测试想法

测试需要的功能
技术
是否工作

Green Life 的喜欢:

IT 计算机&信息网络 技术:

ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Web Security Vulnerabilities


Domain:
http://espn.go.com/


“ESPN (originally an acronym for Entertainment and Sports Programming Network) is a U.S.-based global cable and satellite television channel that is owned by ESPN Inc., a joint venture between The Walt Disney Company (which operates the network, through its 80% controlling ownership interest) and Hearst Corporation (which holds the remaining 20% interest). The channel focuses on sports-related programming including live and recorded event telecasts, sports news and talk shows, and other original programming.


ESPN broadcasts primarily from studio facilities located in Bristol, Connecticut. The network also operates offices in Miami, New York City, Seattle, Charlotte, and Los Angeles. John Skipper currently serves as president of ESPN, a position he has held since January 1, 2012. While ESPN is one of the most successful sports networks, it has been subject to criticism, which includes accusations of biased coverage, conflict of interest, and controversies with individual broadcasters and analysts. ESPN headquarters in Bristol, Connecticut. As of February 2015, ESPN is available to approximately 94,396,000 paid television households (81.1% of households with at least one television set) in the United States. In addition to the flagship channel and its seven related channels in the United States, ESPN broadcasts in more than 200 countries, operating regional channels in Australia, Brazil, Latin America and the United Kingdom, and owning a 20% interest in The Sports Network (TSN) as well as its five sister networks and NHL Network in Canada.”(Wikipedia)


Vulnerability description:
Espn.go.com has a cyber security bug problem. It is vulnerable to XSS (Cross Site Scripting) and Dest Redirect Privilege Escalation (Open Redirect) attacks.


Those vulnerabilities are very dangerous. Since they happen at ESPN’s “login” & “register” pages that are credible. Attackers can abuse those links to mislead ESPN’s users. The success rate of attacks may be high.


During the tests, besides the links given above, large number of ESPN’s links are vulnerable to those attacks.


The programming code flaw occurs at “espn.go.com”’s “login?” & “register” pages with “redirect” parameter, i.e.

http://streak.espn.go.com/en/login?redirect=

https://r.espn.go.com/members/login?appRedirect=http%3A%2F%2Fr.espn.go.com

http://games.espn.go.com/world-cup-bracket-predictor/2014/es/login?redirect=

https://register.go.com/go/sendMemberNames?regFormId=espn&appRedirect=http://register.go.com/



Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 8.



Disclosed by:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.  (@justqdjing)
http://www.tetraph.com/wangjing/





“The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!” A great many of the fllowing web securities have been published here, Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards. It also publishes suggestions, advisories, solutions details related to XSS and Open Redirect vulnerabilities and cyber intelligence recommendations.




(1) XSS Web Security Vulnerability
XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results

  • Identity theft

  • Accessing sensitive or restricted information

  • Gaining free access to otherwise paid for content

  • Spying on user’s web browsing habits

  • Altering browser functionality

  • Public defamation of an individual or corporation

  • Web application defacement

  • Denial of Service attacks




Detail:
http://seclists.org/fulldisclosure/2014/Dec/36




More Details:
http://lists.openwall.net/full-disclosure/2014/12/09/6
http://marc.info/?l=full-disclosure&m=141815942329008&w=4
https://packetstormsecurity.com/files/129450/espngocom-xssredirect.txt
http://inzeed.tumblr.com/post/118510896051/webcabinet-espn-are-suffering
https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts/EdBhzmtNLts
https://www.facebook.com/pcwebsecurities/posts/701707826641804
https://hackertopic.wordpress.com/2014/12/17/espn-espn-go-com-
http://lifegreen.lofter.com/post/1cfbf37e_731a270
http://tetraph.blog.163.com/blog/static/234603051201555111422339/
http://frenchairing.blogspot.fr/2015/06/espn-espngocom-login-register-page-xss.html
http://webtech.lofter.com/post/1cd3e0d3_6e6902d
https://twitter.com/essayjeans/status/606833415166394368
https://www.facebook.com/tetraph/posts/1659649470921679
http://www.weibo.com/1644370627/Clc3JaGP7?from=page_1005051644370627
http://russiapost.blogspot.ru/2015/06/espn-espngocom-login-register-page-xss.html
http://ithut.tumblr.com/post/120779685303/inzeed-espn-xss-open-redirect
https://progressive-comp.com/?l=full-disclosure&m=141815942329008&w=1
http://www.inzeed.com/kaleidoscope/xss-vulnerability/espn-xss-open-redirect/


