关于山, 描写山的诗句 – 文中带山的经典古文

Posted on 05/17/2019 by ITMATHFAN

a-huge_hill-1514962

 

1.千山鸟飞绝,万径人踪灭。
(柳宗元:《江雪》)
2.白日依山尽,黄河入海流。
(王之涣:《登鹳雀楼》)
3.会当凌绝顶,一览众山小。
(杜甫:《望岳》)
4.国破山河在,城春草木深。
(杜甫:《春望》)
5.空山不见人,但闻人语响。
(王维:《鹿柴》)

 

6.明月出天山,苍茫云海间。
(李白:《关山月》)
7.相看两不厌,只有敬亭山。
(李白《独坐敬亭山》)
8.种豆南山下,草盛豆苗稀。
(陶渊明:《归园田居》)
9.西北望长安,可怜无数山。青山遮不住,毕竟东流去。
(辛弃疾:《菩萨蛮?书江西造口壁》)
10.不识庐山真面目,只缘身在此山中。
(苏轼:《题西林壁》)

 

11.山光悦鸟性,潭影空人心。
(常建:(题破山寺后禅院))
12.晚风拂柳笛声残,夕阳山外山。
(李叔同:《送别》)
13.无限山河泪,谁言天地宽。
(夏完淳:《别云间》)
14. 客路青山外,行舟绿水前。
( 王湾《次北故山下》)
15.飞来山上千寻塔,闻说鸡鸣见日升。
( 王安石《登飞来峰》)

 

16.山重水复疑无路,柳暗花明又一村。
(陆游:《游山西村》)
17.七八个星天外,两三点雨山前。
(辛弃疾〈西江月?夜行黄沙道中〉)
18.山回路转不见君,雪上空留马行处。
(岑参《白雪歌送武判官归京》)
19.两岸猿声啼不住,轻舟已过万重山。
(李白《早发白帝城》)
20.但使龙城飞将在,不教胡马度阴山。
(王昌龄《出塞》)

 

21.黄河远上白云间,一片孤城万仞山。
(王之涣《凉州词》)
22.采菊东篱下,悠然见南山。
(陶渊明:《饮酒》)
23.遥望洞庭山水色,白银盘里一青螺。
(刘禹锡:《望洞庭》)
24.青海长云暗雪山,孤城遥望玉门关。
(王昌龄《从军行》)
25.百川沸腾,山冢碎甭。高谷为岸,深谷为陵。
(《诗经》)

 

 

转载自 InZeed:
http://www.inzeed.com/kaleidoscope/essays/mountain/

Posted in Essay | Tagged , , , | Leave a comment

浮生半日 烟火红尘 一念清净 烈焰成池

Posted on 11/24/2017 by ITMATHFAN

BeautifulNature3-610x320_diebiyi

 

“半生漂泊,每一次雨打归舟”,浮生半日,烟火红尘,也说饮鸩不止渴,然终是一杯清茶洗过尘心,弦拨心上,山岚依如茶杯上的云烟。谁是谁别了三生三世的影,两吊钱赎回的旧梦遗风,谁还醉唱挽歌浅斟一盏薄情,清酒一壶就醉生梦死了时光。

苦雪烹茶安然度过世界末日,许多人和事都重生了,我想我也会忘了那只乌鸦在末日的方舟上几番徘徊,飞过无痕,狮子却说爱我就让全世界都知道。爱是一场荨麻 疹,容我再洗净铅华,待千帆过尽。这一别两宽心,各生新欢喜。太阳升起的时候,举目四方宿命繁星。如陈亦迅唱那首苦瓜:当你干杯再举箸,突然间相看莞尔, 某萧瑟晚秋深夜,忽而明了了,而黄叶便碎落。

时间很短,天涯很远。自当终有弱水替三千。今宵请你多珍重,方配这半世流离醉笑三千场离散河两岸,江湖相忘。这杯烈酒下肚,碎一地离殇亦无需你刻意唱一曲骊歌摆渡,烟草的味道,风会把它稀释掉。

麦田几次成熟容我焚香安静的难过,心怀感恩,祈福。

诗经里说:一月气聚,二月水谷,三月驼云,四月裂帛,五月袷衣,六月莲灿,七月兰浆,八月诗禅,九月浮槎,十月女泽,十一月乘衣归,十二月风雪客。微雨突袭的三月桃花春柳拂面的桥头,可有良人云里衣衫?四月裂帛裂了思,陌上花谢了,可徐徐归么?

