Friday, 20 November 2015

五种有效的学习方法 - 方法比努力重要


















1 目标学习法
掌握目标学习法是美国心理学家布卢姆所倡导的。布卢姆认为只要有最佳的教学,给学生以足够的时间,多数学习者都能取得优良的学习成绩。
教 学内容是由许多知识点构成,由点形成线,由线完成相对独立的知识体系,构成彼此联系的知识网。因此明确目标,就要在上新课时了解本课知识点在知识网中的 位置,在复习时着重从宏观中把握微观,注重知识点的联系。另外,要明确知识点的难易程度,应该掌握的层次要求,即识记、理解、应用、分析、综合、评价等不 同层次,最重要的就是明确学习重要目标,即知识重点。有了目标能增强我们学习的注意力与学习动机,即为了这目标我必须好好学习。
可见,明确学习目标是目标学习法的先决条件。目标学习法的核心问题,是必须形成自我测验、自我矫正,自我补救的自我约束习惯。对应教学目标编制形成性检测题,对自己进行检测,并及时地反馈评价,及时矫正和补救。

学 习目标与人生目标不同,它比较具体,可以在短时间内实现。它可以使我们比较容易地享受成功的欢乐。增加我们的信心。因此,目标学习法也是成功教育的主要 策略之一,同时,实现学习目标也是实现人生目标的开始,只有使大小、远近目标有机的结合,才会避免一些无效劳动的发生。


2 问题学习法
带着问题去看书,有利于集中注意力,目的明确,这既是有意学习的要求,也是发现学习的必要条件。心理学家把注意分为无意注意与有意注意两种。有意注意要求 预先有自觉的目的,必要时需经过意志努力,主动地对一定的事物发生注意。它表明人的心理活动的主体性和积极性。问题学习法就是强调有意注意有关解决问题的 信息,使学习有了明确的指向性,从而提高学习效率。

问题学习法要求我们看书前,首先去看一下课文后的思考题,一边看书一边思考;同时,它还要求我们在预习时去寻找问题,以便在听课时在老师讲解该问题时集中注意力听讲;最后,在练习时努力地去解决一个个问题,不要被问题吓倒,解决问题的过程就是你进步的过程。


3 矛盾学习法
矛盾的观点是我们采用对比学习法的哲学依据因为我们要进行对比,首先要看对比双方是否具有相似、相近、或相对的属性,这就是可比性。对比法的最大优点在 于:(1)对比记忆可以减轻我们记忆负担,相同的时间内可识记更多的内容。(2)对比学习有利于区别易混淆的概念、原理,加深对知识的理解。(3)对比学 习要求我们把知识按不同的特点进行归类,形成容易检索的程序知识,有利于知识的再现与提取,也有利于知识的灵活运用。

综观中学课本,可比 知识比比皆是,如政治内容中,权利与义务、民主与法制、物质与意识、和平与发展等等;如语文学习中,复句与单句、设问与反问、比喻与借 代、记叙与议论、实词与虚词等等;如数学学习中,小数与分数、指数与对数、奇函数与偶函数、平行与垂直等等;如化学学习中,金属与非金属、晶体与非晶体、 化合与分解、氧化与还原、酸与盐等等。对比学习法不仅可以用于同一学科内的学习,还可以进行跨学科比较,如学习政治可用语文中的句子分析法来分析政治概 念,如在学习近现代史中的民族解放运动时,又可以利用政治有关民族的基本观点,学习自然学时,可回忆一下有关语文课本中的有关科学家的传记文章,也可结合 唯物辩证法的有关原理进行学习。


4 联系学习法
唯物辩证法认为世界上任何事物都是同周围的事物存在着相互影响、相互制约的关系。科学知识是对客观事物的正确反映,因此,知识之间同样存在着普遍的联系,我们把联系的观点运用到学习当中,会有助于对科学知识的理解,会起到事半功倍的效果。

根 据心理学迁移理论,知识的相似性有利于迁移的产生,迁移是一种联系的表现,而联系学习法的实质不能理解为仅仅只是一种迁移。迁移从某种意义上说是自发 的,而运用联系学习法的学习是自觉的,是发挥主观能动性的充分体现,它以坚信知识点必然存在联系为首要前提,从而有目的地去回忆、检索大脑中的信息,寻找 出它们间的内在联系。当然,原来对知识掌握的广度与深度直接影响到建立知识间联系的数量多少,但我们可以通过辩证思维,通过翻书、查阅、甚至是新的学习, 去构建新的知识联系,并使之贮存在我们的大脑之中,使知识网日益扩大。这一点是迁移所不能做到的。

