白帽子安全

白帽子文章
计算机安全
安全漏洞
网络攻击

© 白帽子安全 | Powered by LOFTER

IT 计算机&信息网络 技术:

URFDS: Systematic discovery of Unvalidated Redirects and Forwards in web applications

Author:
Jing Wang, Hongjun Wu
School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore

Abstract:
URL redirection is necessary in web applications. Well-designed

PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug


Exploit Title: PhotoPost PHP __utmz Cookie Stored XSS Web Security Vulnerability

Product: PhotoPost PHP

Vendor: PhotoPost

Vulnerable Versions: 4.8c  4.8.6  4.8.5  4.8.2  3.1.1 

IT 计算机信息网络安全技术:

日常生活點滴的記錄:

测试想法:

Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs


Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all...

日常生活點滴的記錄:

琐事,日常之事:

IT 计算机信息网络安全技术:

Internet Users Threatened by New Serious Security Flaw, Covert Redirect


A serious flaw in two widely used security standards could give anyone access to your account information at Google, Microsoft, Facebook, Twitter and many other online...

IT 计算机信息网络安全技术:

IT 计算机&信息网络 技术:

家庭小木屋:

CVE-2015-2214 - NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities


Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities

Product: NetCat CMS (Content...

数学日记:

tetraph的喜欢:

行者路上有風有雨有彩虹:

CVE-2015-2066 - DLGuard SQL Injection Web Security Vulnerabilities


Exploit Title: CVE-2015-2066 DLGuard /index.php c parameter SQL Injection Web Security Vulnerabilities

Product: DLGuard

Vendor: DLGuard

Vulnerable Versions:...

IT 计算机信息网络安全技术:

IT 计算机&信息网络 技术:

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title:  OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability

Vendor: OptimalSite...

数学日记:

IT 计算机&信息网络 技术:

IT 计算机信息网络安全技术:

Yahoo and Yahoo Japan May be Vulnerable to Spams


Student security researcher Wang Jing from School of Physical and Mathematical Sciences at Nanyang Technological University, Singapore, has found new security vulnerabilities related...