IT 计算机信息网络安全技术:

日常生活點滴的記錄:

爱情比翼:

文豆 & 文库:

CVE-2015-2349 - SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities



Exploit Title: CVE-2015-2349 - SuperWebMailer /defaultnewsletter.php" HTMLForm Parameter XSS Web Security Vulnerabilities

Product: SuperWebMailer

Vendor: SuperWebMailer

Vulnerable Versions: 5.*.0.*   4.*.0.*

Tested Version: 5.*.0.*   4.*.0.*

Advisory Publication: March 11, 2015

Latest Update: May 03, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2015-2349

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Author and Creditor: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)








Information Details:



(1) Vendor & Product Description:



Vendor:

SuperWebMailer




Product & Vulnerable Versions:

SuperWebMailer

5.60.0.01190

5.50.0.01160

5.40.0.01145

5.30.0.01123

5.20.0.01113

5.10.0.00982

5.05.0.00970

5.02.0.00965

5.00.0.00962

4.50.0.00930

4.40.0.00917

4.31.0.00914

4.30.0.00907

4.20.0.00892

4.10.0.00875



Vendor URL & Download:

SuperWebMailer can be gained from here,

http://www.superwebmailer.de/




Product Introduction Overview:

"Super webmail is a web-based PHP Newsletter Software. The web-based PHP Newsletter Software Super webmail is the optimal solution for the implementation of a successful e-mail marketing."


"To use the online PHP Newsletter Script is your own website / server with PHP 4 or newer, MySQL 3.23 or later and the execution of CronJobs required. Once installed, the online newsletter software Super webmail can be served directly in the browser. The PHP Newsletter Tool Super webmail can therefore be used platform-independent all operating systems such as Windows, Linux, Apple Macintosh, with Internet access worldwide. The PHP Newsletter Script allows you to manage your newsletter recipients including registration and deregistration from the newsletter mailing list by double-opt In, Double Opt-Out and automatic bounce management. Send online your personalized newsletter / e-mails in HTML and Text format with embedded images and attachments immediately in the browser or by CronJob script in the background immediately or at a later. With the integrated tracking function to monitor the success of the newsletter mailing, if thereby the openings of the newsletter and clicks on links in the newsletter graphically evaluated and presented. Put the integrated autoresponder to autorun absence messages or the receipt of e-mails to confirm."


"It is now included CKEditor 4.4.7. An upgrade to the latest version is recommended as an in CKEditor 4.4.5 Vulnerability found. Super webmail from immediately contains new chart component for the statistics that do not need a flash and are therefore also represented on Apple devices. For the Newsletter tracking statistics is now an easy print version of the charts available that can be printed or saved with PDF printer driver installed in a PDF file. When viewing the e-mails in the mailing lists of the sender of the email is displayed in a column that sent the e-mail to the mailing list. For form creation for the newsletter subscription / cancellation are now available variant"






(2) Vulnerability Details:

SuperWebMailer web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. 



Several other related products 0-day vulnerabilities have been found by some other bug hunter researchers before. SuperWebMailer has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to web application vulnerabilities.


(2.1) The programming code flaw occurs at "&HTMLForm" parameter in "defaultnewsletter.php?" page.









Related Results:

http://seclists.org/fulldisclosure/2015/Mar/55

http://www.securityfocus.com/bid/73063

http://lists.openwall.net/full-disclosure/2015/03/07/3

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819

http://packetstormsecurity.com/files/131288/ECE-Projects-Cross-Site-Scripting.html

