Tags
0-day, browser, computer, exploit, hacker, information, IT, scripting, security, technology, vulnerability, web, whitehat
References:
11 Wednesday Feb 2015
Tags
0-day, browser, computer, exploit, hacker, information, IT, scripting, security, technology, vulnerability, web, whitehat
11 Wednesday Feb 2015
Tags
0-day, application, browser, computer, cybersecurity, database, exploit, hacker, information, IT, scripting, security, technology, vulnerability, web, whitehat
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS
Product: TennisConnect COMPONENTS System
Vendor: TennisConnect
Vulnerable Versions: 9.927
Tested Version: 9.927
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8490
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]
Advisory Details:
(1) Vendor URL:
http://www.tennisconnect.com/products.cfm#Components
Product Description:
TennisConnect COMPONENTS
* Contact Manager (online player database)
* Interactive Calendar including online enrollment
* League & Ladder Management through Tencap Tennis
* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)
* Multi-Administrator / security system with Page Groups
* Member Administration
* MobileBuilder
* Online Tennis Court Scheduler
* Player Matching (Find-a-Game)
* Web Site Builder (hosted web site and editing tools at www. your domain name .com)
(2) Vulnerability Details.
TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “/index.cfm?” page, with “&pid” parameter.
References:
http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8490
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8490
http://www.osvdb.org/show/osvdb/116149
http://cve.scap.org.cn/CVE-2014-8490.html
http://en.hackdig.com/?11701.htm
http://seclists.org/fulldisclosure/2014/Dec/83
http://securitypost.tumblr.com/
http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#
http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352
29 Thursday Jan 2015
Posted Attack, Phishing, Shopping, Vulnerability
inTags
0day-share, Alibaba, AliExpress, computer bug, Electronic Shopping, hacker-topics, Information Security, internet, jing wang, Online, Open Redirect, Security Vulnerabilities, Taobao, Tmall, website, whitehat-tester, XSS
Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities
Domains Basics:
Alibaba Taobao, AliExpress, Tmall are the top three online shopping websites belonging to Alibaba.
Vulnerability Discover:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/
(1) Domains Descriptions:
(1.1) http://www.taobao.com
“Taobao is a Chinese website for online shopping similar to eBay and Amazon that is operated in China by Alibaba Group.” (Wikipedia)
“With around 760 million product listings as of March 2013, Taobao Marketplace is one of the world’s top 10 most visited websites according to Alexa. For the year ended March 31, 2013, the combined gross merchandise volume (GMV) of Taobao Marketplace and Tmall.com exceeded 1 trillion yuan.” (Wikipedia)
Alexa ranking 9 at 10:40 am Thursday, 22 January 2015 (GMT+8).
(1.2) http://aliexpress.com
“Launched in 2010, AliExpress.com is an online retail service made up of mostly small Chinese businesses offering products to international online buyers. It is the most visited e-commerce website in Russia” (Wikipedia)
(1.3) http://www.tmall.com
“Taobao Mall, is a Chinese-language website for business-to-consumer (B2C) online retail, spun off from Taobao, operated in the People’s Republic of China by Alibaba Group. It is a platform for local Chinese and international businesses to sell brand name goods to consumers in mainland China, Hong Kong, Macau and Taiwan.” (Wikipedia)
(2) Vulnerability descriptions:
Alibaba Taobao AliExpress Tmall online electronic shopping website has a cyber security bug problem. It can be exploited by XSS and Covert Redirect attacks.
(3) Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS
The vulnerability can be exploited without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (8.0.7601) in Windows 7.
(3.1) Alibaba Taobao Online Electronic Shopping Website (Taobao.com ) XSS (cross site scripting) Security Vulnerability
The vulnerabilities occur at “writecookie.php?” page with “ck” parameter, e.g
POC Code:
http://www.taobao.com/go/rgn/tw/writecookie.php?ck=tw“–>’-alert(/justqdjing/ )-‘”;&redirect=0
POC Video:
Blog Details:
(3.2)Alibaba AliExpress Online Electronic Shopping Website (Aliexpress.com) XSS Security Vulnerabilities
The vulnerabilities occur at “landing.php?” page with “cateid” “fromapp” parameters, e.g
POC Code:
/’ “><img src=x onerror=prompt(/tetraph/)>
http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=6&fromapp=/‘ “><img src=x onerror=prompt(/justqdjing/)>
http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=6</script>/’ “><img src=x onerror=prompt(/tetraph/)><!–&fromapp=
POC Video:
Blog Details:
(3.3) Alibaba Tmall Online Electronic Shopping Website (Tmall.com) XSS Security Vulnerability
The vulnerabilities occur at “writecookie.php?” page with “ck” parameter, e.g
POC Code:
http://www.tmall.com/go/app/sea/writecookie.php?ck=cn“–>’-alert(/tetraph/ )-‘”;&redirect=1
POC Video:
Blog Details:
This vulnerabilities were disclosed at Full Disclosure. “The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!” All the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards.
(4) Alibaba Taobao(taobao.com)Covert Redirect Security Vulnerability Based on Apple.com
(4.1) Vulnerability description:
Alibaba Taobao has a security problem. It can be exploited by Covert Redirect attacks. Taobao will check whether the redirected URL belongs to domains in Taobao’s whitelist, e.g.
If this is true, the redirection will be allowed.
However, if the URLs in a redirected domain have open URL redirection vulnerabilities themselves, a user could be redirected from Taobao to a vulnerable URL in that domain first and later be redirected from this vulnerable site to a malicious site. This is as if being redirected from Taobao directly.
In fact, Apple.com was found can be exploited by Open Redirect vulnerabilities. Those vulnerabilities details will be published in the near future.
(4.2) The vulnerability occurs at “redirect.htm?” page, with parameter “&url”, i.e.
The vulnerabilities can be attacked without user login. Tests were performed on IE (10.0) of Windows 8, Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Safari 6.1.6 of Mac OS X Lion 10.7.
(4.3) Use a website for the tests,the redirected webpage is “http://www.tetraph.com/blog“. Just suppose it is malicious.
Vulnerable URL:
POC Code:
Poc Video:
Blog Detail:
Those vulnerablities were reported to Alibaba in 2014 and have been patched by the security team (just checked). Name was listed in the hall of fame by Alibaba.
http://security.alibaba.com/people.htm?id=2048213134
Related Articles:
http://seclists.org/fulldisclosure/2015/Jan/100
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1503
http://securityrelated.blogspot.com/2015/01/alibaba-taobao-aliexpress-tmall-online.html
http://www.tetraph.com/blog/computer-security/alibaba-xss-open-redirect/
http://diebiyi.com/articles/security/alibaba-xss-open-redirect/
https://plus.google.com/u/0/107140622279666498863/posts/QFoYGEjbiTX
https://progressive-comp.com/?l=full-disclosure&m=142196709216464&w=1
https://www.facebook.com/websecuritiesnews/posts/802525526534286
https://www.facebook.com/permalink.php?story_fbid=841091885926189&id=767438873291491
https://infoswift.wordpress.com/2015/01/27/alibaba-xss-open-redirect/
http://tetraph.blog.163.com/blog/static/2346030512015545132356/
========================================================
阿里巴巴 淘宝, 天猫, 全球苏卖通 线上电子购物网 跨站脚本攻击 (XSS) & 公开重定向 (Open Redirect) 安全漏洞
域名:
阿里巴巴 淘宝, 天猫, 全球苏卖通 线上电子购物网 是阿里巴巴集团最大的前三家网上购物电子商务网站.
(1) 漏洞描述:
阿里巴巴 淘宝, 天猫, 全球苏卖通 线上电子购物网 有一个安全问题. 它容易遭受 跨站脚本攻击 (XSS) & 公开重定向 (Open Redirect) 安全漏洞攻击.
漏洞不需要用户登录,测试是基于Windows 7 的 IE (8.0. 7601) 和 Ubuntu (14.04) 的 Firefox (34.0)。
(1.1) 阿里巴巴 淘宝 线上电子购物网 (Taobao.com) XSS (跨站脚本攻击) 安全漏洞
漏洞链接地点 “writecookie.php?”, 参数 “ck” e.g.
POC:
http://www.taobao.com/go/rgn/tw/writecookie.php?ck=tw“–>’-alert(/tetraph/ )-‘”;&redirect=0
POC Video:
Blog Details:
(1.2) 阿里巴巴 全球速卖通 在线交易平台 (aliexpress.com) XSS (跨站脚本攻击) 安全漏洞
漏洞链接地点 “mobile_325_promotion_landing.php”, 参数 “cateid” 和 “fromapp” e.g.
POC:
/’ “><img src=x onerror=prompt(/tetraph/)>
http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=6&fromapp=/‘ “><img src=x onerror=prompt(/tetraph/)>
http://activities.aliexpress.com/mobile_325_promotion_landing.php?cateid=6</script>/’ “><img src=x onerror=prompt(/tetraph/)><!–&fromapp=
POC Video:
Blog Details:
(1.3) 阿里巴巴 天猫 线上电子购物网 (Tmall.com) XSS (跨站脚本攻击) 安全漏洞
漏洞链接地点 “writecookie.php?”, 参数 “ck” e.g.
POC:
http://www.tmall.com/go/app/sea/writecookie.php?ck=cn“–>’-alert(/tetraph/ )-‘”;&redirect=1
POC Video:
Blog Details:
(2) 阿里巴巴淘宝线上电子购物网(taobao.com)Covert Redirect(隐蔽重定向跳转)安全漏洞基于 苹果网站
(2.1) 漏洞描述:
阿里巴巴 淘宝购物网 有一个安全问题. 它容易遭受 Covert Redirect (Open Redirect 公开重定向) 漏洞攻击. 所有 属于 Apple.com 的 链接都在白名单内。故而如果 苹果的 网站 本身有 公开重定向问题。那么受害者相当于首先被导向到 苹果官网然后 到 有害网站。 事实上苹果网站被发现有公开重定向问题,过段时间会公布细节。
有漏洞的文件是 “redirect.htm?”, 参数 “&url”, i.e.
这个漏洞不需要用户登录。测试是基于Windows 8 的 IE (10.0) 和 Ubuntu (14.04) 的 Firefox (34.0) 及 Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit),Mac OS X Lion 10.7 的 Safari 6.1.6。
(2.2) 用一个创建的网页进行测试,这个网页是“http://www.tetraph.com/blog“。可以假定这个页面是有害的。
漏洞网址:
POC 代码:
Poc Video:
Blog Detail:
这些漏洞在2014年被报告给阿里巴巴安全应急中心,到今天已被修补 (刚刚检查), 名字被列在了白帽子名单感谢表里。
http://security.alibaba.com/people.htm?id=2048213134
漏洞发现者:
王晶, 数学科学系 (MAS), 物理与数学科学学院 (SPMS), 南洋理工大学 (NTU), 新加坡.
http://www.tetraph.com/wangjing/
23 Friday Jan 2015
Segundo o pesquisador Wang Jing, um estudante de matemática , a partir de Nanyang Technological Univeristity , Singapura, do Tetraph blog, o DoubleClick – sistema de compra e venda de anúncios do Google – estaria suscetível a ataques do tipo spam e phishing. A descoberta deixa o Google e os utilizadores/usuários do DoubleClick em alerta.
Entenda a vulnerabilidade do DoubleClick
Em sua pesquisa, Wang Jing encontrou vulnerabilidades de Open Redirect, que permitiram que hackers redirecionassem usuários para um site malicioso, sem a necessidade de qualquer validação, ou seja, o usuário clicaria em um anúncio e ao invés de ser direcionado para o site da propaganda, seria redirecionado para um site infectado.
Jing afirmou ainda que a grande popularidade do DoubleClick faz com que os ataques a essas vulnerabilidades sejam mais comuns, em especial para spam e phishing.
https://hackertopic.wordpress.com/2014/12/31/doubleclick-do-google-pode-ser-vulneravel-a-ataques/
19 Monday Jan 2009
Tags
beautiful, campus, 純情之愛, 美好回憶, essaybeans, essayjeans, 老狼, 青春氣息, music, 優美的歌, 同桌的妳, 壹麥谷雨, 好聽, 好聽華語音樂, 學生時代, 悅耳, 戀戀風塵, 校員歌曲
青春紅的耀眼,綠的瘋狂,清的雋秀,藍的可愛。青春挺挺拔拔,敏敏捷捷,瀟瀟灑灑,幽幽雅雅。青春純純樸樸,厚厚實實,潔潔白白,光光彩彩。青春熱熱情情,風風火火,毛毛草草,沖沖撞撞。做此視頻,紀念曾經的同學,曾經的感情,曾經的美麗。
青春是壹個短暫的美夢,青春是壹個短暫的美夢,當妳醒來時,早已消失得無影無蹤了,我們唯壹的美中不足,就是成長得太快了。
歌曲: 同桌的妳
歌手: 老狼
譜曲: 高曉松
歌曲歌詞:
明天妳是否會想起
昨天妳寫的日記
明天妳是否還惦記
曾經最愛哭的妳
老師們都已想不起
猜不出問題的妳
我也是偶然翻相片
才想起同桌的妳
誰娶了多愁善感的妳
誰安慰愛哭的妳
誰把妳的長發盤起
誰給妳做的嫁衣
妳從前總是很小心
問我借半塊橡皮
妳也曾無意中說起
喜歡和我在壹起
那時候天總是很藍
日子總過得太慢
妳總說畢業遙遙無期
轉眼就各奔東西
誰遇到多愁善感的妳
誰安慰愛哭的妳
誰看了我給妳寫的信
誰把它丟在風裏
從前的日子都遠去
我也將有我的妻
我也會給她看相片
給她講同桌的妳
誰娶了多愁善感的妳
誰安慰愛哭的妳
誰把妳的長發盤起
誰給妳做的嫁衣
制作: 谷雨 (Essayjeans) @tetraphibious
圖片: 來自網上
http://diebiyi.com/articles/category/essayjeans/
(http://www.tetraph.com/wangjing)
視頻地址:
https://www.youtube.com/watch?v=c66SPoe_kYw
歌詞鏈接:
http://tetraph.blog.163.com/blog/static/234603051201541432236913/
推特:
https://twitter.com/justqdjing/status/598747933257830400
樂乎:
http://essayjeanslike.lofter.com/post/1cf58cfa_6f32a42
湯博樂:
http://xingti.tumblr.com/post/118929550955
谷歌+:
https://plus.google.com/u/0/+essayjeans/posts/VapxEvHAbiD
臉書:
https://www.facebook.com/essayjeans/posts/828134663944354