学习新知识就要想到旧知识,想到自己亲 身经历过的事,不能迷信权威,克服定势思维。把抽象的知识具体化,发挥右大脑的作用。如辛亥革命发生在1911年, 二次革命发生在1913年,护国战争发生在1915年,护法战争发生在1917年,这四个历史事件依次间隔二年,只要记住这两个历史事件的逻辑顺序,知道 其中任何一个事件的年代,就可以联想,推算出其它三个事件的年代。这是联想记忆法。

读书之法,既先识得他外面一个皮壳,又须识得他里面骨髓方好。——朱熹


5 归纳学习法
所谓归纳学习法是通过归纳思维,形成对知识的特点、中心、性质的识记、理解与运用。当然,作为一种学习方法来说,归纳学习法崇尚归纳思维,但它不等同于归纳思维本身,同时它还要以分析为前提。

可见,归纳学习法指的是要善于去归纳事物的特点、性质,把握句子、段落的精神实质,同时,以归纳为基础,搜索相同、相近、相反的知识,把它们放在一起进行识记与理解。其优点就在于能起到更快地记忆、理解作用。

研究必须充分地占有材料,分析它的各种发展形式,探寻这些形式的内在联系。——马克思



转载自Tetraph:
http://www.tetraph.com/blog/study/study-method/

Thursday, 29 October 2015

心的回归 - 这一生,我们都走在回家的路上
















这一生,我们都走在回家的路上。


回家,永远是我心中无法解开的情节。无论身在何处,我的心永远是朝着家的方向,它在一角默默的绽开,灯火阑珊处映射着家的绚丽。


家,也将是一个多么令人心痛的字眼。离家之后才明白对家是多么的不舍,张开的翅膀听到它也会微微一颤,纵然身躯多么矫健,臂膀多么宽厚,在家的面前也将是脆弱无力。


夜 深,烟花升,灯火明。多少人已经离开了家,多少人将要离开家,又有多少人想要回家。多少人在异地不经意的抬头,看见烟火绚烂的绽放,失落感油然而生,可 为了所谓的梦想,多少人无可奈何,百感交集。家里的灯火或许没那么美丽,烟花或许没那么灿烂,但是自己的内心仍能感受到家的体温,它像母亲的双手般温暖, 父亲的教导般纯朴,亲人的劝告般温馨。它流在你的血液里,扎根在你的骨髓中。它无时不刻不在提醒你,让心回家。


公益回家的广告,煽动了我 们多少泪点,也唤醒了我久已沉睡的心。父母在,不远行。直到今天我才大彻大悟,这句话说了两千年,可有多少人才能明白它的真谛? 有多少人能按照它的旨意前行?起码我不是,以前不是。我不得不悔恨自己,悔恨当初。曾经一心想飞,想离家远远的,越远越好。抛开一切,逃避束缚,为了所谓 的梦想,可怜的父母,在所谓面前低人一等,而他们没有半句怨言,依然在静静的支持你,鼓励你。背后的辛酸与泪水你看不到,你看到的只是灯红酒绿,你看到的 只是金钱与权力,你看到的只是名声与羡慕!你眼里只有你所谓的成功,只有你的片刻的掌声与欢笑。你没有看到,父母的孤独与寂寞,他们什么都不需要,只要你 的陪伴与电话!他们只想要一个完整的你,一个健康快乐的你。有时候他们只是想见你一面,想听听你的声音,这你都不能满足,又怎能谈成功?


我 欠他们的太多了,多的一辈子都无法弥补,这是一种罪,天大的罪,罄竹难书。我们太吝啬了,小气到在家就不曾说句感激的话,不曾多一些时间多陪一陪他们。 而我们呢,很忙,真的很忙。我们忙什么了?睡觉?玩电脑?玩手机?聚会?是啊,是挺忙的。我们给了他们多少时间?一日两餐吗?