孰说世间所有的相遇都是久别重逢,亦记得某年某月某日小北说:我可以留着你,也可以放任自由。

期:浮世流光,惜物恋人。一念清净,烈焰成池。

寸寸云文不成文,如果是伤了春悲了秋,写一路醉,哭一路歌,扯断心神,终亦忘却寒山。诗人,你如山的行囊里数

不尽的人间烟柳可载得起这坛醉生梦死?

烟水悠悠,淡酒一盏,十二月风雪客,同年同月同日刮着同个方向同样度数的风,都已不是当时。我想我是在待着一位故人,他还没有来,也许在来的路途上,我且沏好了茶,待着,如此 就好。

 

转载自蝶比翼美文:
http://diebiyi.com/articles/essay/shishi/

Posted in Articles, Life | Tagged , , , , , , , , | Leave a comment

Youth – Beautiful of Whole Life Time

Posted on 08/31/2015 by ITMATHFAN

marguerite-729510_640_inzeed

 

Youth is not a time of life; it is a state of mind; it is not a matter of rosy cheeks, red lips and supple knees; it is a matter of the will, a quality of the imagination, a vigor of the emotions; it is the freshness of the deep springs of life.

 

Youth means a temperamental predominance of courage over timidity, of the appetite for adventure over the love of ease. This often exists in a man of 60 more than a boy of 20. Nobody grows old merely by a number of years. We grow old by deserting our ideals.

 

Years may wrinkle the skin, but to give up enthusiasm wrinkles the soul. Worry, fear, self-distrust bows the heart and turns the spirit back to dust.

 

Whether 60 or 16, there is in every human being’s heart the lure of wonders, the unfailing appetite for what’s next and the joy of the game of living. In the center of your heart and my heart, there is a wireless station; so long as it receives messages of beauty, hope, courage and power from man and from the infinite, so long as you are young.

 

When your aerials are down, and your spirit is covered with snows of cynicism and the ice of pessimism, then you’ve grown old, even at 20; but as long as your aerials are up, to catch waves of optimism, there’s hope you may die young at 80.

 

 

From:
http://www.inzeed.com/kaleidoscope/life/youth/

Posted in Articles, Life | Tagged , , , | Leave a comment

有关于海的诗句 – 海纳百川 有容乃大

Posted on 07/13/2015 by ITMATHFAN

sea-2

 

1,白日依山尽,黄河入海流。——王之涣《登鹳鹊楼》

2,百川东到海,何时复西归?——乐府《长歌行》

3,乘风破浪会有时,直挂云帆济沧海。——李白《行路难》

4,春江潮水连海平,海上明月共潮生。——张若虚《春江花月夜》

5,大漠孤烟直,长河落日圆。——王维《使至塞上》

 

6,东临碣石,以观沧海。水何澹澹,山岛竦峙。——曹操《观沧海》

7,浮天沧海远,去世法舟轻。——钱起《送僧归日本》

8,俯首无齐鲁,东瞻海似杯。——李梦阳《泰山》

9,海内存知己,天涯若比邻。——王勃《送杜少府之任蜀州》

10,海日生残夜,江春入旧年。——王湾《次北固山下》

 

11,海上升明月,天涯共此时。——张九龄《望月怀古》

12,海水无风时,波涛安悠悠。——白居易《题海图屏风》

13,瀚海阑干百丈冰,愁云惨淡万里凝。——岑参《白雪歌送武判官归京》

14,君不见黄河之水天上来,奔流到海不复回。——李白《将进酒》

15,君不见走马川行雪海边,平沙莽莽黄入天。——岑参《走马川行奉送封大夫出师西征》

 

16,口衔山石细,心望海波平。——韩愈《精卫填海》

17,楼观沧海日,门对浙江潮。——宋之问《灵隐寺 》

18,茫茫东海波连天,天边大月光团圆。——黄遵宪《八月十五日夜太平洋舟中望月作歌》

19,三万里河东入海,五千仞岳上摩天。——陆游《秋夜将晓出篱门迎凉有感》

20,山水绕城春作涨,江涛入海夜通潮。——陈子澜《恩波桥诗》

 

