/hvaonline/posts/list/13.html JForum - http://www.jforum.net General Information On December 22, 2008, SVRT-BKIS found a vulnerability in Yahoo! Wap Service. This is the second vulnerability discovered by BKIS in cell phone Web platform, the first one was found in Google Wap Proxy. Taking advantage of this flaw, hackers can perform wwwection attack, which means they are able to send users to their malicious websites. We have notified Yahoo! of this vulnerability. Details SVRT Advisory SVRT-01-09 CVE reference Initial vendor notification 12-23-2008 Release Date 01-06-2009 Update Date 01-06-2009 Discovered by Dau Huy Ngoc - SVRT-Bkis Attack Type Redirection Security Rating High Impact Phishing Affected Software Ads image at http://m.yahoo.com Technical Description The flaw lies in the advertising section of Yahoo! Wap Service, which allows displaying advertisements when users visit Yahoo! Wap address http://m.yahoo.com. Yahoo! Wap main page with ads image More specifically, this advertising section includes a link with the following format and it is this link that contains the flaw. http://us.ard.yahoo.com/SIG=17a4cd16v…=12etp7f3d/*[http://ads_image] If users clink directly on this link, their browsers will automatically wwwect them to the address [http://anh_quang_cao] and everything on that site can be accessed, which makes it a Redirection vulnerability. In order to exploit, hackers only need to change the address [http://ads_image] in the previous link to their website address and send the link to users. As this link uses Yahoo! domain name, users easily think it is safe and if the destination website contains malicious code or cheating content, hacker can steal users’ sensitive information or even take control of their computers remotely. Solution Rating this vulnerability high severity, Bkis recommends that users: - Be cautious with strange links, even links starting with domain names of well-known companies like Google, Yahoo!, and Microsoft… - Do not access links starting with http://us.ard.yahoo.com. Credits Thanks to Dau Huy Ngoc for working together with us in the detection and alert process of this vulnerability. SVRT-Bkis   Nguồn: http://security.bkis.vn/?p=324]]> /hvaonline/posts/list/27259.html#166497 /hvaonline/posts/list/27259.html#166497 GMT Sanitized suspicious request. Original URL [http://ad.yieldmanager.com/click?VaUDAA74BwAhtRoA5c4IAAEAcWUAAAoABwABCgIACgKSfgYAIZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ0JhUkAAAAA, site-attribute requested from [http://ads.bluelithium.com/click,VaUDAA74BwAhtRoA5c4IAAEAcWUAAAoABwABCgIACgKSfgYAIZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ0JhUkAAAAA, Sanitized URL: [http://ad.yieldmanager.com/click?VaUDAA74BwAhtRoA5c4IAAEAcWUAAAoABwABCgIACgKSfgYAIZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ0JhUkAAAAA  ]]> /hvaonline/posts/list/27259.html#167821 /hvaonline/posts/list/27259.html#167821 GMT /hvaonline/posts/list/27259.html#167825 /hvaonline/posts/list/27259.html#167825 GMT http://m.yahoo.com/ Nhưng đôi khi HDH của user mắc lỗi (thí dụ bị nhiễm một Rogue DNS Trojan như "DNSChanger.gen" hay "DNSChanger.f.gen.a") thì cũng xảy ra hiện tương tương tự. Khi đó ta không thể kết luận trang web mà ta định access (thí dụ Microsoft Windows updates) bị lỗi do nhiễm malicious script, mà lỗi tại từ chính hệ thống của ta. Ngoài ra trang http://security.bkis.vn/, hiện hosting trên webserver bkis.vn. Webserver này mắc khá nhiều lỗi, có cái nghiêm trong, liên quan đến XSS, PHP.... Lỗi XSS không chỉ ở chỗ mà một HVA member đã nói ở muc "Tán gẫu", mà còn ở chỗ khác. Các bạn BKIS cần nhanh chóng khắc phục ]]> /hvaonline/posts/list/27259.html#168357 /hvaonline/posts/list/27259.html#168357 GMT