FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities

FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities    FC2 and Rakuten are the first and second top ranking Japanese local online websites. This article introduces several XSS (Cross-site Scripting) and Open Redirect bugs… Continue Reading

FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities

  FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities   Domain: fc2.com “FC2 (founded July 20, 1999) is a popular Japanese blogging host, the third most popular video hosting service in Japan (after YouTube and… Continue Reading

FC2 fc2.com Online Website URLs XSS (cross site scripting) Vulnerabilities (All URLs Under Domain blog.fc2.com/tag)

FC2 fc2.com Online Website URLs XSS (cross site scripting) Vulnerabilities (All URLs Under Domain blog.fc2.com/tag)   Domain: blog.fc2.com/ “FC2 (founded July 20, 1999) is a popular Japanese blogging host, the third most popular video hosting service in Japan (after YouTube… Continue Reading

Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities

  Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities   Domain: rakuten.com “Rakuten, Inc. (楽天株式会社 Rakuten Kabushiki-gaisha?) is a Japanese electronic commerce and Internet company based in Tokyo, Japan. Its B2B2C e-commerce platform Rakuten Ichiba is the largest… Continue Reading

About Group About.com Main Page’s Search Field XSS (Cross-Site Scripting) Security Vulnerabilities

About Group About.com Main Page’s Search Field XSS (Cross-Site Scripting) Security Vulnerabilities     (1) Domain Description: http://www.about.com/   “For March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month.”… Continue Reading

Amazon Covert Redirect Bug Based on Kindle Daily Post, Omnivoracious, Car Lust

  Amazon Covert Redirect Bug Based on Kindle Daily Post, Omnivoracious, Car Lust – Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect Web Security Vulnerabilities Domains: http://www.amazon.com “Amazon.com, Inc. (/ˈæməzɒn/ or… Continue Reading

CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation

CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation     Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Vulnerability Product: WordPress Ad-Manager Plugin Vendor: CodeCanyon Vulnerable Versions: 1.1.2 Tested Version: 1.1.2 Advisory Publication: Nov 25, 2014 Latest Update: Nov 25,… Continue Reading

CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability

CVE-2014-7291  Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability Weakness   Exploit Title: Springshare LibCal Multiple XSS (Cross-Site Scripting) Security Weakness Product: LibCal Vendor: Springshare Vulnerable Versions: 2.0 Tested Version: 2.0 Advisory Publication: Nov 25, 2014 Latest Update: Nov 25, 2014 Vulnerability… Continue Reading

Alibaba Taobao OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  Alibaba Taobao OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect) (1) Domain: taobao.com     “Taobao (simplified Chinese: 淘宝网; traditional Chinese: 淘寶網; pinyin: Táobǎo Wǎng; literally: “searching for treasure website”) is a Chinese website for online… Continue Reading

两款互联网登录系统曝出重大漏洞 短期内或无法修复 (Covert Redirect)

1 安全漏洞 继OpenSSL漏洞后,开源安全软件再曝安全漏洞。新加坡南洋理工大学研究人员,数学系博士生 王晶 (Wang Jing ) 发现,Oauth 2.0, OpenID 授权接口的网站存隐蔽重定向漏洞、英文名为“Covert Redirect”。     2 入侵技术 攻击者创建一个使用真实站点地址的弹出式登录窗口——而不是使用一个假的域名——以引诱上网者输入他们的个人信息。       3 漏洞危害 黑客可利用该漏洞给钓鱼网站“变装”,用知名大型网站链接引诱用户登录钓鱼网站,一旦用户访问钓鱼网站并成功登陆授权,黑客即可读取其在网站上存储的私密信息。[1]  腾 讯,阿里巴巴,QQ、新浪微博、淘宝网,支付宝,网易,PayPal, eBay, Amazon, Facebook、Google, LinkedIn, Yahoo, VK.com, Microsoft,  Mail.ru, Github, WordPress 等国内外大量知名网站受影响。   鉴 于OAuth和OpenID被广泛用于各大公司——如微软、Facebook、Google、以及 LinkedIn——Wang表示他已经向这些公司已经了汇报。Wang声称,微软已经给出了答复,调查并证实该问题出在第三方系统,而不是该公司的自有 站点。Facebook也表示,“短期内仍无法完成完成这两个问题的修复工作,只得迫使每个应用程序平台采用白名单”。至于Google,预计该公司会追 踪OpenID的问题;而LinkedIn则声称它将很快在博客中说明这一问题。  … Continue Reading