21,小舟从此逝,江海寄余生。——苏轼《临江仙》

22,一雨纵横亘二洲,浪淘天地入东流。却余人物淘难尽,又挟风雷作远游。——梁启超《太平洋遇雨》

23,月下飞天镜,云生结海楼。——李白《渡荆门送别》

24,曾经沧海难为水,除却巫山不是云。——元稹《离思》

25,煮海之民何所营,妇无蚕织夫无耕。衣食之源太寥落,牢盆煮就汝轮征。柳永《煮海歌》

 

转载自 Tetraph:
http://www.tetraph.com/blog/articles/sea/

 

Posted in Articles | Tagged , , , | Leave a comment

eBay Covert Redirect Web Security Bugs Based on Googleads.g.doubleclick.net

Posted on 06/25/2015 by ITMATHFAN

ebay-logo

eBay Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net

(1) WebSite:
ebay.com



“eBay Inc. (stylized as ebay, formerly eBay) is an American multinational corporation and e-commerce company, providing consumer to consumer & business to consumer sales services via Internet. It is headquartered in San Jose, California. eBay was founded by Pierre Omidyar in 1995, and became a notable success story of the dot-com bubble. Today, it is a multi-billion dollar business with operations localized in over thirty countries.

 

The company manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide. In addition to its auction-style sales, the website has since expanded to include “Buy It Now” shopping; shopping by UPC, ISBN, or other kind of SKU (via Half.com); online classified advertisements (via Kijiji or eBay Classifieds); online event ticket trading (via StubHub); online money transfers (via PayPal) and other services.” (Wikipedia)

 



(2) Vulnerability Description:

eBay web application has a computer cyber security problem. Hacker can exploit it by Covert Redirect attacks.

The vulnerability occurs at “ebay.com/rover” page with “&mpre” parameter, i.e.

http://rover.ebay.com/rover/1/711-67261-24966-0/2?mtid=691&kwid=1&crlp=1_263602&itemid=370825182102&mpre=http://www.google.com

The vulnerability can be attacked without user login. Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.


 

 

 

(2.1) When a user is redirected from eBay to another site, eBay will check whether the redirected URL belongs to domains in eBay’s whitelist, e.g.
google.com

If this is true, the redirection will be allowed.

 

However, if the URLs in a redirected domain have open URL redirection vulnerabilities themselves, a user could be redirected from eBay to a vulnerable URL in that domain first and later be redirected from this vulnerable site to a malicious site. This is as if being redirected from eBay directly.

 

One of the vulnerable domain is,
http://googleads.g.doubleclick.net (Google’s Ad system)

 

 

 

(2.2) Use one of webpages for the following tests. The webpage address is “http://itinfotech.tumblr.com/“. We can suppose that this webpage is malicious.

 

Vulnerable URL:

POC:

 

 

Poc Video:
https://www.youtube.com/watch?v=a4H-u17Y9ks

 

Blog Detail:
http://securityrelated.blogspot.com/2014/11/ebay-covert-redirect-vulnerability.html



 

 



(3) What is Covert Redirect?

Covert Redirect is a class of security bugs disclosed in May 2014. It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation. This often makes use of Open Redirect and XSS vulnerabilities in third-party applications.

 

Covert Redirect is also related to single sign-on. It is known by its influence on OAuth and OpenID. Hacker may use it to steal users’ sensitive information. Almost all OAuth 2.0 and OpenID providers worldwide are affected. Covert Redirect was found and dubbed by a Mathematics PhD student Wang Jing from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.

After Covert Redirect was published, it is kept in some common databases such as SCIP, OSVDB, Bugtraq, and X-Force. Its scipID is 13185, while OSVDB reference number is 106567. Bugtraq ID: 67196. X-Force reference number is 93031.

 

 

 

Discover and Reporter:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://tetraph.com/wangjing/

Posted in 0Day, Covert Redirect, Web Research | Tagged , , , , , , , , , | Leave a comment

Google Covert Redirect Web Security Bugs Based on Googleads.g.doubleclick.net

Posted on 06/25/2015 by ITMATHFAN

go

 

Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net

— Google Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net

 

 

 

(1) WebSite:
google.com

 

“Google is an American multinational technology company specializing in Internet-related services and products. These include online advertising technologies, search, cloud computing, and software. Most of its profits are derived from AdWords, an online advertising service that places advertising near the list of search results.

