注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

Tetraph 的博客

IT 计算机网络信息安全技术 数学 统计 云计算 安全漏洞 日常随笔 散文 音乐

 
 
 

日志

 
 

Odnoklassniki.ru (OK.RU) Online Website Covert Redirect Web Security Bugs Based on Google.com  

2014-05-05 11:08:29|  分类: Covert Redirect |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
Odnoklassniki.ru (OK.RU) Online Website Covert Redirect Web Security Bugs Based on Google.com - tetraph - Tetraph  的博客
 

Odnoklassniki.ru (OK.RU) Online Website Covert Redirect Web Security Bugs Based on Google.com

 



(1) Domain:
Odnoklassniki.ru

 

"Odnoklassniki, OK.ru (Russian: Одноклассники -Classmates) is a social network service for classmates and old friends. It is popular in Russia and former Soviet Republicsz. The site was developed by Albert Popkov on March 4, 2006. The website currently claims that it has more than 200 million registered users and 45 million daily unique visitors. Users have to be at least seven years old to make an account. Odnoklassniki also currently has an Alexa Internet traffic ranking of 69 worldwide and 7 for Russia. Revenues in the first quarter of 2008 for Odnoklassniki amounted to $3.3 million. The site has been online for at least eight years. Compared with internet averages, Odnoklassniki.ru's users tend to be under the age of 35, and they tend to be men earning less than $30,000 who have postgraduate educations and browse from home. The site is particularly popular among users in Kyrgyzstan (where it is ranked #4) and Armenia (#5)." (Wikipedia)

 

 

 

 

(2) Vulnerability Description:
Odnoklassniki.ru web application has a computer security problem. Hacker can exploit it by Covert Redirect cyber attacks.

 


The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7. 

 

 

 

The vulnerability occurs at "odnoklassniki.ru/dk?" page with "&st.link" parameter, i.e.
http://www.odnoklassniki.ru/dk?cmd=logExternal&st.cmd=logExternal&st.name=62335557910585&st.link=http%3A%2F%2Fgoogle.com

 

 

 

(2.1) When a user is redirected from Odnoklassniki.ru to another site, Odnoklassniki.ru will check whether the redirected URL belongs to domains Odnoklassniki.ru's whitelist, e.g.
google.com

 

However, if the URLs in a redirected domain have open URL redirection vulnerabilities themselves, a user could be redirected from Odnoklassniki.ru to a vulnerable URL in that domain first and later be redirected from this vulnerable site to a malicious site. This is as if being redirected from Odnoklassniki.ru directly.

 

One of the vulnerable domain is,
google.com

 

 

 

(2.2) Use one of  webpages for the following tests. The webpage address is "http://tetraphlike.lofter.com/". Can suppose that this webpage is malicious.

 

Vulnerable URL:
http://www.odnoklassniki.ru/dk?cmd=logExternal&st.cmd=logExternal&st.name=62335557910585&st.link=http%3A%2F%2Fodnoklassniki.ru

 

 

POC:
http://www.odnoklassniki.ru/dk?cmd=logExternal&st.cmd=logExternal&st.name=62335557910585&st.link=https%3A%2F%2Fwww.google.com%2Faccounts%2FLogout%3Fservice%3Dwise%26continue%3Dhttp%253A%252F%252Fgoogleads.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCtHoIVxn3UvjLOYGKiAeelIHIBfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwOTU2NjUzMsgBBOACAKgDAaoE5AFP0NHr5cHwFmWgKNs6HNTPVk7TWSV-CDHX83dKdGSWJ2ADoZNIxUHZwjAODRyDY_7nVtpuqSLOTef4xzVxDQ2U22MNbGak33Ur7i2jDB8LdYt9TbC3ifsXmklY5jl3Zpq4_lP7wagVfjt0--tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_lPlnyGjlWzF8yn437iaxhGRwYLt_CymifLO2YaJPkCm9nLpONtUM-mstUSpKQrP2VjjaZkbDtuK0naLLBV37aYEY4TzWQi8fQGN47z4XgpinBCna91zQayZjn2wxccDCl0zgBAGgBhU%2526num%253D0%2526sig%253DAOD64_3Qi4qG3CRVHRI5AHSkSGuL7HJqSA%2526client%253Dca-pub-0466582109566532%2526adurl%253Dhttp%253A%252F%252Fwww.tetraph.com%252Fkaleidoscope.html

 

 

POC video:
https://www.youtube.com/watch?v=Cf_-xPsYD-s

 


Blog Detail:
http://tetraph.blogspot.com/2014/05/odnoklassnikiru-covert-redirect.html







(3) What is Covert Redirect? 

Covert Redirect is a class of security bugs disclosed in May 2014. It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation. This often makes use of Open Redirect and XSS (Cross-site Scripting) vulnerabilities in third-party applications.

 
 

 

Covert Redirect is also related to single sign-on. It is known by its influence on OAuth and OpenID. Hacker may use it to steal users' sensitive information. Almost all OAuth 2.0 and OpenID providers worldwide are affected. Covert Redirect can work together with CSRF (Cross-site Request Forgery) as well. After Covert Redirect was published, it is kept in some common databases such as SCIP, OSVDB, Bugtraq, and X-Force. Its scipID is 13185, while OSVDB reference number is 106567. Bugtraq ID: 67196.  X-Force reference number is 93031.

 
 
 
 



 

Discover and Reporter:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://tetraph.com/wangjing/

 
 
 
 
 
 
 

 

 

 

 

More Details:
http://tetraph.com/security/covert-redirect/odnoklassniki-ru-covert-redirect-vulnerability-based-on-google/
http://securityrelated.blogspot.com/2014/10/odnoklassnikiru-covert-redirect.html
http://whitehatpost.lofter.com/post/1cc773c8_706b5e4
https://mathfas.wordpress.com/2014/10/15/odnoklassniki-ru-covert-redirect-vulnerability-based-on-google/
https://twitter.com/yangziyou/status/614327346808664064
http://ithut.tumblr.com/post/119494119203/securitypost
https://vulnerabilitypost.wordpress.com/2014/10/15/odnoklassniki-ru-covert-redirect-vulnerability-based-on-google/
http://tetraph.blog.163.com/blog/static/23460305120144511829839/
http://computerobsess.blogspot.com/2014/10/odnoklassnikiru-covert-redirect.html
http://www.inzeed.com/kaleidoscope/covert-redirect/odnoklassniki-ru-covert-redirect-vulnerability-based-on-google/

 

 

 

===========

 

 

 

 

 

Одноклассники (социальная сеть)

 

?Однокла?ссники? (OK.ru) — социальная сеть, принадлежащая Mail.Ru Group. Седьмой по популярности сайт в России, Казахстане и на Украине, 67-й — в мире. Проект запущен 4 марта 2006 года.

 

По данным собственной статистики сайта, на июль 2011 года зарегистрировано более ▲ 100 миллионов пользователей, на март 2012 года более ▲ 148 миллионов пользователей, а на 1 января 2013 года более ▲ 205 млн пользователей. Посещаемость сайта — ▲ более 44 миллионов посетителей в сутки. (ru.wikipedia)

 
 
 
  评论这张
 
阅读(293)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017