计算机网络技术

Web News, Technology, Science, etc

网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。

白帽子安全:

IT 计算机&信息网络 技术:

URFDS: Systematic discovery of Unvalidated Redirects and Forwards in web applications

Author:
Jing Wang, Hongjun Wu
School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore

Abstract:
URL redirection is necessary in web applications. Well-designed redirection makes better user experience. However, if usedimproperly, it could give rise to attacks such as phishing. These improperly used redirections are called Unvalidated Redirects and Forwards (URF). This paper prescribes a mechanism to systemically discover URF vulnerabilities in web applications. The prototype implementation, that we call Unvalidated Redirects and Forwards Detection System (URFDS), uses a black-box scanning technique to modify URLs and analyse the generated output to identify URF. In order to show the feasible of our approach, we tested 142,522,691 unique links and found a great number of vulnerabilities in top websites and popular applications that were overlooked by previous works.

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7346891


测试想法:

IT 计算机&信息网络 技术:

白帽子计算机安全:

CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities


Domain:
cnn.com


"The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time Warner. The 24-hour cable news channel was founded in 1980 by American media proprietor Ted Turner. Upon its launch, CNN was the first television channel to provide 24-hour news coverage, and was the first all-news television channel in the United States. While the news channel has numerous affiliates, CNN primarily broadcasts from the Time Warner Center in New York City, and studios in Washington, D.C. and Los Angeles, its headquarters at the CNN Center in Atlanta is only used for weekend programming. CNN is sometimes referred to as CNN/U.S. to distinguish the American channel from its international sister network, CNN International. As of August 2010, CNN is available in over 100 million U.S. households. Broadcast coverage of the U.S. channel extends to over 890,000 American hotel rooms, as well as carriage on cable and satellite providers throughout Canada. Globally, CNN programming airs through CNN International, which can be seen by viewers in over 212 countries and territories. As of February 2015, CNN is available to approximately 96,289,000 cable, satellite and, telco television households (82.7% of households with at least one television set) in the United States." (Wikipedia)


Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.  (@justqdjing)
http://www.tetraph.com/wangjing/



Vulnerability Description:
CNN has a cyber security bug problem. It cab be exploited by XSS (Cross Site Scripting) and Open Redirect (Unvalidated Redirects and Forwards) attacks.

Based on news published, CNN users were hacked based on both Open Redirect and XSS vulnerabilities.

According to E Hacker News on June 06, 2013, (@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN.

After the attack, CNN takes measures to detect Open Redirect vulnerabilities. The measure is quite good during the tests. Almost no links are vulnerable to Open Redirect attack on CNN's website, now. It takes long time to find a new Open Redirect vulnerability that is un-patched on its website.

CNN.com was hacked by Open Redirect in 2013. While the XSS attacks happened in 2007.



<1> There are some tweets complaining about hacked with links from CNN.

At the same time, the cybercriminals have also leveraged a similar vulnerability in a Yahoo domain to trick users into thinking that the links point to a trusted website.


Yahoo Open Redirects Vulnerabilities:
http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html





<2> CNN.com XSS hacked
http://seclists.org/fulldisclosure/2007/Aug/216


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. CNN has patched some of them. BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. It also publishes suggestions, advisories, solutions details related to XSS and URL Redirection vulnerabilities and cyber intelligence recommendations.



Detail:
http://seclists.org/fulldisclosure/2014/Dec/128




Related Articles:
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01507.html
https://packetstormsecurity.com/files/129754/cnn-xssredirect.txt
http://cxsecurity.com/issue/WLB-2014120196
https://progressive-comp.com/?l=full-disclosure&m=141988778706126&w=1
https://itinfotechnology.wordpress.com/2015/01/01/cnn-travel-cn
http://russiapost.blogspot.com/2015/06/cnn-travelcnncom-xss
https://www.facebook.com/permalink.php?story_fbid=745810602196352
http://www.weibo.com/5337321538/Clij19Krr?from=page_1005055337321538
https://plus.google.com/u/0/112682696109623633489/posts/TyipiFnULRj
http://webcabinet.tumblr.com/post/116075198227/ithut-cnn-cnn
http://mathdaily.lofter.com/post/1cc75b20_4f0a751
https://twitter.com/tetraphibious/status/607085555776561152
http://qianqiuxue.tumblr.com/post/120838173915/ithut-cnn-xss-url-redirection-bug
http://itprompt.blogspot.com/2015/06/cnn-travelcnncom-xss
https://www.facebook.com/permalink.php?story_fbid=891722397533572
http://tetraph.com/security/xss-vulnerability/cnn-xss-url-redirect-bug/
http://ittechnology.lofter.com/post/1cfbf60d_7338770
https://hackertopic.wordpress.com/2015/01/04/cnn-travel-cnn
http://www.inzeed.com/kaleidoscope/xss-vulnerability/cnn-xss-url-redirect-bug/



tetraph的喜欢:

日常生活點滴的記錄:

测试想法:

Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs


Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all.


Multiple Open Redirect vulnerabilities were reported Yahoo. All Yahoo's responses were "It is working as designed". However, these vulnerabilities were patched later.


Several other security researcher complained about getting similar treatment, too.
http://seclists.org/fulldisclosure/2014/Jan/51
http://seclists.org/fulldisclosure/2014/Feb/119


All Open Redirect Vulnerabilities are intended behavior? If so, why patch them later?


From report of CNET, Yahoo's users were attacked by redirection vulnerabilities. "Yahoo.com visitors over the last few days may have been served with malware via the Yahoo ad network, according to Fox IT, a security firm in the Netherlands. Users visiting pages with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware. "




Moreover, since Yahoo is well-known worldwide. these vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, Amazon, Godaddy, Alibaba, Netease, e.g. by bypassing their Open Redirect filters (Covert Redirect). These cyber security bug problems have not been patched. Other similar web and computer flaws will be published in the near future.