内疚是失败 者 的独白,但却是良心的谴责。当车票买到手的那刻,我知道我对父母的歉疚只能加深而不能弥补了。远行,我甚至有些反感了,多少次我扪心自问,按 照这样的走法,与父母的相处机会可是真的屈指可数了。相信很多远行者都是一年回家两次,按照这个算法,我们回家的次数还能过百吗?


永远不会 忘记,我们是中国人,百善孝为先。如果我连最基本的都做不到,我就是一个一事无成的人,一个不完整的人。每次离家我都会躲避母亲的眼神,那是失 望,期望,坚定的汇总。仔细想想,我最基本的责任都没尽到,其他还有什么可谈。家,永远是我们梦境也是我们自己创造的,是我们大脑存在的凌乱的记忆碎片在 梦中被一种无形的力量加以整合与编造,使之存在短暂的真实感,并伴随着醒来渐渐消退。的港湾,心中没有家的人永远是一个失败者。


无论多久,它总会在梦中出现,不论多远,我们不会停止奔跑的脚步,朝着家的方向。将来的将来,我不再迷茫,不再没有目的的追求,不走没有结果的旅程。家,永远是我的落脚点,让心回家,回到父母身边,弥补欠下的债。



这一生,我们都走在回家的路上。






转载自蝶比翼美文:
http://diebiyi.com/articles/essay/home-back/


Wednesday, 14 October 2015

Five Important Work Suggestion - Very Useful for Success
















This post is in partnership with Time. The article below was originally published at Time.com

With so much career advice floating around the interwebs, some of it is bound to be poor. Luckily we here at Levo don’t just trust the haphazardly doled-out opinions of self-appointed “leadership experts” and other dubious characters. We go straight to the top—men and women who have worked their way to massive career success — and ask them. What strategies actually worked for them? Which career buzz phrases should be ignored completely? Here are a few pieces of career advice that you should never follow.

1. “Always have a five-year plan.”
Haven’t you heard? Five-year plans are out, pivoting is in. Having tangible goals is awesome and necessary, but trying to plan out the next five years of your life is neither. The best opportunities are often those that you don’t see coming. Being too stuck to your “five-year plan” inhibits you from taking opportunities as they arise, and pivoting in new directions.

2. “Don’t be a job hopper.”
There are worse things to be. Namely, the quiet loyal workhorse who never leaves or makes the money she deserves. It’s a new economy people, job hopping is becoming the norm. These days, employees who stay in companies for longer than two years earn 50% less over their lifetimes. So yes, be gracious and respectful to each and every one of your employers, but certainly don’t stay in a position for fear of being labeled “a job hopper.”

3. “Follow the money.” / “Just do what you love and the money will follow.”
Equally bad advice, from opposite ends of the spectrum. Following the money with complete disregard for your interests is a surefire path toward a soul-sucking career doing something you hate. It may not even be the best financial move in the long term. On the other side of that coin, doing what you love with the expectation that financial success will miraculously follow is naive and ridiculous. As Kate White always says, think about where your interests and talents intersect with the greatest potential for financial success, and head toward those points of intersection.

4. “Don’t be too grabby. Let your work speak for itself.”
This is the kind of advice your Middle Eastern grandfather who owned a small business 40 years ago might give you (not from personal experience or anything). Even if it means well, it is just not true. Remember that episode of New Girl? Jess wants to be vice principal of her school: “I’m just hoping, you know in a few years, I’ll have enough experience that Dr. Foster will consider me for Vice Principal.” Coach asks, “Why don’t you just ask for it?” Jess says, “You can’t just ask for a promotion, you know, you have to earn the promotion with years of hard work.” Coach laughs. Please, don’t be Jess.

5. “Don’t waste time applying to jobs you know you won’t get.”
We just published a great piece from the Personal Branding Blog that addresses this very topic. Just because you think a particular job is a reach or you’re not the ideal fit, that doesn’t mean you shouldn’t apply. Within limits of course—don’t start applying for wedding photographer assistant positions if you want to be a pharmacist (unless you’ve always cultivated a secret passion for photography of course). Every job you apply to is an opportunity to tighten up your resume, hone your interview skills, and build confidence, which is never a waste of time.


