相关推荐

浏览器版本过低,请升级浏览器
收藏

雅虎网站公开重定向安全漏洞

essaybeans
8 粉丝
详情
2014-12-19 12:16:09上传
Yahoo Yahoo.com Open Redirect Security Vulnerability Domain: http://www.yahoo.com Vulnerability Description: Yahoo.com is vulnerable to Open Redirect attacks. The vulnerabilities occurs at "ard.sp1.yahoo.com" pages with "R" parameter. Use one of webpages for the following tests. The webpage address is "http://diebiyi.com/articles". Suppose that this webpage is malicious. Vulnerable URLs: http://p2.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://help.yahoo.com/help/us/local/index.html http://p3.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com http://p4.ard.sp1.yahoo.com/SIG=153ldvf0k/M=289534.11126839.11694361.10790529/D=local/S=2022555687:FOOT3/Y=YAHOO/EXP=1237445081/L=ZtCl1QpJkUFoTlL2Sa2hlACvCkj1s0nBzbYACrCK/B=ygUAANiRN9w-/J=1237437881452401/A=4763404/R=8/*http://www.google.com Poc Video: https://www.youtube.com/watch?v=k4eFLsTyZkg Another Video Published Before: https://www.youtube.com/watch?v=GTd1Gkj6OUY Reported by: Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore http://www.tetraph.com/wangjing Blog Details: http://securityrelated.blogspot.sg/2014/12/yahoo-yahoocom-open-redirect-security.html http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html

评论区