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551542201539&w=2

https://cxsecurity.com/issue/WLB-2015030043

http://aibiyi.lofter.com/post/1cc9f4e9_6edf9bf

http://tetraph.tumblr.com/post/118764414962/canghaixiao-cve-2015-2349-superwebmailer

http://canghaixiao.tumblr.com/post/118764381217/cve-2015-2349-superwebmailer-5-50-0-01160-xss

http://essaybeans.lofter.com/post/1cc77d20_6edf28c

https://www.facebook.com/essaybeans/posts/561250300683107

https://twitter.com/essayjeans/status/598021595974602752

https://www.facebook.com/pcwebsecurities/posts/687478118064775

http://tetraph.blog.163.com/blog/static/234603051201541231655569/

https://plus.google.com/112682696109623633489/posts/djqcrDw5dQp

http://essayjeans.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html

https://mathfas.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

https://vulnerabilitypost.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

http://aibiyi.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html




IT 计算机信息网络安全技术:

CVE-2015-2242 - Webshop hun v1.062S SQL Injection Web Security Vulnerabilities



Exploit Title: CVE-2015-2242 Webshop hun v1.062S /index.php Multiple Parameters SQL Injection Web Security Vulnerabilities

Product: Webshop hun

Vendor: Webshop hun

Vulnerable Versions: v1.062S

Tested Version: v1.062S

Advisory Publication: February 21, 2015

Latest Update: March 10, 2015

Vulnerability Type: Improper Control of Generation of Code ('Code Injection') [CWE-94]

CVE Reference: CVE-2015-2242

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Credit: Jing Wang [School of  Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)









Persuasion Details:



(1) Vendor & Product Description:



Vendor:

Webshop hun



Product & Version:

Webshop hun

v1.062S



Vendor URL & Download:

Webshop hun can be token from here,

http://www.webshophun.hu/index



Product Introduction Overview:

Webshop hun is an online product sell web application system.


"If our webshop you want to distribute your products, but it is too expensive to find on the internet found solutions, select the Webshop Hun shop program and get web store for free and total maker banner must display at the bottom of the page 468x60 size. The download shop program, there is no product piece limit nor any quantitative restrictions, can be used immediately after installation video which we provide assistance.


"The Hun Shop store for a free for all. In our experience, the most dynamic web solutions ranging from our country. If the Webshop Hun own image does not suit you, you can also customize the look of some of the images and the corresponding text replacement, or an extra charge we can realize your ideas. The Webshop Hun pages search engine optimized. They made the Hun Shop web program to meet efficiency guidelines for the search engines. The pages are easy to read and contain no unnecessary HTML tags. Any web page is simply a few clicks away."






(2) Vulnerability Details:

Webshop hun web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.


Several similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Webshop hun has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to important vulnerabilities.


(2.1) The vulnerability occurs at "&termid" "&nyelv_id" parameters in "index.php?" page.





References:

http://seclists.org/fulldisclosure/2015/Mar/27

http://lists.openwall.net/full-disclosure/2015/03/05/6

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1667

http://packetstormsecurity.com/files/130656/Webshop-Hun-1.062S-SQL-Injection.html

https://progressive-comp.com/?l=full-disclosure&m=142551597501701&w=2

http://mathswift.blogspot.com/2015/05/cve-2015-2242-webshop-hun-v1062s-sql.html

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01739.html

https://itinfotechnology.wordpress.com/2015/03/04/webshop-hun-v1-062s-sql-injection-security-vulnerabilities/

http://lists.kde.org/?a=139222176300014&r=1&w=2

https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts/ix8RhPjqKBu

http://www.tetraph.com/blog/sql-injection-vulnerability/cve-2015-2242-webshop-hun-v1-062s/

https://twitter.com/justqdjing/status/597681322568454145

http://covertredirect.com/daily/

http://securitypost.tumblr.com/post/118684080442/cve-2015-2242-webshop-hun-v1-062s-sql-injection

http://itsecurity.lofter.com/post/1cfbf9e7_6ebf54e

http://webtechhut.blogspot.com/2015/05/cve-2015-2242-webshop-hun-v1062s-sql.html

https://hackertopic.wordpress.com/2015/05/11/cve-2015-2242-webshop-hun-v1-062s-sql-injection-web-security-vulnerabilities/

http://blog.163.com/greensun_2006/blog/static/11122112201541145543836/

https://www.facebook.com/websecuritiesnews/posts/791040474349458

http://www.weibo.com/5099722551/ChlUA5smp?type=comment