Article From InZeed:
http://www.inzeed.com/kaleidoscope/life/work-useful-suggestion/

Thursday, 10 September 2015

浮生半日 烟火红尘 一念清净 烈焰成池















“半生漂泊,每一次雨打归舟”,浮生半日,烟火红尘,也说饮鸩不止渴,然终是一杯清茶洗过尘心,弦拨心上,山岚依如茶杯上的云烟。谁是谁别了三生三世的影,两吊钱赎回的旧梦遗风,谁还醉唱挽歌浅斟一盏薄情,清酒一壶就醉生梦死了时光。

苦雪烹茶安然度过世界末日,许多人和事都重生了,我想我也会忘了那只乌鸦在末日的方舟上几番徘徊,飞过无痕,狮子却说爱我就让全世界都知道。爱是一 场荨麻 疹,容我再洗净铅华,待千帆过尽。这一别两宽心,各生新欢喜。太阳升起的时候,举目四方宿命繁星。如陈亦迅唱那首苦瓜:当你干杯再举箸,突然间相看莞尔, 某萧瑟晚秋深夜,忽而明了了,而黄叶便碎落。

时间很短,天涯很远。自当终有弱水替三千。今宵请你多珍重,方配这半世流离醉笑三千场离散河两岸,江湖相忘。这杯烈酒下肚,碎一地离殇亦无需你刻意唱一曲骊歌摆渡,烟草的味道,风会把它稀释掉。

麦田几次成熟容我焚香安静的难过,心怀感恩,祈福。

诗经里说:一月气聚,二月水谷,三月驼云,四月裂帛,五月袷衣,六月莲灿,七月兰浆,八月诗禅,九月浮槎,十月女泽,十一月乘衣归,十二月风雪客。微雨突袭的三月桃花春柳拂面的桥头,可有良人云里衣衫?四月裂帛裂了思,陌上花谢了,可徐徐归么?

孰说世间所有的相遇都是久别重逢,亦记得某年某月某日小北说:我可以留着你,也可以放任自由。




期:浮世流光,惜物恋人。一念清净,烈焰成池。

寸寸云文不成文,如果是伤了春悲了秋,写一路醉,哭一路歌,扯断心神,终亦忘却寒山。诗人,你如山的行囊里数

不尽的人间烟柳可载得起这坛醉生梦死?

烟水悠悠,淡酒一盏,十二月风雪客,同年同月同日刮着同个方向同样度数的风,都已不是当时。我想我是在待着一位故人,他还没有来,也许在来的路途上,我且沏好了茶,待着,如此 就好。




转载自蝶比翼美文:
http://diebiyi.com/articles/essay/shishi/

Monday, 31 August 2015

Youth - Time of Beautiful Emotion


 















Youth is not a time of life; it is a state of mind; it is not a matter of rosy cheeks, red lips and supple knees; it is a matter of the will, a quality of the imagination, a vigor of the emotions; it is the freshness of the deep springs of life.
 

Youth means a temperamental predominance of courage over timidity, of the appetite for adventure over the love of ease. This often exists in a man of 60 more than a boy of 20. Nobody grows old merely by a number of years. We grow old by deserting our ideals.

 
Years may wrinkle the skin, but to give up enthusiasm wrinkles the soul. Worry, fear, self-distrust bows the heart and turns the spirit back to dust.

 
Whether 60 or 16, there is in every human being’s heart the lure of wonders, the unfailing appetite for what’s next and the joy of the game of living. In the center of your heart and my heart, there is a wireless station; so long as it receives messages of beauty, hope, courage and power from man and from the infinite, so long as you are young.

 
When your aerials are down, and your spirit is covered with snows of cynicism and the ice of pessimism, then you’ve grown old, even at 20; but as long as your aerials are up, to catch waves of optimism, there’s hope you may die young at 80.

