York City, and studios in Washington, D.C. and Los Angeles, its headquarters at the CNN Center in Atlanta is only used for weekend programming. CNN is sometimes referred to as CNN/U.S. to distinguish the American channel from its international sister network, CNN International. As of August 2010, CNN is available in over 100 million U.S. households. Broadcast coverage of the U.S. channel extends to over 890,000 American hotel rooms, as well as carriage on cable and satellite providers throughout Canada. Globally, CNN programming airs through CNN International, which can be seen by viewers in over 212 countries and territories. As of February 2015, CNN is available to approximately 96,289,000 cable, satellite and, telco television households (82.7% of households with at least one television set) in the United States." (Wikipedia)


Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.  (@justqdjing)
http://www.tetraph.com/wangjing/



Vulnerability Description:
CNN has a cyber security bug problem. It cab be exploited by XSS (Cross Site Scripting) and Open Redirect (Unvalidated Redirects and Forwards) attacks.

Based on news published, CNN users were hacked based on both Open Redirect and XSS vulnerabilities.

According to E Hacker News on June 06, 2013, (@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN.

After the attack, CNN takes measures to detect Open Redirect vulnerabilities. The measure is quite good during the tests. Almost no links are vulnerable to Open Redirect attack on CNN's website, now. It takes long time to find a new Open Redirect vulnerability that is un-patched on its website.

CNN.com was hacked by Open Redirect in 2013. While the XSS attacks happened in 2007.



<1> There are some tweets complaining about hacked with links from CNN.

At the same time, the cybercriminals have also leveraged a similar vulnerability in a Yahoo domain to trick users into thinking that the links point to a trusted website.


Yahoo Open Redirects Vulnerabilities:
http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html





<2> CNN.com XSS hacked
http://seclists.org/fulldisclosure/2007/Aug/216


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. CNN has patched some of them. BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. It also publishes suggestions, advisories, solutions details related to XSS and URL Redirection vulnerabilities and cyber intelligence recommendations.



Detail:
http://seclists.org/fulldisclosure/2014/Dec/128




Related Articles:
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01507.html
https://packetstormsecurity.com/files/129754/cnn-xssredirect.txt
http://cxsecurity.com/issue/WLB-2014120196
https://progressive-comp.com/?l=full-disclosure&m=141988778706126&w=1
https://itinfotechnology.wordpress.com/2015/01/01/cnn-travel-cn
http://russiapost.blogspot.com/2015/06/cnn-travelcnncom-xss
https://www.facebook.com/permalink.php?story_fbid=745810602196352
http://www.weibo.com/5337321538/Clij19Krr?from=page_1005055337321538
https://plus.google.com/u/0/112682696109623633489/posts/TyipiFnULRj
http://webcabinet.tumblr.com/post/116075198227/ithut-cnn-cnn
http://mathdaily.lofter.com/post/1cc75b20_4f0a751
https://twitter.com/tetraphibious/status/607085555776561152
http://qianqiuxue.tumblr.com/post/120838173915/ithut-cnn-xss-url-redirection-bug
http://itprompt.blogspot.com/2015/06/cnn-travelcnncom-xss
https://www.facebook.com/permalink.php?story_fbid=891722397533572
http://tetraph.com/security/xss-vulnerability/cnn-xss-url-redirect-bug/
http://ittechnology.lofter.com/post/1cfbf60d_7338770
https://hackertopic.wordpress.com/2015/01/04/cnn-travel-cnn
http://www.inzeed.com/kaleidoscope/xss-vulnerability/cnn-xss-url-redirect-bug/



谷雨 醉心 冬小麦:

IT 计算机信息网络安全技术:

Google DoubleClick.net (Advertising) System URL Redirection Vulnerabilities Could Be Used by Spammers



Although Google does not include Open Redirect vulnerabilities in its bug bounty program, its preventive measures against Open Redirect attacks have been quite thorough and effective to date.



However, Google might have overlooked the security of its DoubleClick.net advertising system. After some test, it is found that most of the redirection URLs within DoubleClick.net are vulnerable to Open Redirect vulnerabilities. Many redirection are likely to be affected. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.



These redirections can be easily used by spammers, too.



Some URLs belong to Googleads.g.Doubleclick.net are vulnerable to Open Redirect attacks, too. While Google prevents similar URL redirections other than Googleads.g.Doubleclick.net. Attackers can use URLs related to Google Account to make the attacks more powerful.



Moreover, these vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, Amazon, Godaddy, Yahoo, Netease, e.g. by bypassing their Open Redirect filters (Covert Redirect). These cyber security bug problems have not been patched. Other similar web and computer attacks will be published in the near future.



Discover and Reporter:

Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

http://www.tetraph.com/wangjing/




(1) Background Related to Google DoubleClick.net.


(1.1) What is DoubleClick.net?


"DoubleClick is a subsidiary of Google which develops and provides Internet ad serving services. Its clients include agencies, marketers (Universal McCann, AKQA etc.) and publishers who serve customers like Microsoft, General Motors, Coca-Cola, Motorola, L'Oréal, Palm, Inc., Apple Inc., Visa USA, Nike, Carlsberg among others. DoubleClick's headquarters is in New York City, United States.



