IT 技术


谷雨 醉心 冬小麦:

About Group All Topics (At least 99.88% links) Vulnerable to Iframe Injection (Cross Frame Scripting) Security Attacks

Vulnerability Description: all “topic sites” are vulnerable to Iframe Injection (Cross Frame Scripting) attacks. This means all sub-domains of are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. This means no more than 0.125% links are not affected. At least 99.875% links of About Group are vulnerable to Iframe Injection attacks. In fact, for's structure, the main domain is something just like a cover. So, very few links belong to them.

For the Iframe Injection vulnerabilities. They can be used to do DDOS (Distributed Denial-of-Service Attack) to other websites, too.

"According to About’s online media kit, nearly 1,000 "Experts" (freelance writers) contribute to the site by writing on various topics, including healthcare and travel." (

The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0. (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7.

Vulnerability Discover:

Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.

Vulnerability Disclosure:

Those vulnerabilities were reported to About on Sunday, Oct 19, 2014. No one replied. Until now, they are still unpatched.

Blog Details:

热度 ( 18 )
  1. 白帽子安全琐事,日常之事 转载了此视频  到 测试想法
  2. 计算机网络技术白帽子安全 转载了此视频  到 行者路上有風有雨有彩虹
  3. 计算机网络技术白帽子安全 转载了此视频  到 绿意蛙鸣
  4. 计算机网络技术白帽子安全 转载了此视频  到 IT 计算机&信息网络 技术
  5. 计算机网络技术白帽子安全 转载了此视频
  6. 白帽子安全谷雨 醉心 冬小麦 转载了此视频  到 竹意
  7. 白帽子安全谷雨 醉心 冬小麦 转载了此视频  到 湛天雲海碧波影
  8. 白帽子安全谷雨 醉心 冬小麦 转载了此视频  到 文豆 & 文库
  9. 白帽子安全谷雨 醉心 冬小麦 转载了此视频

© IT 计算机&信息网络 技术 | Powered by LOFTER