標籤 technology 下的所有文章

All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks

 
 
Secure website



(1) Domain Description:
http://www.indiatimes.com

“The Times of India (TOI) is an Indian English-language daily newspaper. It is the third-largest newspaper in India by circulation and largest selling English-language daily in the world according to Audit Bureau of Circulations (India). According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English newspaper in India with a readership of 7.643 million. This ranks the Times of India as the top English daily in India by readership. It is owned and published by Bennett, Coleman & Co. Ltd. which is owned by the Sahu Jain family. In the Brand Trust Report 2012, Times of India was ranked 88th among India’s most trusted brands and subsequently, according to the Brand Trust Report 2013, Times of India was ranked 100th among India’s most trusted brands. In 2014 however, Times of India was ranked 174th among India’s most trusted brands according to the Brand Trust Report 2014, a study conducted by Trust Research Advisory." (en.Wikipedia.org)

 

 

 

(2) Vulnerability description:

The web application indiatimes.com online website has a security problem. Hacker can exploit it by XSS bugs.

 

The code flaw occurs at Indiatimes’s URL links. Indiatimes only filter part of the filenames in its website. All URLs under Indiatimes’s “photogallery" and “top-llists" topics are affected.

Indiatimes uses part of the links under “photogallery" and “top-llists" topics to construct its website content without any checking of those links at all. This mistake is very popular in nowaday websites. Developer is not security expert.

The vulnerability can be attacked without user login. Tests were performed on Mozilla Firefox (26.0) in Ubuntu (12.04) and Microsoft IE (9.0.15) in Windows 7.

 

 

indiatimes_xss_2

 

indiatimes_xss1

 

 

POC Codes:

http://www.indiatimes.com/photogallery/“>homeqingdao<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/top-lists/“>singaporemanagementuniversity<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/photogallery/lifestyle/“>astar<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/top-lists/technology/“>nationaluniversityofsingapore<img src=x onerror=prompt(‘justqdjing’)>

 

 

 

 

What is XSS?

“Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it." (OWASP)

 

 

 

(3) Vulnerability Disclosure:

The vulnerabilities were reported to Indiatimes in early September, 2014. However they are still unpatched.

Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/

 

 

 

 

Related Articles:
http://seclists.org/fulldisclosure/2014/Nov/91
http://lists.openwall.net/full-disclosure/2014/11/27/6
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1256
https://progressive-comp.com/?l=full-disclosure&m=141705615327961&w=1
http://tetraph.blog.163.com/blog/static/234603051201501352218524/
https://cxsecurity.com/issue/WLB-2014120004
https://mathfas.wordpress.com/2014/12/04/all-links-in-two-topics-of-indiatimes
http://diebiyi.com/articles/security/all-links-in-two-topics-of-indiatimes
http://www.inzeed.com/kaleidoscope/computer-security/all-links-in-two-topics
http://itsecurity.lofter.com/post/1cfbf9e7_54fc6c9
http://computerobsess.blogspot.com/2014/12/all-links-in-two-topics-of-indiatimes.html
https://vulnerabilitypost.wordpress.com/2014/12/04/indiatimes-xss
http://whitehatview.tumblr.com/post/104310651681/times-of-india-website
http://www.tetraph.com/blog/computer-security/all-links-in-two-topics-xss

廣告

Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities

computer pitch

websid


Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Webs ID /login.jsp &error Parameter Reflected XSS (Cross-site Scripting) Security

Vendor: Webs, Inc

Product: Webs ID

Vulnerable Versions:

Tested Version:

Advisory Publication: April 02, 2015

Latest Update: April 02, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Proposition Details:

(1) Vendor & Product Description:

Vendor:

Webs, Inc

Product & Vulnerable Versions:

Webs ID

Vendor URL & download:

Webs ID can be obtained from here,

http://www.webs.com

http://www.webs.com/blog/2010/04/20/new-easier-way-to-manage-websid-account-settings/

Terms of Service Overview:

" The services offered by Webs, Inc. (“Webs" or “us" or “we" or “our") include the websites at http://www.webs.com and http://www.freewebs.com as well as any other related websites, toolbars, widgets, or other distribution channels we may, from time to…

View original post 詳見內文:約485字

NetCat CMS 3.12 HTML Injection Security Vulnerabilities

computer pitch

Unified Communications, Globus, Stecker, Telefon


NetCat CMS 3.12 HTML Injection Security Vulnerabilities

Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 3.12

Advisory Publication: April 15, 2015

Latest Update: April 15, 2015

Vulnerability Type: Improper Input Validation [CWE-20]

CVE Reference: *

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Discover and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:

Vendor:

NetCat

Product & Vulnerable Version:

NetCat

3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Vendor URL & Download:

NetCat can be downloaded from here,

http://netcat.ru/

Product Introduction Overview:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card" with a minimum content to…

View original post 詳見內文:約362字

NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

computer pitch

computer-science-curriculmn


NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

Exploit Title: NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 3.12

Advisory Publication: April 14, 2015

Latest Update: April 14, 2015

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discovert and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:

Vendor:

NetCat

Product & Vulnerable Version:

NetCat

3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Vendor URL & Download:

NetCat can be obtained from here,

http://netcat.ru/

Product Introduction Overview:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from…

View original post 詳見內文:約373字

Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

computer pitch

opoint

Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Exploit Title: Opoint Media Intelligence click.php? &noblink parameter URL Redirection Security Vulnerabilities

Vendor: Opoint

Product: Opoint Media Intelligence

Vulnerable Versions:

Tested Version:

Advisory Publication: April 14, 2015

Latest Update: April 14, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Discover and Writer: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

Opoint

Product & Version:

Opoint Media Intelligence

Vendor URL & Download:

Opoint Media Intelligence can be got from here,

http://www.opoint.com/index.php?page=home

Product Introduction Overview:

“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the “library portal" model to better integrate the latest Web functionality. With Opoint Media Intelligence…

View original post 詳見內文:約417字

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

Computer Technology Hut

08NEncryptionKeymaster-1374242307339

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

Exploit Title: 724CMS /section.php Module Parameter Directory Traversal Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

Vendor URL & download:

724CMS can be bargained from here,

http://724cms.com/

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing…

View original post 詳見內文:約287字

724CMS 5.01 Multiple SQL Injection Security Vulnerabilities

Computer Technology Hut

encrypt

724CMS 5.01 Multiple SQL Injection Security Vulnerabilities

Exploit Title: 724CMS Multiple SQL Injection Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

Vendor URL & download:

724CMS can be gain from here,

http://724cms.com/

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing, deleting as…

View original post 詳見內文:約244字