IT 技术

IT 计算机信息网络安全技术:

Web Technology:


文豆 & 文库:



亚马逊 隐蔽重定向 (Covert Redirect) 基于 Kindle Daily Post, Omnivoracious, Car Lust & 公开重定向 (Open Redirect) 计算机网络安全漏洞 

Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & Open Redirect


All are websites belonging to Amazon.

Vulnerabilities Description:
Amazon has a security problem. Both Amazon itself and its websites are vulnerable to different kind of attacks.

When a user is redirected from amazon to another site, amazon will check a variable named "token". Every redirected website will be given one token. This idea is OK. However, all URLs related to the redirected website use the same token. This means if the authenticated site itself has Open Redirect vulnerabilities. Then victims can be redirected to any site from Amazon.

The vulnerabilities can be attacked without user login. Tests were performed on Safari 6.1.6 in Mac OS X 10.7.5, IE 8 in Windows 7, Chromium (version 37.0.2062.120) in Ubuntu 12.04 (281580) (64-bit).

Use a website for the following tests. The website is "". Suppose this website is malicious, 

Wang Jing, School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.

POC Video:

Blog Details:

热度 ( 28 )
  1. 白帽子安全行者路上有風有雨有彩虹 转载了此视频  到 测试想法
  2. 计算机网络技术谷雨 醉心 冬小麦 转载了此视频  到 行者路上有風有雨有彩虹
  3. 计算机网络技术IT 计算机信息网络安全技术 转载了此视频  到 IT 计算机&信息网络 技术
  4. 琐事,日常之事计算机网络技术 转载了此视频  到 IT 计算机信息网络安全技术
  5. 计算机网络技术夜如墨 转载了此视频
  6. 琐事,日常之事文豆 & 文库 转载了此视频  到 夜如墨
  7. 白帽子安全乡土情深 转载了此视频  到 文豆 & 文库
  8. 白帽子安全乡土情深 转载了此视频
  9. 白帽子安全爱情比翼 转载了此视频  到 湛天雲海碧波影
  10. 白帽子安全爱情比翼 转载了此视频  到 竹意

© IT 计算机&信息网络 技术 | Powered by LOFTER