IT 技术

IT 信息安全技术:

Web Technology:


The Weather Channel Almost All Links Vulnerable to XSS AttacksDomain Description:"The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and analyses, along with documentaries and entertainment programming related to weather.""As of August 2013, The Weather Channel was received by approximately 99,926,000 American households that subscribe to a pay television service (87.50% of U.S. households with television), making it the most common cable channel in the country." (Wikipedia)Vulnerability description:Almost all links under the domain are vulnerable to XSS attacks. Attackers just need to add script at the end of The Weather Channel's URLs. Then the scripts will be executed.10 thousands of Links were tested based a self-written tool. During the tests, 76.3% of links belong to were vulnerable to XSS attacks.The reason of this vulnerability is that Weather Channel uses URLs to construct its  and  tags without filtering malicious script codes. The vulnerability can be attacked without user login. Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.POC Codes, e.g."--/>">"--/>">t%28%27justqdjing%27%29%3EPOC Video: Details: Weather Channel has patched this Vulnerability in late November, 2014 (last Week).Reported by:Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.

热度 ( 19 )
  1. 白帽子安全行者路上有風有雨有彩虹 转载了此视频  到 测试想法
  2. 计算机网络技术谷雨 醉心 冬小麦 转载了此视频  到 行者路上有風有雨有彩虹
  3. 计算机网络技术IT 计算机信息网络安全技术 转载了此视频  到 IT 计算机&信息网络 技术
  4. 琐事,日常之事计算机网络技术 转载了此视频  到 IT 计算机信息网络安全技术
  5. 计算机网络技术琐事,日常之事 转载了此视频
  6. 白帽子安全数学日记 转载了此视频  到 湛天雲海碧波影
  7. 點滴的記錄谷雨 醉心 冬小麦 转载了此视频  到 数学日记

© IT 计算机&信息网络 技术 | Powered by LOFTER