白帽子

白帽子文章
计算机安全
安全漏洞
网络攻击

© 白帽子 | Powered by LOFTER

Covert Redirect - Wikipedia


Covert Redirect is a class of security bugs disclosed in May 2014.[1] It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation.[2]


Covert Redirect is also related to single sign-on. It is well known by its influence on OAuth and OpenID. Covert Redirect was found and dubbed by a mathematics PhD student Wang Jing from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.[3]


After Covert Redirect was published, it is kept in some common databases such as SCIPOSVDBBugtraq, etc. Its scipID is 13185,[4] while OSVDB reference number is 106567.[5] Bugtraq ID: 67196.[6]



https://en.wikipedia.org/wiki/Covert_Redirect
评论
热度 ( 19 )