Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs

  Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs   Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all.   Multiple Open… Continue Reading

Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers

  Google DoubleClick.net (Advertising) System URL Redirection Vulnerabilities Could Be Used by Spammers   Although Google does not include Open Redirect vulnerabilities in its bug bounty program, its preventive measures against Open Redirect attacks have been quite thorough and effective… Continue Reading

Amazon Website Covert Redirect Web Security Bugs Based on Facebook – Attack Simulation

  Amazon Website Covert Redirect Web Security Bugs Based on Facebook – Attack Simulation   Domain: http://www.amazon.com “Amazon.com, Inc. (/ˈæməzɒn/ or /ˈæməzən/) is an American electronic commerce company with headquarters in Seattle, Washington. It is the largest Internet-based retailer in… Continue Reading

GitHub Online Website OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  GitHub Online Website OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)     (1) Domain: github.com   “GitHub is a web-based Git repository hosting service, which offers all of the distributed revision control and source… Continue Reading

VK.com OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  VK.com OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)   (1) Domain: vk.com   “VK (originally VKontakte, Russian: ВКонтакте, literally “in touch”) is the largest Russian social network in Europe. It is available in several languages,… Continue Reading

Netease OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  Netease OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect) (1) Domain: 163.com     “NetEase, Inc. (simplified Chinese: 网易; traditional Chinese: 網易; pinyin: Wǎng Yì) is a Chinese Internet company that operates 163.com, a popular… Continue Reading

OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities

  OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities   Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Web Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2… Continue Reading