文豆 & 文库

Web Technology:

 美国有线电视新闻网公开跳转漏洞


CNN cnn.com ADS Open Redirect Security Vulnerability


Based on news published, CNN users were hacked by both Open Redirect vulnerability in 2007.


According to E Hacker News on June 06, 2013, “(@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN.”

"The tweet apparently shows cyber criminals managed to leverage the open redirect security flaw in the CNN to redirect twitter users to the Diet spam websites." (E hacker News)

The vulnerability can be attacked without user login. Tests were performed on Chrome 32 in Windows 8 and Safari 6.16 in Mac OS X v10.7.


Reported by:
Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.
http://www.tetraph.com/wangjing/



Detail:
https://computertechhut.wordpress.com/2014/12/29/cnn-cnn-com-ads-open-redirect-security-vulnerability/




评论

热度(23)

  1. 白帽子安全行者路上有風有雨有彩虹 转载了此视频  到 测试想法
  2. 计算机网络技术谷雨 醉心 冬小麦 转载了此视频  到 行者路上有風有雨有彩虹
  3. 计算机网络技术IT 计算机信息网络安全技术 转载了此视频  到 IT 计算机&信息网络 技术
  4. 琐事,日常之事计算机网络技术 转载了此视频  到 IT 计算机信息网络安全技术
  5. 琐事,日常之事计算机网络技术 转载了此视频
  6. 白帽子安全计算机网络技术 转载了此视频  到 湛天雲海碧波影
  7. 白帽子安全计算机网络技术 转载了此视频  到 文豆 & 文库
  8. 白帽子安全计算机网络技术 转载了此视频