About (about.com) Open Redirect Multiple (Dest Redirect Privilege Escalation) Security Vulnerabilities
Some “Open Redirect” vulnerabilities related to about.com are introduced. There may be large number of other Open Redirect Vulnerabilities not discovered. Since About.com are trusted by some the other websites. Those vulnerabilities can be used to do “Covert Redirect” to these websites.(1) Domain Description:
"About.com, also known as The About Group (formerly About Inc.), is an Internet-based network of content that publishes articles and videos about various subjects on its "topic sites," of which there are nearly 1,000. The website competes with other online resource sites and encyclopedias, including those of the Wikimedia Foundation" (Wikipedia)
(2) Basic of Open Redirect (Dest Redirect Privilege Escalation) Vulnerabilities
"An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it." (OWASP)
Vulnerability Discover:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing
评论
热度 ( 20 )