数学日记

数学是科学的皇后 - 高斯

 

白帽子计算机安全:

ESPN espn.go.com Open Redirect Security VulnerabilitiesDomain:http://espn.go.com/Vulnerability description:Espn.go.com has a security problem. It is vulnerable to Open Redirect attacks.Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 8. Use one of webpages for the following tests. The webpage address is "http://www.diebiyi.com/". Suppose that this webpage is malicious.(1) Vulnerabilities Occurs at ESPN Login page.Vulnerable URL 1:https://r.espn.go.com/members/login?appRedirect=https%3A%2F%2Fwww.facebook.com%2FAndroidOfficialPOC:https://r.espn.go.com/members/login?appRedirect=http%3A%2f%2fdiebiyi.com.comVulnerable URL 2:http://streak.espn.go.com/en/login?redirect=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fwwwgooglecom%2F101882723190828POC:http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fdiebiyi.com(2) Vulnerabilities Attacked without User Login. Vulnerable URL 1:http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=https%3A%2F%2Ftwitter.com%2FAdcash%2Fstatus%2Febay%2F539770783556698112POC:http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=http%3A%2F%2Ftetraph.com?This vulnerability was used to demonstrate "Covert Redirect" of Facebook,Poc Video:https://www.youtube.com/watch?v=HUE8VbbwUmsBlog Detail:http://www.tetraph.com/blog/covert-redirect/covert-redirect-vulnerability-related-to-oauth-2-0-and-openid/During the tests, besides the links given above, large number of ESPN's links are vulnerable to Open Redirect attacks. Poc Video:https://www.youtube.com/watch?v=lCvBt8Elj9w&feature=youtu.beBlog Detail:http://securityrelated.blogspot.sg/2014/12/espn-espn.htmlReported by:Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.http://www.tetraph.com/wangjing/

 
评论

© 数学日记 | Powered by LOFTER