 

The corporation has been estimated to run more than one million servers in data centers around the world (as of 2007). It processes over one billion search requests and about 24 petabytes of user-generated data each day (as of 2009). In December 2013, Alexa listed google.com as the most visited website in the world. Numerous Google sites in other languages figure in the top one hundred, as do several other Google-owned sites such as YouTube and Blogger. Its market dominance has led to prominent media coverage, including criticism of the company over issues such as search neutrality, copyright, censorship, and privacy.” (Wikipedia)

 

 

 

 

(2) Vulnerability Description:

Google web application has a computer cyber security problem. Hacker can exploit it by Covert Redirect attacks.

The vulnerability exists at “Logout?” page with “&continue” parameter, i.e.


The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7.

(2.1) When a user is redirected from Google to another site, Google will check whether the redirected URL belongs to domains in Google’s whitelist (The whitelist usually contains websites belong to Google), e.g.
docs.google.com
googleads.g.doubleclick.net

 

If this is true, the redirection will be allowed.

 

However, if the URLs in a redirected domain have open URL redirection vulnerabilities themselves, a user could be redirected from Google to a vulnerable URL in that domain first and later be redirected from this vulnerable site to a malicious site. This is as if being redirected from Google directly.

 

One of the vulnerable domain is,
googleads.g.doubleclick.net (Google’s Ad System)

 

 

 

(2.2) Use one webpage for the following tests. The webpage address is “http://www.inzeed.com/kaleidoscope“. We can suppose that this webpage is malicious.

Blog Detail:
http://securityrelated.blogspot.com/2014/11/covert-redirect-vulnerability-based-on.html

 

 

 

 

 

(3) What is Covert Redirect?

Covert Redirect is a class of security bugs disclosed in May 2014. It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation. This often makes use of Open Redirect and XSS vulnerabilities in third-party applications.

 

Covert Redirect is also related to single sign-on. It is known by its influence on OAuth and OpenID. Almost all OAuth 2.0 and OpenID providers worldwide are affected. Covert Redirect was found and dubbed by a Mathematics PhD student Wang Jing from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.

 

After Covert Redirect was published, it is kept in some common databases such as SCIP, OSVDB, Bugtraq, and X-Force. Its scipID is 13185, while OSVDB reference number is 106567. Bugtraq ID: 67196. X-Force reference number is 93031.

 

 

Discover and Reporter:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://tetraph.com/wangjing/

 

 

 

 

More Details:
http://computerobsess.blogspot.com/2014/11/google-covert-redirect-vulnerability.html
http://seclists.org/fulldisclosure/2014/Nov/29
http://cxsecurity.com/issue/WLB-2014110106
http://tetraph.blog.163.com/blog/static/23460305120141145350181/
https://infoswift.wordpress.com/2014/05/25/google-web-security/
http://tetraph.tumblr.com/post/119490394042/securitypost#notes
http://securityrelated.blogspot.com/2014/11/covert-redirect-vulnerability-based-on.html
http://webtech.lofter.com/post/1cd3e0d3_706af10
https://twitter.com/tetraphibious/status/559165319575371776
http://tetraph.com/security/covert-redirect/google-based-on-googleads-g-doubleclick-net/
http://www.inzeed.com/kaleidoscope/computer-security/google-covert-g-doubleclick-net/
https://hackertopic.wordpress.com/2014/05/25/google-web-security/

Posted in 0Day, Covert Redirect, Website Testing | Tagged , , , , , , , , , , , | Leave a comment

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks

Posted on 06/19/2015 by ITMATHFAN
 
 

GTY_email_hacker_dm_130718_16x9_608

 

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks

 

 

Domain Description:
http://www.weather.com/

 

“The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and analyses, along with documentaries and entertainment programming related to weather. Launched on May 2, 1982, the channel broadcasts weather forecasts and weather-related news and analysis, along with documentaries and entertainment programming related to weather.”

