Falha de segurança afeta logins de Facebook, Google e Microsoft

Um estudante de PHD de Singapura, Wang Jing, identificou a falha, chamada de “Covert Redirect”, que consegue usar domínios reais de sites para verificação de páginas de login falsas, enganando os internautas.   Os cibercriminosos podem criar links maliciosos para… Continue Reading

Alibaba Alipay Online Website OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  Alibaba Alipay Online Website OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)     (1) Domain: alipay.com   “Alipay.com is a third-party online payment platform with no transaction fees. It was launched in China in… Continue Reading

Mail.ru Online Service OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  Mail.ru Online Service OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect) (1) Domain: mail.ru     “Mail.Ru Group (London Stock Exchange listed since November 5, 2010) is a Russian Internet company. It was started in… Continue Reading

하트블리드 이어 ‘오픈ID’와 ‘오쓰(OAuth)’서도 심각한 보안 결함

  ‘하트블리드(Heartbleed)’ 버그에 이어 가입자 인증 및 보안용 오픈소스 SW인 ‘오픈ID’와‘오쓰(OAuth)’에도 심각한 결함이 발견됐다고 씨넷, 벤처비트 등 매체들이 보도했다.     싱 가폴난양대학교에 재학중인 ‘왕 징(Wang Jing)’ 박사는 수 많은 웹사이트와 구글, 페이스북, 링크드인, MS, 페이팔 등에서 사용하고 있는 로그인… Continue Reading

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities   Exploit Title: Proverbs Web Calendar /calendar.php Multiple Parameters XSS (Cross-site Scripting) Security Vulnerabilities Vendor: Proverbs Product: Proverbs Web Calendar Vulnerable Versions: 1.0.0   1.1   1.2.2   2.1   2.1.2… Continue Reading

6kbbs v8.0 SQL Injection Security Vulnerabilities

6kbbs v8.0 SQL Injection Security Vulnerabilities   Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1   v8.0 Tested Version: v7.1   v8.0 Advisory Publication: April 01, 2015 Latest Update: April 01, 2015 Vulnerability… Continue Reading

Tencent QQ OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  Tencent QQ OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)       (1) Domain: qq.com     “Tencent QQ, popularly known as QQ, is an instant messaging software service developed by Chinese company Tencent Holdings… Continue Reading