IT 计算机信息网络安全技术

IT 技术
计算机安全
网络网站安全
白帽子漏洞

© IT 计算机信息网络安全技术 | Powered by LOFTER

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)



Domains:
http://lxr.mozilla.org/
http://mxr.mozilla.org/
(The two domains above are almost the same)




Websites information:
"lxr.mozilla.org, mxr.mozilla.org are cross references designed to...

All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks



(1) Domain Description:
http://www.indiatimes.com


"The Times of India (TOI) is an Indian English-language daily newspaper. It is the third-largest newspaper in India by circulation...

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities


Vulnerability Description:
About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross

谷雨 醉心 冬小麦:

测试想法:

IT 计算机&信息网络 技术:

白帽子计算机安全:

CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities


Domain:
cnn.com


"The Cable News Network (CNN) is an American basic cable and satellite television channel...

日常生活點滴的記錄:

测试想法:

Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs


Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all.


Multiple Open Redirect...

New York Times Articles Before 2013 May Vulnerable to XSS Attack


New York Times articles’ pages dated before 2013 may suffer from an XSS (Cross-site Scripting) vulnerability, according to the report posted by security researcher Wang Jing. Wang is a mathematics Ph.D student from School of Physical...

IT 计算机&信息网络 技术:

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title:  OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability

Vendor: OptimalSite

Product: OptimalSite Content