注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

Tetraph 的博客

IT 计算机网络信息安全技术 数学 统计 云计算 安全漏洞 日常随笔 散文 音乐

 
 
 

日志

 
 

Amazon Covert Redirect Bug Based on Kindle Daily Post, Omnivoracious, Car Lust  

2015-06-17 18:04:11|  分类: Covert Redirect |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

Amazon Covert Redirect - tetraph - Tetraph  的博客
 



Amazon Covert Redirect Bug Based on Kindle Daily Post, Omnivoracious, Car Lust


-- Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect Web Security Vulnerabilities






Domains:

http://www.amazon.com


"Amazon.com, Inc. (/??m?z?n/ or /??m?z?n/) is an American electronic commerce company with headquarters in Seattle, Washington. It is the largest Internet-based retailer in the United States. Amazon.com started as an online bookstore, but soon diversified, selling DVDs, Blu-rays, CDs, video downloads/streaming, MP3 downloads/streaming, software, video games, electronics, apparel, furniture, food, toys and jewelry. The company also produces consumer electronics—notably, Amazon Kindle e-book readers, Fire tablets, Fire TV and Fire Phone — and is a major provider of cloud computing services. Amazon also sells certain low-end products like USB cables under its inhouse brand AmazonBasics. Amazon has separate retail websites for United States, United Kingdom & Ireland, France, Canada, Germany, The Netherlands, Italy, Spain, Australia, Brazil, Japan, China, India and Mexico. Amazon also offers international shipping to certain other countries for some of its products. In 2011, it had professed an intention to launch its websites in Poland and Sweden." (Wikipedia)






All kindlepost.com, omnivoracious.com, carlustblog.com are websites belonging to Amazon.




(a) http://www.kindlepost.com

"The Kindle Post keeps Kindle customers up-to-date on the latest Kindle news and information and passes along fun reading recommendations, author interviews, and more."




(b) http://www.omnivoracious.com

"Omnivoracious is a blog run by the books editors at Amazon.com. We aim to share our passion for the written word through news, reviews, interviews, and more. This is our space to talk books and publishing frankly and we welcome participation through comments. Please visit often or add us to your favorite RSS reader to keep up on the latest information."




(c) http://www.carlustblog.com

"Car Lust is, very simply, where interesting cars meet irrational emotion. It's a deeply personal exploration of the hidden gems of the automotive world; a twisted look into a car nut's mind; and a quirky look at the broader automotive universe - a broader universe that lies beneath the new, the flashy, and the trendy represented in the car magazines."





Discover and Reporter:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

Vulnerabilities Description:

Amazon has a computer bug security problem. Both Amazon itself and its websites are vulnerable to different kind of attacks. This allows hackers to do phishing attacks to Amazon users.



When a user is redirected from amazon to another site, amazon will check a variable named "token". Every redirected website will be given one token. This idea is OK. However, all URLs related to the redirected website use the same token. This means if the authenticated site itself has Open Redirect vulnerabilities. Then victims can be redirected to any site from Amazon.



The program code flaw can be attacked without user login. Tests were performed on Microsoft IE (9 9.0.8112.16421) of Windows 7, Mozilla Firefox (37.0.2) & Google Chromium 42.0.2311 (64-bit) of Ubuntu (14.04.2),Apple Safari 6.1.6 of Mac OS X v10.9 Mavericks.



Use a website for the following tests. The website is "http://www.diebiyi.com/articles". Suppose this website is malicious, 







(1) Kindle Daily Post Open Redirect & Amazon Covert Redirect Based on kindlepost.com


(1.1) Kindle Daily Post Open Redirect Security Vulnerability


Vulnerable Links:


Poc:




(1.2) Amazon Covert Redirect Based on kindlepost.com


Vulnerable URL of Amazon:


POC:












(2) Omnivoracious Open Redirect & Amazon Covert Redirect Based on omnivoracious.com


(2.1) Omnivoracious Open Redirect Security Vulnerability


Vulnerable Links:


POC:




(2.2)  Amazon Covert Redirect Based on omnivoracious.com


Vulnerable URL:


POC:











(3) Car Lust Open Redirect & Amazon Covert Redirect Based on carlustblog.com


(3.1) Car Lust Open Redirect Security Vulnerability


Vulnerable Links:


POC:




(3.2)  Amazon Covert Redirect Based on carlustblog.com


Vulnerable URL:


POC:













Vulnerabilities Disclosure:

The vulnerabilities were reported to Amazon in 2014. Amazon has patch the vulnerabilities.








POC Video:













  评论这张
 
阅读(205)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017