相关推荐

浏览器版本过低,请升级浏览器
收藏

雅虎日本公开重定向安全漏洞

essaybeans
8 粉丝
详情
2014-12-19 12:03:12上传
Yahoo Yahoo.co.jp Open Redirect Security Vulnerability Domain: http://www.yahoo.co.jp Vulnerability Description: Yahoo.co.jp is vulnerable to Open Redirect attacks. The vulnerabilities occurs at "/yj-affiliate-entry?" page with "VIEW_URL" parameter. Use one of webpages for the following tests. The webpage address is "http://www.inzeed.com/kaleidoscope". Suppose that this webpage is malicious. Vulnerable URL: http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030344&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http%3A%2F%2Fshopping.yahoo.co.jp POC: http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030330&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http://www.inzeed.com/kaleidoscope Poc Video: https://www.youtube.com/watch?v=2SM78WKAVr8&feature=youtu.be Reported by: Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore http://www.tetraph.com/wangjing Blog Details: http://securityrelated.blogspot.com/2014/12/yahoo-yahoocojp-open-redirect-security.html http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html

评论区