Advisory
TITLE:
Yahoo servers URL redirection
SECUNIA ADVISORY ID:
coming soon.
VERIFY ADVISORY:
coming soon.
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
From remote
SOFTWARE:
Yahoo.com web site
DESCRIPTION:
$um$id has reported vulnerabilities in Yahoo.com web site/s which can be
exploited by malicious people to injection malacious URL in the scripts running on the servers which causes redirection to those malacious URL.
As the redirection will be done by the Yahoo servers the victim will associate the same amount of trust with the malacious URL as he/she will with the Yahoo servers. This can then be followed by a phishing attack.
Proof Of Concept:-
original link:- http://in.rd.yahoo.com//prop/?http://in.photos.yahoo.com/
malformed link:-http://in.rd.yahoo.com//prop/?http://www.any_malacious_link.com
Minutes after reporting this vulnerability with different url to YAHOO , that link was updated.However, the prrof of concept contains the new url and which still allows url redirection
SOLUTION:
Check the URL before rendering it in the browser.
PROVIDED AND/OR DISCOVERED BY:
$um$id
1 Comments:
kumpulan info berita =iklan=
http://www.gokilabizz.co.cc/
Post a Comment
<< Home