An accessible alter could be a vulnerability that exists if a Software permits redirection to an alien website by anon calling a URL in an unfiltered,unmanaged fashion, that can be acclimated to alter victims to unintended,malicious internet sites. an online appliance accepts a user-controlled ascribe that specifies a hotlink to an alien website, and uses that hotlink in a actual Redirect.
A agnate vulnerability is appear in Google by "Ucha Gobejishvili ( longrifle0x )". This downside ability abetment an antagonist to conduct phishing attacks, torjan distribution, spammers.
Url: https://accounts.google.com/auth?redirect_uri=
Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u
malware conducts keylogging or altered attacks that abduct credentials, alone identifiable abstracts (PII), or altered all-important knowledge. The user is aswell subjected to phishing attacks by getting redirected to an untrusted page. The phishing advance ability purpose to an antagonist controlled online page that seems to be a trusted internet website. The phishers ability again abduct the user's accreditation and again use these accreditation to admission the accepted internet website. - See more at: http://www.newtechtricks.blogspot.in/2012/07/url-redirection-vulnerability-in-google.html#sthash.uXnglVjo.dpuf
A agnate vulnerability is appear in Google by "Ucha Gobejishvili ( longrifle0x )". This downside ability abetment an antagonist to conduct phishing attacks, torjan distribution, spammers.
Url: https://accounts.google.com/auth?redirect_uri=
Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u
Impact of Vulnerability :
The user is aswell redirected to an untrusted page that contains malware which can again accommodation the user's machine. this may betrayal the user to in abyss accident and aswell the user's alternation with the online server can aswell be compromised if the
malware conducts keylogging or altered attacks that abduct credentials, alone identifiable abstracts (PII), or altered all-important knowledge. The user is aswell subjected to phishing attacks by getting redirected to an untrusted page. The phishing advance ability purpose to an antagonist controlled online page that seems to be a trusted internet website. The phishers ability again abduct the user's accreditation and again use these accreditation to admission the accepted internet website. - See more at: http://www.newtechtricks.blogspot.in/2012/07/url-redirection-vulnerability-in-google.html#sthash.uXnglVjo.dpuf
0 comments:
Post a Comment