 
 

Monday, 13 July 2015

关于山, 描写山的诗句 - 文中带山的经典古文

















1.千山鸟飞绝,万径人踪灭。
(柳宗元:《江雪》)
2.白日依山尽,黄河入海流。
(王之涣:《登鹳雀楼》)
3.会当凌绝顶,一览众山小。
(杜甫:《望岳》)
4.国破山河在,城春草木深。
(杜甫:《春望》)
5.空山不见人,但闻人语响。
(王维:《鹿柴》)



6.明月出天山,苍茫云海间。
(李白:《关山月》)
7.相看两不厌,只有敬亭山。
(李白《独坐敬亭山》)
8.种豆南山下,草盛豆苗稀。
(陶渊明:《归园田居》)
9.西北望长安,可怜无数山。青山遮不住,毕竟东流去。
(辛弃疾:《菩萨蛮?书江西造口壁》)
10.不识庐山真面目,只缘身在此山中。
(苏轼:《题西林壁》)



11.山光悦鸟性,潭影空人心。
(常建:(题破山寺后禅院))
12.晚风拂柳笛声残,夕阳山外山。
(李叔同:《送别》)
13.无限山河泪,谁言天地宽。
(夏完淳:《别云间》)
14. 客路青山外,行舟绿水前。
( 王湾《次北故山下》)
15.飞来山上千寻塔,闻说鸡鸣见日升。
( 王安石《登飞来峰》)



16.山重水复疑无路,柳暗花明又一村。
(陆游:《游山西村》)
17.七八个星天外,两三点雨山前。
(辛弃疾〈西江月?夜行黄沙道中〉)
18.山回路转不见君,雪上空留马行处。
(岑参《白雪歌送武判官归京》)
19.两岸猿声啼不住,轻舟已过万重山。
(李白《早发白帝城》)
20.但使龙城飞将在,不教胡马度阴山。
(王昌龄《出塞》)



21.黄河远上白云间,一片孤城万仞山。
(王之涣《凉州词》)
22.采菊东篱下,悠然见南山。
(陶渊明:《饮酒》)
23.遥望洞庭山水色,白银盘里一青螺。
(刘禹锡:《望洞庭》)
24.青海长云暗雪山,孤城遥望玉门关。
(王昌龄《从军行》)
25.百川沸腾,山冢碎甭。高谷为岸,深谷为陵。
(《诗经》)



转载自 InZeed:
http://www.inzeed.com/kaleidoscope/essays/mountain/


有关于海的诗句 - 海纳百川 有容乃大



















1,白日依山尽,黄河入海流。——王之涣《登鹳鹊楼》
2,百川东到海,何时复西归?——乐府《长歌行》
3,乘风破浪会有时,直挂云帆济沧海。——李白《行路难》
4,春江潮水连海平,海上明月共潮生。——张若虚《春江花月夜》
5,大漠孤烟直,长河落日圆。——王维《使至塞上》


6,东临碣石,以观沧海。水何澹澹,山岛竦峙。——曹操《观沧海》
7,浮天沧海远,去世法舟轻。——钱起《送僧归日本》
8,俯首无齐鲁,东瞻海似杯。——李梦阳《泰山》
9,海内存知己,天涯若比邻。——王勃《送杜少府之任蜀州》
10,海日生残夜,江春入旧年。——王湾《次北固山下》


11,海上升明月,天涯共此时。——张九龄《望月怀古》
12,海水无风时,波涛安悠悠。——白居易《题海图屏风》
13,瀚海阑干百丈冰,愁云惨淡万里凝。——岑参《白雪歌送武判官归京》
14,君不见黄河之水天上来,奔流到海不复回。——李白《将进酒》
15,君不见走马川行雪海边,平沙莽莽黄入天。——岑参《走马川行奉送封大夫出师西征》


16,口衔山石细,心望海波平。——韩愈《精卫填海》
17,楼观沧海日,门对浙江潮。——宋之问《灵隐寺 》
18,茫茫东海波连天,天边大月光团圆。——黄遵宪《八月十五日夜太平洋舟中望月作歌》
19,三万里河东入海,五千仞岳上摩天。——陆游《秋夜将晓出篱门迎凉有感》
20,山水绕城春作涨,江涛入海夜通潮。——陈子澜《恩波桥诗》


21,小舟从此逝,江海寄余生。——苏轼《临江仙》
22,一雨纵横亘二洲,浪淘天地入东流。却余人物淘难尽,又挟风雷作远游。——梁启超《太平洋遇雨》
23,月下飞天镜,云生结海楼。——李白《渡荆门送别》
24,曾经沧海难为水,除却巫山不是云。——元稹《离思》
25,煮海之民何所营,妇无蚕织夫无耕。衣食之源太寥落,牢盆煮就汝轮征。柳永《煮海歌》




转载自 Tetraph:
http://www.tetraph.com/blog/articles/sea/

Saturday, 20 June 2015

New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)

The New York Times  Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)




Domain:
http://www.nytimes.com/



"The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper's print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as "The Gray Lady", The New York Times is long regarded within the industry as a national "newspaper of record". It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper's publisher and the company's chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times. The paper's motto, "All the News That's Fit to Print", appears in the upper left-hand corner of the front page." (Wikipedia)






(1) Vulnerability Description:

The New York Times has a computer cyber security problem. Hacker can exploit its users by XSS bugs. 


