IT 计算机信息网络安全技术

IT 技术

© IT 计算机信息网络安全技术 | Powered by LOFTER


About Group All Topics (At least 99.88% links) Vulnerable to XSS (Cross-Site Scripting) Security Attacks

Vulnerability Description: all “topic sites” are vulnerable to XSS (Cross-Site Scripting) attacks. This means all sub-domains of are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. Meanwhile, some about.commain pages are vulnerable to XSS attack, too. This means no more than 0.125% links are not affected. At least 99.875% links of About Group are vulnerable to XSS attacks. In fact, for's structure, the main domain is something just like a cover. So, very few links belong to them.

Simultaneously, the main page’s search field is vulnerable to XSS attacks, too. This means all domains related to are vulnerable to XSS attacks.

"As of May 2013, was receiving about 84 million unique monthly visitors." (TechCrunch. AOL Inc.)

Vulnerability Discover:

Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.

Vulnerability Disclosure:

Those vulnerabilities were reported to About on Sunday, Oct 19, 2014. No one replied. Until now, they are still unpatched.

Result of Exploiting XSS Attacks

"Exploited XSS is commonly used to achieve the following malicious results    Identity theft    Accessing sensitive or restricted information    Gaining free access to otherwise paid for content    Spying on user’s web browsing habits    Altering browser functionality    Public defamation of an individual or corporation    Web application defacement    Denial of Service attacks (DOS)" (Acunetix)

  Blog Detail: 

热度 ( 17 )
  1. 白帽子安全琐事,日常之事 转载了此视频  到 测试想法
  2. 白帽子安全琐事,日常之事 转载了此视频  到 竹意
  3. 白帽子安全琐事,日常之事 转载了此视频  到 文豆 & 文库
  4. 白帽子安全琐事,日常之事 转载了此视频
  5. 计算机网络技术琐事,日常之事 转载了此视频  到 行者路上有風有雨有彩虹
  6. 计算机网络技术琐事,日常之事 转载了此视频  到 绿意蛙鸣
  7. 计算机网络技术琐事,日常之事 转载了此视频  到 IT 计算机&信息网络 技术
  8. 计算机网络技术琐事,日常之事 转载了此视频