白帽子安全

白帽子文章
计算机安全
安全漏洞
网络攻击

© 白帽子安全 | Powered by LOFTER

ESPN espn.go.com Open Redirect Security VulnerabilitiesDomain:http://espn.go.com/Vulnerability description:Espn.go.com has a security problem. It is vulnerable to Open Redirect attacks.Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 8. Use one of webpages for the following tests. The webpage address is "http://www.diebiyi.com/". Suppose that this webpage is malicious.(1) Vulnerabilities Occurs at ESPN Login page.Vulnerable URL 1:https://r.espn.go.com/members/login?appRedirect=https%3A%2F%2Fwww.facebook.com%2FAndroidOfficialPOC:https://r.espn.go.com/members/login?appRedirect=http%3A%2f%2fdiebiyi.com.comVulnerable URL 2:http://streak.espn.go.com/en/login?redirect=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fwwwgooglecom%2F101882723190828POC:http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fdiebiyi.com(2) Vulnerabilities Attacked without User Login. Vulnerable URL 1:http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=https%3A%2F%2Ftwitter.com%2FAdcash%2Fstatus%2Febay%2F539770783556698112POC:http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=http%3A%2F%2Ftetraph.com?This vulnerability was used to demonstrate "Covert Redirect" of Facebook,Poc Video:https://www.youtube.com/watch?v=HUE8VbbwUmsBlog Detail:http://www.tetraph.com/blog/covert-redirect/covert-redirect-vulnerability-related-to-oauth-2-0-and-openid/During the tests, besides the links given above, large number of ESPN's links are vulnerable to Open Redirect attacks. Poc Video:https://www.youtube.com/watch?v=lCvBt8Elj9w&feature=youtu.beBlog Detail:http://securityrelated.blogspot.sg/2014/12/espn-espn.htmlReported by:Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.http://www.tetraph.com/wangjing/

评论