注册
登录
| 关键词: security 英特尔 intel 安全 center Methodman IFRAME 漏洞 恶意 影响 |
跨站脚本漏洞影响到英特尔产品安全中心网站。可成功地利用IFRAME注射,任意重定向和cookie会话劫持。 英特尔安全中心是家咨询关于安全问题的影响,英特尔的产品。 “通过安全警告和安全告示,英特尔一直在致力于改善我们的客户安全的计算环境。因为它们的出现,我们将致力于迅速解决该问题,并提供解决问题建议,”在主页网站上的一条消息说明。 在http://security-center.intel.com上的跨站脚本漏洞是一个叫Methodman的黑客发现的。这个安全漏洞似乎影响到所有咨询网页,可以使用恶意的个人发布的恶意软件,进行钓鱼或工具的各种恶意攻击。 Methodman公布了代码的和截图证明,演示攻击者如何注入任意的IFRAME网址或引发重定向到另一个链接。此外,展示cookie会话或发动流氓警示也是可能的。当时,作者已经写了这篇文章,该漏洞仍然存在。 原文如下: Intel Security Center Lacks Security A cross-site scripting flaw affecting the Intel Product Security Center website has been disclosed. Successful exploitation allows for rogue iframe injection, arbitrary redirection and session cookie hijacking. The Intel Security Center is home to advisories regarding security issues that affect Intel products. "Intel is focused on improving the security of our customers computing environments. We are committed to rapidly addressing issues as they arise, and providing recommendations through security advisories and security notices," a message on the website's main page notes. The XSS weakness on http://security-center.intel.com has been discovered by a hacker going by the nickname of Methodman. The flaw seems to affect all advisory pages and can be used by ill-intentioned individuals to distribute malware, launch phishing campaigns, or instrument various malicious attacks. The proof-of-concept code and screenshots published by Methodman demonstrate how poor URL validation allows an attacker to inject an arbitrary iframe or trigger a redirection to another link. In addition, revealing session cookies or launching rogue alerts is also possible. At the time this article was being writtten, the flaws were still active.黑客基地编译自:http://news.softpedia.com/news/Intel-Security-Center-Lacks-Security-105684.shtml |
|
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系
[邮箱地址] 删除
|
