FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities

FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities    FC2 and Rakuten are the first and second top ranking Japanese local online websites. This article introduces several XSS (Cross-site Scripting) and Open Redirect bugs… Continue Reading

FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities

  FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities   Domain: fc2.com “FC2 (founded July 20, 1999) is a popular Japanese blogging host, the third most popular video hosting service in Japan (after YouTube and… Continue Reading

Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities

  Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities   Domain: rakuten.com “Rakuten, Inc. (楽天株式会社 Rakuten Kabushiki-gaisha?) is a Japanese electronic commerce and Internet company based in Tokyo, Japan. Its B2B2C e-commerce platform Rakuten Ichiba is the largest… Continue Reading

CVE-2015-4134 phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities

CVE-2015-4134  phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities   Exploit Title: phpwind v8.7 goto.php? &url Parameter Open Redirect Security Vulnerabilities Product: phpwind Vendor: phpwind Vulnerable Versions: v8.7 Tested Version: v8.7 Advisory Publication: May 25, 2015 Latest Update: May… Continue Reading

Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities   Exploit Title: Opoint Media Intelligence click.php? &noblink parameter URL Redirection Security Vulnerabilities Vendor: Opoint Product: Opoint Media Intelligence Vulnerable Versions: Tested Version: Advisory Publication: April 14, 2015 Latest… Continue Reading

WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities

WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities   Exploit Title: WordPress Newsletter Plug-in /do.php &nr parameter URL Redirection Security Vulnerabilities Product: WordPress Newsletter Plug-in Vendor: Satollo.net Vulnerable Versions: 2.6.* 2.5.* Tested Version: Check Related Versions’ Source Code Advisory… Continue Reading

NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities

NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities   Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01   3.12   3.0   2.4   2.3   2.2… Continue Reading

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

  About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。   根据漏洞研究者发布的结果和POC视频,所有About.com的话题(子域名)都可以被攻击者利用。   新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。   与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE… Continue Reading