 

“As of February 2015, The Weather Channel was received by approximately 97.3 million American households that subscribe to a pay television service (83.6% of U.S. households with at least one television set), which gave it the highest national distribution of any U.S. cable channel. However, it was subsequently dropped by Verizon FiOS (losing its approximately 5.5 millions subscribers), giving the title of most distributed network to HLN. Actual viewership of the channel averaged 210,000 during 2013 and has been declining for several years. Content from The Weather Channel is available for purchase from the NBCUniversal Archives.” (Wikipedia)

 

 

 

 

Vulnerability description:


The Weather Channel has a cyber security problem. Hacker can exploit it by XSS bugs.

 

Almost all links under the domain weather.com are vulnerable to XSS attacks. Attackers just need to add script at the end of The Weather Channel’s URLs. Then the scripts will be executed.

 

10 thousands of Links were tested based a self-written tool. During the tests, 76.3% of links belong to weather.com were vulnerable to XSS attacks.

 

The reason of this vulnerability is that Weather Channel uses URLs to construct its HTML tags without filtering malicious script codes.

 

The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.

 

 

 

 

weather_1_xss

 
 

weather_2_xx

 

 

POC Codes, e.g.

http://www.weather.com/slideshows/main/“–/>”><img src=x onerror=prompt(‘justqdjing’)>

http://www.weather.com/home-garden/home/white-house-lawns-20140316%22–/“–/>”><img src=x onerror=prompt(‘justqdjing’)>t%28%27justqdjing%27%29%3E

http://www.weather.com/news/main/“><img src=x onerror=prompt(‘justqdjing’)>

 

 

The Weather Channel has patched this Vulnerability in late November, 2014 (last Week). “The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!” A great many of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. This bug was published at The Full Disclosure in November, 2014.

 

 

 

Discovered by:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

 

 

 

 

More Details:
http://seclists.org/fulldisclosure/2014/Nov/89
http://lists.openwall.net/full-disclosure/2014/11/27/3
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1253
https://progressive-comp.com/?l=full-disclosure&m=141705578527909&w=1
http://whitehatview.tumblr.com/post/104313615841/the-weather-channel-flaw
http://www.inzeed.com/kaleidoscope/xss-vulnerability/the-weather-channel-exploit
http://diebiyi.com/articles/security/the-weather-channel-bug
http://whitehatpost.lofter.com/post/1cc773c8_6f2d4a8
https://vulnerabilitypost.wordpress.com/2014/12/04/the-weather-channel-flaw
http://tetraph.blog.163.com/blog/static/234603051201411475314523/
http://tetraph.blogspot.com/2014/12/the-weather-channel-xss.html
http://ithut.tumblr.com/post/121916595448/weather-channel-xss
https://mathfas.wordpress.com/2014/12/04/the-weather-channel-weather-bug
http://computerobsess.blogspot.com/2014/12/the-weather-channel-xss.html
http://www.tetraph.com/blog/xss-vulnerability/the-weather-channel-bug

 

 

 

Posted in 0Day, Website Testing, XSS | Tagged , , , , , , , , , , , , , , , , | Leave a comment

The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)

Posted on 06/19/2015 by ITMATHFAN

 
 

binary_data_illustratio_450

 

Domain:
http://www.nytimes.com/

 

“The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper’s print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as “The Gray Lady”, The New York Times is long regarded within the industry as a national “newspaper of record”. It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper’s publisher and the company’s chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times. The paper’s motto, “All the News That’s Fit to Print”, appears in the upper left-hand corner of the front page.” (Wikipedia)

 

 

 

(1) Vulnerability Description:

The New York Times has a computer cyber security problem. Hacker can exploit its users by XSS bugs.

 

The code program flaw occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its pages. However, it seems that Nytimes does not filter the content used for the construction at all before 2013.

 

Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All pages of articles). In fact, all article pages that contain “PRINT” button, “SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected.

 

Nytimes changed this mechanism since 2013. It decodes the URLs sent to its server. This makes the mechanism much safer now.

 

However, all URLs before 2013 are still using the old mechanism. This means almost all article pages before 2013 are still vulnerable to XSS attacks. I guess the reason Nytimes does not filter URLs before is cost. It costs too much (money & human capital) to change the database of all posted articles before.

 

 

nytimes_2010_xss

 

nytimes_2011_xss

 

 

 

 

Living POCs Codes:

http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//’ “><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0

http://www.nytimes.com/2010/12/07/opinion/07brooks.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2009/08/06/technology/06stats.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2008/07/09/dining/091crex.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//’ “><img src=x onerror=prompt(/justqdjing/)>

 

 

 

(2) Vulnerability Analysis:
Take the following link as an example,
http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/“><vulnerabletoattack

 

It can see that for the page reflected, it contains the following codes. All of them are vulnerable.

