计算机网络技术

Web News, Technology, Science, etc

网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。

文豆 & 文库:

醉雨他乡游的喜欢:

白帽子计算机安全:

Weather Channel Web Site Vulnerable to Reflected Cross-Site Scripting (XSS) 


Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to researcher Wang Jing’s research. The vulnerability lies in that Weather.com does not filter malicious script codes when constructing HTML tags with its URLs. This way, an attacker just adds a malicious script at the end of the URL and executes it.


“If The Weather Channel’s users were exploited, their Identity may be stolen,” Jing said via email. “At the same time, attackers may use the vulnerability to spy users’ habits, access sensitive information, alter browser functionality, perform denial of service attacks, etc.”


Wang is a Ph.D student from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.




Related News:

http://www.scmagazine.com/the-weather-channels-website-found-vulnerable-to-xss-attacks/article/386010/

http://www.hotforsecurity.com/blog/weather-channel-web-site-vulnerable-to-reflected-cross-site-scripting-xss-10906.html

http://www.shopyourway.com/articles/229824

http://packetstormsecurity.com/files/129288/weatherchannel-xss.txt

http://www.theregister.co.uk/2014/12/01/weather_channel_forecast_bleak_with_a_chance_of_xss/

http://tetraph.com/security/xss-vulnerability/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/

http://ithut.tumblr.com/post/104659802158/whitehatview-the-weather-channel-fixes-web-app

http://www.inzeed.com/kaleidoscope/xss-vulnerability/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/

https://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/

http://w8sdz.tumblr.com/post/103849047220/weather-channel-web-site-vulnerable-to-reflected

http://www.securitylab.ru/news/462524.php

https://www.pinterest.com/pin/465278205228184261/

http://sensorstechforum.com/75-of-the-websites-on-weather-com-vulnerable-to-cross-site-scripting-attacks/

https://www.facebook.com/websecuritiesnews/posts/699866823466824

http://www.cio.com/article/2853294/weathercom-fixes-web-application-vulnerabilities.html

http://www.pcworld.com/article/2853292/weathercom-fixes-web-application-vulnerabilities.html

http://www.computerworld.com/article/2852502/weathercom-fixes-web-app-flaws.html

https://www.secnews.gr/weather-channel-xss

http://www.networkworld.com/article/2853293/weathercom-fixes-web-application-vulnerabilities.html


评论

热度(19)

  1. 白帽子安全计算机网络技术 转载了此图片  到 测试想法
  2. 计算机网络技术文豆 & 文库 转载了此图片  到 行者路上有風有雨有彩虹
  3. 计算机网络技术文豆 & 文库 转载了此图片  到 绿意蛙鸣
  4. 计算机网络技术文豆 & 文库 转载了此图片  到 IT 计算机&信息网络 技术
  5. 计算机网络技术文豆 & 文库 转载了此图片
  6. 白帽子安全乡土情深 转载了此图片  到 湛天雲海碧波影
  7. 白帽子安全乡土情深 转载了此图片  到 文豆 & 文库
  8. 白帽子安全乡土情深 转载了此图片  到 竹意