The code program flaw occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its pages. However, it seems that Nytimes does not filter the content used for the construction at all before 2013.


Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All pages of articles). In fact, all article pages that contain “PRINT” button, “SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected.


Nytimes changed this mechanism since 2013. It decodes the URLs sent to its server. This makes the mechanism much safer now.


However, all URLs before 2013 are still using the old mechanism. This means almost all article pages before 2013 are still vulnerable to XSS attacks. I guess the reason Nytimes does not filter URLs before is cost. It costs too much (money & human capital) to change the database of all posted articles before.





















Living POCs Codes:





POC Video:

(2) Vulnerability Analysis:
Take the following link as an example,
It can see that for the page reflected, it contains the following codes. All of them are vulnerable.


<li class=”print”>
<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=print”>Print</testtesttest?pagewanted=print”></a>
</li>


<li class=”singlePage”>
<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><testtesttest?pagewanted=all”> Single Page</vulnerabletoattack?pagewanted=all”></a>
 </li>


<li> <a onclick=”s_code_linktrack(‘Article-MultiPagePageNum2′);” title=”Page 2″ href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=2″>2</testtesttest?pagewanted=2″></a> 
</li>


<li> <a onclick=”s_code_linktrack(‘Article-MultiPagePageNum3′);” title=”Page 3″ href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=3″>3</testtesttest?pagewanted=3″></a> 
</li>


<a class=”next” onclick=”s_code_linktrack(‘Article-MultiPage-Next’);” title=”Next Page” href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=2″>Next Page »</testtesttest?pagewanted=2″></a>






(3) What is XSS?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.


"Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet." (Acunetix)





The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.









Discover and Reporter:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)










More Details:





Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)




Domains:
http://lxr.mozilla.org/
http://mxr.mozilla.org/
(The two domains above are almost the same)



Websites information:
"lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the mainline of the mozilla.org CVS server, Mercurial Server, and Subversion Server; these pages are updated many times a day, so they should be pretty close to the latest‑and‑greatest." (from Mozilla)

"Mozilla is a free-software community which produces the Firefox web browser. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, with only minor exceptions. The community is supported institutionally by the Mozilla Foundation and its tax-paying subsidiary, the Mozilla Corporation. In addition to the Firefox browser, Mozilla also produces Thunderbird, Firefox Mobile, the Firefox OS mobile operating system, the bug tracking system Bugzilla and a number of other projects." (Wikipedia)




(1) Vulnerability description:
Mozilla website has a computer cyber security problem. Hacker can attack it by XSS bugs. Here is the description of XSS: "Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet." (Acunetix)



All pages under the following two URLs are vulnerable.
http://lxr.mozilla.org/mozilla-central/source
http://mxr.mozilla.org/mozilla-central/source


This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla's users.


Since there are large number of pages under them. Meanwhile, the contents of the two domains vary. This makes the vulnerability very dangerous. Attackers can use different URLs to design XSS attacks to Mozilla's variety class of users.














POC Codes:
http://lxr.mozilla.org/mozilla-central/source/<body onload=prompt("justqdjing")>

http://mxr.mozilla.org/mozilla-central/source/<body onload=prompt("justqdjing")>




POC Video:






(2) Vulnerability Analysis:
Take the following link as an example,
http://lxr.mozilla.org/mozilla-central/source/chrome/<attacktest>


In the page reflected, it contains the following codes.
<a href="/mozilla-central/source/chrome/%253Cattacktest%253E">
<attacktest></attacktest>
</a>

If insert "<body onload=prompt("justqdjing")>" into the URL, the code can be executed.



The vulnerability can be attacked without user login. Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.






(3) Vulnerability Disclosure:
The vulnerability have been reported to bugzilla.mozilla.org. Mozilla are dealing with this issue.






Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)









More Details: