白帽子安全

白帽子文章
计算机安全
安全漏洞
网络攻击

© 白帽子安全 | Powered by LOFTER

IT 计算机&信息网络 技术:

URFDS: Systematic discovery of Unvalidated Redirects and Forwards in web applications

Author:
Jing Wang, Hongjun Wu
School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore

Abstract:
URL redirection is necessary in web applications. Well-designed...

IT 计算机信息网络安全技术:

Daily Mail Online Website XSS Cyber Security Zero-Day Vulnerability



Website Description:
“The Daily Mail is a British daily middle-market tabloid newspaper owned by the Daily Mail and General Trust. First published in 1896 by Lord Northcliffe, it is the United Kingdom’s second biggest...

Daily mail Registration Page Unvalidated Redirects and Forwards & XSS Web Security Problem


Website Description:
"The Daily Mail is a British daily middle-market tabloid newspaper owned by the Daily Mail and General Trust. First published in 1896 by Lord Northcliffe, it is the United...

日常生活點滴的記錄:

IT 计算机信息网络安全技术:

TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber Attacks


Website Description:
http://www.telegraph.co.uk


"The Daily Telegraph is a British daily morning English-language broadsheet newspaper, published in London by Telegraph...

IT 计算机信息网络安全技术:

VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug



Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability

Product: VuFind

Vendor: VuFind

Vulnerable Versions: 1.0

Tested Version: 1.0

Advisory

KnowledgeTree OSS 3.0.3b Application Reflected XSS (Cross-site Scripting) Web Security 0Day Vulnerability



Exploit Title: KnowledgeTree login.php &errorMessage parameter Reflected XSS Web Security Vulnerability

Product: Knowledge Tree Document Management System

Vendor: Knowledge Inc

Vulnerable...

IT 计算机&信息网络 技术:

Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

Exploit Title: Winmail Server badlogin.php &lid parameter Reflected XSS Web Security Vulnerability
Product: Winmail Server
Vendor: Winmail Server
Vulnerable Versions: 4.2   4....

PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug


Exploit Title: PhotoPost PHP __utmz Cookie Stored XSS Web Security Vulnerability

Product: PhotoPost PHP

Vendor: PhotoPost

Vulnerable Versions: 4.8c  4.8.6  4.8.5  4.8.2  3.1.1 ...

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks

Domain Description:
http://www.weather.com/

“The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and analyses, along with documentaries and entertainment...

琐事,日常之事:

IT 计算机信息网络安全技术:

All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks



(1) Domain Description:
http://www.indiatimes.com


"The Times of India (TOI) is an Indian English-language daily newspaper. It is the third...

1 / 14