白帽子计算机安全:

Web Technology:

 美国有线电视新闻网公开跳转漏洞


CNN cnn.com ADS Open Redirect Security Vulnerability


Based on news published, CNN users were hacked by both Open Redirect vulnerability in 2007.


According to E Hacker News on June 06, 2013, “(@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN.”

"The tweet apparently shows cyber criminals managed to leverage the open redirect security flaw in the CNN to redirect twitter users to the Diet spam websites." (E hacker News)

The vulnerability can be attacked without user login. Tests were performed on Chrome 32 in Windows 8 and Safari 6.16 in Mac OS X v10.7.


Reported by:
Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.
http://www.tetraph.com/wangjing/



Detail:
https://computertechhut.wordpress.com/2014/12/29/cnn-cnn-com-ads-open-redirect-security-vulnerability/




评论
热度(23)
© 點滴的記錄 | Powered by LOFTER