DoubleClick was founded in 1996 by Kevin O'Connor and Dwight Merriman. It was formerly listed as "DCLK" on the NASDAQ, and was purchased by private equity firms Hellman & Friedman and JMI Equity in July 2005. In March 2008, Google acquired DoubleClick for US$3.1 billion. Unlike many other dot-com companies, it survived the dot-com bubble and focuses on uploading ads and reporting their performance." (Wikipedia)




(1.2) Reports Related to Google DoubleClick.net Used by Spammers


(1.2.1) Google DoublClick.net has been used by spammers for long time. The following is a report in 2008.


"The open redirect had become popular with spammers trying to lure users into clicking their links, as they could be made to look like safe URLs within Google's domain."

https://www.virusbtn.com/blog/2008/06_03a.xml?comments


(1.2.2) Mitechmate published a blog related to DoubleClick.net spams in 2014.


"Ad.doubleclick.net is recognized as a perilous adware application that causes unwanted redirections when surfing on the certain webpages. Actually it is another browser hijacker that aims to distribute frauds to make money.Commonly people pick up Ad.doubleclick virus when download softwares, browse porn site or read spam email attachments. It enters into computer sneakily after using computer insecurely.Ad.doubleclick.net is not just annoying, this malware traces users’ personal information, which would be utilized for cyber criminal."

http://blog.mitechmate.com/remove-ad-doubleclick-net-redirect-virus/


(1.2.3) Malwarebytes posted a news related to DoubleClick.net malvertising in 2014.


"Large malvertising campaign under way involving DoubleClick and Zedo"

https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/



(2) DoubleClick.net System URL Redirection Vulnerabilities Details.


The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7.


Used webpages for the following tests. The webpage address is "http://securitypost.tumblr.com/". We can suppose that this webpage is malicious.




...




Detail:

http://seclists.org/fulldisclosure/2014/Nov/28


谷雨 醉心 冬小麦:

IT 计算机信息网络安全技术:

行者路上有風有雨有彩虹:

IT 计算机&信息网络 技术:

Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs



Domain:
http://www.facebook.com



"Facebook is an online social networking service headquartered in Menlo Park, California. Its website was launched on February 4, 2004, by Mark Zuckerberg with his college roommates and fellow Harvard University students Eduardo Saverin, Andrew McCollum, Dustin Moskovitz and Chris Hughes. The founders had initially limited the website's membership to Harvard students, but later expanded it to colleges in the Boston area, the Ivy League, and Stanford University. It gradually added support for students at various other universities and later to high-school students. Since 2006, anyone who is at least 13 years old is allowed to become a registered user of the website, though the age requirement may be higher depending on applicable local laws. Its name comes from a colloquialism for the directory given to it by American universities students." (Wikipedia)


"Facebook had over 1.44 billion monthly active users as of March 2015.Because of the large volume of data users submit to the service, Facebook has come under scrutiny for their privacy policies. Facebook, Inc. held its initial public offering in February 2012 and began selling stock to the public three months later, reaching an original peak market capitalization of $104 billion. As of February 2015 Facebook reached a market capitalization of $212 Billion." (Wikipedia)


Discover:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/





(1) General Vulnerabilities Description:

(1.1) Two Facebook vulnerabilities are introduced in this article.

Facebook has a computer cyber security bug problem. It can be exploited by Open Redirect attacks.  This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Since Facebook is trusted by large numbers of other websites. Those vulnerabilities can be used to do "Covert Redirect" to other websites such as Amazon, eBay, Go-daddy, Yahoo, 163, Mail.ru etc.


(1.1.1) One Facebook Open Redirect vulnerability was reported to Facebook. Facebook adopted a new mechanism to patch it. Though the reported URL redirection vulnerabilities are patched. However, all old generated URLs are still vulnerable to the attacks. Section (2) gives detail of it.

The reason may be related to Facebook's third-party interaction system or database management system or both. Another reason may be related to Facebook's design for different kind of browsers.


(1.1.2) Another new Open Redirect vulnerability related to Facebook is introduced, too. For reference, please read section (3).



Detail:
http://seclists.org/fulldisclosure/2015/Jan/22





Related Articles:
https://packetstormsecurity.com/files/129914/facebook-redirect.txt
https://rstforums.com/forum/archive/index.php/t-95459.html
https://progressive-comp.com/?l=full-disclosure&m=142104333521454&w=1
http://whitehatpost.blog.163.com/blog/static/24223205420155501020837/
http://webtechhut.blogspot.com/2015/06/facebook-old-generated-urls-still.html
http://qianqiuxue.tumblr.com/post/120750458855/itinfotech-facebook-web-security
http://www.weibo.com/5099722551/Cl8mZk3Q3?from=page_1005055099722551
https://infoswift.wordpress.com/2015/01/15/facebook-old-generated-urls
https://twitter.com/buttercarrot/status/606696103329693696
https://www.facebook.com/permalink.php?story_fbid=891088980930247
http://itinfotech.tumblr.com/post/120750347586/facebook-web-security-0day-bug
http://frenchairing.blogspot.fr/2015/06/facebook-old-generated-urls-still.html
http://essaybeans.lofter.com/post/1cc77d20_7300027
http://japanbroad.blogspot.jp/2015/06/facebook-old-generated-urls-still.html
http://ittechnology.lofter.com/post/1cfbf60d_72fd108
https://inzeed.wordpress.com/2015/01/18/facebook-old-generated-urls-still
https://www.facebook.com/permalink.php?story_fbid=745417422235670
http://www.inzeed.com/kaleidoscope/computer-security/facebook-open-redirect/