whitehat的喜欢:

湛天雲海碧波影:

脸书网(Facebook)公开重定向(Open Redirect)计算机网络安全网站漏洞


Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability


(1) General Vulnerabilities Description:

(1.1) Two Facebook vulnerabilities are introduced in this article.
Facebook has a security problem. It can be exploited by Open Redirect attacks. Since Facebook is trusted by large numbers of other websites. Those vulnerabilities can be used to do “Covert Redirect” to other websites such as Amazon, eBay, etc.

(1.1.1)
One Facebook Open Redirect vulnerability was reported to Facebook. Facebook adopted a new mechanism to patch it. Though the reported URL redirection vulnerabilities are patched. However, all old generated URLs are still vulnerable to the attacks. Section (2) gives detail of it.

The reason may be related to Facebook’s third-party interaction system or database management system or both. Another reason may be related to Facebook’s design for different kind of browsers.

(1.1.2) Another new Open Redirect vulnerability related to Facebook is introduced, too. For reference, please read section (3).

Tests were performed on Firefox (version 26.0) on windows 7; Firefox (version 24.0) on Ubuntu 12.10, Chrome (Version 30.0.1599.114) on Ubuntu 12.10.


Discover:
Wang Jing, School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/

POC Video:
https://www.youtube.com/watch?v=VvhmxfKt85Q&feature=youtu.be

Blog Details:
http://securityrelated.blogspot.com/2015/01/facebook-old-generated-urls-still.html




评论
热度(27)
  1. 白帽子安全行者路上有風有雨有彩虹 转载了此视频  到 测试想法
  2. 计算机网络技术乡土情深 转载了此视频  到 行者路上有風有雨有彩虹
  3. 计算机网络技术IT 计算机信息网络安全技术 转载了此视频  到 IT 计算机&信息网络 技术
  4. 琐事,日常之事计算机网络技术 转载了此视频  到 IT 计算机信息网络安全技术
  5. 琐事,日常之事竹意 转载了此视频
  6. 计算机网络技术夜如墨 转载了此视频
  7. 白帽子安全乡土情深 转载了此视频  到 文豆 & 文库
  8. 白帽子安全乡土情深 转载了此视频
  9. 琐事,日常之事湛天雲海碧波影 转载了此视频  到 夜如墨
  10. 白帽子安全湛天雲海碧波影 转载了此视频  到 竹意