 

<li class=”print”>

<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=print”>Print</testtesttest?pagewanted=print”></a>

</li>

 

<li class=”singlePage”>

<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><testtesttest?pagewanted=all”> Single Page</vulnerabletoattack?pagewanted=all”></a>

</li>

 

<li> <a onclick=”s_code_linktrack(‘Article-MultiPagePageNum2′);” title=”Page 2″ href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=2″>2</testtesttest?pagewanted=2″></a>

</li>

 

<li> <a onclick=”s_code_linktrack(‘Article-MultiPagePageNum3′);” title=”Page 3″ href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=3″>3</testtesttest?pagewanted=3″></a>

</li>

 

<a class=”next” onclick=”s_code_linktrack(‘Article-MultiPage-Next’);” title=”Next Page” href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=2″>Next Page »</testtesttest?pagewanted=2″></a>

 

 

 

 

(3) What is XSS?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

 

“Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.” (Acunetix)

 

The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.

 

 

 

Discover and Reporter:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

 

 

 

 

More Details:
http://lists.openwall.net/full-disclosure/2014/10/16/2
http://www.tetraph.com/blog/xss-vulnerability/new-york-times-xss
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102
http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss
http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-xss
https://progressive-comp.com/?l=full-disclosure&m=141343993908563&w=1
http://webtech.lofter.com/post/1cd3e0d3_6f57c56
http://tetraph.blog.163.com/blog/static/2346030512014101270479/
https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-xss
http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles
http://securityrelated.blogspot.com/2014/10/new-york-times-design.html
https://mathfas.wordpress.com/2014/11/01/new-york-times-xss
http://computerobsess.blogspot.com/2014/10/new-york-times-design.html
http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-xss
http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-xss

 

 

 

Posted in 0Day, Website Testing, XSS | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)

Posted on 06/19/2015 by ITMATHFAN

6864_cTAUHWda_o-600x401

 

 

Domains:
http://lxr.mozilla.org/
http://mxr.mozilla.org/
(The two domains above are almost the same)

 

Websites information:
“lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the mainline of the mozilla.org CVS server, Mercurial Server, and Subversion Server; these pages are updated many times a day, so they should be pretty close to the latest‑and‑greatest.” (from Mozilla)

“Mozilla is a free-software community which produces the Firefox web browser. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, with only minor exceptions. The community is supported institutionally by the Mozilla Foundation and its tax-paying subsidiary, the Mozilla Corporation. In addition to the Firefox browser, Mozilla also produces Thunderbird, Firefox Mobile, the Firefox OS mobile operating system, the bug tracking system Bugzilla and a number of other projects.” (Wikipedia)

 

 

 

(1) Vulnerability description:
Mozilla website has a computer cyber security problem. Hacker can attack it by XSS bugs. Here is the description of XSS: “Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.” (Acunetix)

 

 

All pages under the following two URLs are vulnerable.
http://lxr.mozilla.org/mozilla-central/source
http://mxr.mozilla.org/mozilla-central/source

This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla’s users.

Since there are large number of pages under them. Meanwhile, the contents of the two domains vary. This makes the vulnerability very dangerous. Attackers can use different URLs to design XSS attacks to Mozilla’s variety class of users.

 

 

mozilla_lxr_2_xss

 
 

mozilla_mxr_1_xss

 

 

 

POC Codes:

http://lxr.mozilla.org/mozilla-central/source/<body onload=prompt(“justqdjing”)>

http://mxr.mozilla.org/mozilla-central/source/<body onload=prompt(“justqdjing”)>

http://mxr.mozilla.org/mozilla-central/source/webapprt/<body onload=prompt(“justqdjing”)>

 

(2) Vulnerability Analysis:
Take the following link as an example,
http://lxr.mozilla.org/mozilla-central/source/chrome/<attacktest&gt;

In the page reflected, it contains the following codes.

<a href=”/mozilla-central/source/chrome/%253Cattacktest%253E”>

<attacktest></attacktest>

</a>

If insert “<body onload=prompt(“justqdjing”)>” into the URL, the code can be executed.