The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7.


Disclosed by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing



Both Yahoo and Yahoo Japan online web application has a computer cyber security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.


BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to Open Redirect vulnerabilities and cyber intelligence recommendations.



Detail:
http://seclists.org/fulldisclosure/2014/Dec/88




Related Articles:
http://lists.openwall.net/full-disclosure/2014/12/19/10
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1355
http://diebiyi.com/articles/security/open-redirect/yahoo-yahoo-com-yahoo-co-jp
http://essaybeans.blogspot.com/2015/06/yahoo-yahoocom-yahoocojp-open-redirect.html
https://webtechwire.wordpress.com/2014/12/23/yahoo-yahoo-com-yahoo-co-jp
https://twitter.com/essayjeans/status/606789286428438528
http://inzeed.tumblr.com/post/118511483471/securitypost-yahoo-and-yahoo-japan-may-be
http://essayjeans.lofter.com/post/1cc7459a_7314ba3
https://plus.google.com/u/0/+essayjeans/posts/GxcKENw4ira
http://www.weibo.com/3973471553/ClaSVxObt?from=page_1005053973471553
http://computerobsess.blogspot.com/2015/06/yahoo-yahoocom-yahoocojp-open-redirect.html
https://www.facebook.com/permalink.php?story_fbid=841616792540365
http://xingti.tumblr.com/post/120770694665/lifegrey-yahoo-url-redirection-bug
http://xingzhehong.lofter.com/post/1cfd0db2_6e68fe3
https://redysnowfox.wordpress.com/2014/12/25/yahoo-open-redirect/
http://whitehatpost.blog.163.com/blog/static/24223205420155581240158
https://www.facebook.com/websecuritiesnews/posts/803277513125754
http://www.inzeed.com/kaleidoscope/spamming/yahoo-url-redirection/


日常生活點滴的記錄:

测试想法:

行者路上有風有雨有彩虹:

IT 计算机&信息网络 技术:

Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs



Domain:
http://www.facebook.com



"Facebook is an online social networking service headquartered in Menlo Park, California. Its website was launched on February 4, 2004, by Mark Zuckerberg with his college roommates and fellow Harvard University students Eduardo Saverin, Andrew McCollum, Dustin Moskovitz and Chris Hughes. The founders had initially limited the website's membership to Harvard students, but later expanded it to colleges in the Boston area, the Ivy League, and Stanford University. It gradually added support for students at various other universities and later to high-school students. Since 2006, anyone who is at least 13 years old is allowed to become a registered user of the website, though the age requirement may be higher depending on applicable local laws. Its name comes from a colloquialism for the directory given to it by American universities students." (Wikipedia)


"Facebook had over 1.44 billion monthly active users as of March 2015.Because of the large volume of data users submit to the service, Facebook has come under scrutiny for their privacy policies. Facebook, Inc. held its initial public offering in February 2012 and began selling stock to the public three months later, reaching an original peak market capitalization of $104 billion. As of February 2015 Facebook reached a market capitalization of $212 Billion." (Wikipedia)


Discover:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/





(1) General Vulnerabilities Description:

(1.1) Two Facebook vulnerabilities are introduced in this article.

Facebook has a computer cyber security bug problem. It can be exploited by Open Redirect attacks.  This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Since Facebook is trusted by large numbers of other websites. Those vulnerabilities can be used to do "Covert Redirect" to other websites such as Amazon, eBay, Go-daddy, Yahoo, 163, Mail.ru etc.


(1.1.1) One Facebook Open Redirect vulnerability was reported to Facebook. Facebook adopted a new mechanism to patch it. Though the reported URL redirection vulnerabilities are patched. However, all old generated URLs are still vulnerable to the attacks. Section (2) gives detail of it.

The reason may be related to Facebook's third-party interaction system or database management system or both. Another reason may be related to Facebook's design for different kind of browsers.


(1.1.2) Another new Open Redirect vulnerability related to Facebook is introduced, too. For reference, please read section (3).



Detail:
http://seclists.org/fulldisclosure/2015/Jan/22





Related Articles:
https://packetstormsecurity.com/files/129914/facebook-redirect.txt
https://rstforums.com/forum/archive/index.php/t-95459.html
https://progressive-comp.com/?l=full-disclosure&m=142104333521454&w=1
http://whitehatpost.blog.163.com/blog/static/24223205420155501020837/
http://webtechhut.blogspot.com/2015/06/facebook-old-generated-urls-still.html
http://qianqiuxue.tumblr.com/post/120750458855/itinfotech-facebook-web-security
http://www.weibo.com/5099722551/Cl8mZk3Q3?from=page_1005055099722551
https://infoswift.wordpress.com/2015/01/15/facebook-old-generated-urls
https://twitter.com/buttercarrot/status/606696103329693696
https://www.facebook.com/permalink.php?story_fbid=891088980930247
http://itinfotech.tumblr.com/post/120750347586/facebook-web-security-0day-bug
http://frenchairing.blogspot.fr/2015/06/facebook-old-generated-urls-still.html
http://essaybeans.lofter.com/post/1cc77d20_7300027
http://japanbroad.blogspot.jp/2015/06/facebook-old-generated-urls-still.html
http://ittechnology.lofter.com/post/1cfbf60d_72fd108
https://inzeed.wordpress.com/2015/01/18/facebook-old-generated-urls-still
https://www.facebook.com/permalink.php?story_fbid=745417422235670
http://www.inzeed.com/kaleidoscope/computer-security/facebook-open-redirect/