The vulnerability can be attacked without user login. Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.

 

 

(3) Vulnerability Disclosure:
The vulnerability have been reported to bugzilla.mozilla.org. Mozilla are dealing with this issue.

 


Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/

 

 

More Details:
http://lists.openwall.net/full-disclosure/2014/10/20/8
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure
http://seclists.org/fulldisclosure/2014/Oct/92
http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss
http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla
http://tetraph.blog.163.com/blog/static/2346030512014101115642885/
http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html
https://tetraph.wordpress.com/2014/11/26/mozilla-two-sub-domains-xss
http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html
http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f
http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross
http://diebiyi.com/articles/security/xss-vulnerability/mozilla-xss
http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-xss
https://mathfas.wordpress.com/2014/11/01/mozilla-xss
http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121

Posted in Website Testing, XSS | Tagged , , , , , , , , , , , , , , , , | Leave a comment

All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks

Posted on 06/18/2015 by ITMATHFAN

 
 
Secure website



(1) Domain Description:
http://www.indiatimes.com

“The Times of India (TOI) is an Indian English-language daily newspaper. It is the third-largest newspaper in India by circulation and largest selling English-language daily in the world according to Audit Bureau of Circulations (India). According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English newspaper in India with a readership of 7.643 million. This ranks the Times of India as the top English daily in India by readership. It is owned and published by Bennett, Coleman & Co. Ltd. which is owned by the Sahu Jain family. In the Brand Trust Report 2012, Times of India was ranked 88th among India’s most trusted brands and subsequently, according to the Brand Trust Report 2013, Times of India was ranked 100th among India’s most trusted brands. In 2014 however, Times of India was ranked 174th among India’s most trusted brands according to the Brand Trust Report 2014, a study conducted by Trust Research Advisory.” (en.Wikipedia.org)

 

 

 

(2) Vulnerability description:

The web application indiatimes.com online website has a security problem. Hacker can exploit it by XSS bugs.

 

The code flaw occurs at Indiatimes’s URL links. Indiatimes only filter part of the filenames in its website. All URLs under Indiatimes’s “photogallery” and “top-llists” topics are affected.

Indiatimes uses part of the links under “photogallery” and “top-llists” topics to construct its website content without any checking of those links at all. This mistake is very popular in nowaday websites. Developer is not security expert.

The vulnerability can be attacked without user login. Tests were performed on Mozilla Firefox (26.0) in Ubuntu (12.04) and Microsoft IE (9.0.15) in Windows 7.

 

 

indiatimes_xss_2

 

indiatimes_xss1

 

 

POC Codes:

http://www.indiatimes.com/photogallery/“>homeqingdao<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/top-lists/“>singaporemanagementuniversity<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/photogallery/lifestyle/“>astar<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/top-lists/technology/“>nationaluniversityofsingapore<img src=x onerror=prompt(‘justqdjing’)>

 

 

 

 

What is XSS?

“Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.” (OWASP)

 

 

 

(3) Vulnerability Disclosure:

The vulnerabilities were reported to Indiatimes in early September, 2014. However they are still unpatched.

Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/

 

 

 

 

Related Articles:
http://seclists.org/fulldisclosure/2014/Nov/91
http://lists.openwall.net/full-disclosure/2014/11/27/6
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1256
https://progressive-comp.com/?l=full-disclosure&m=141705615327961&w=1
http://tetraph.blog.163.com/blog/static/234603051201501352218524/
https://cxsecurity.com/issue/WLB-2014120004
https://mathfas.wordpress.com/2014/12/04/all-links-in-two-topics-of-indiatimes
http://diebiyi.com/articles/security/all-links-in-two-topics-of-indiatimes
http://www.inzeed.com/kaleidoscope/computer-security/all-links-in-two-topics
http://itsecurity.lofter.com/post/1cfbf9e7_54fc6c9
http://computerobsess.blogspot.com/2014/12/all-links-in-two-topics-of-indiatimes.html
https://vulnerabilitypost.wordpress.com/2014/12/04/indiatimes-xss
http://whitehatview.tumblr.com/post/104310651681/times-of-india-website
http://www.tetraph.com/blog/computer-security/all-links-in-two-topics-xss

Posted in Website Testing, XSS | Tagged , , , , , , , , , , , , , , , , | Leave a comment