绿意蛙鸣

毕竟西湖六月中,风光不与四时同。
接天莲叶无穷碧,映日荷花别样红。

IT 计算机信息网络安全技术:

白帽子计算机安全:

Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities




Domains Basics:
Alibaba Taobao, AliExpress, Tmall are the top three online shopping websites belonging to Alibaba.



Vulnerability Discover:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/






(1) Domains Descriptions:
(1.1) Taobao

“Taobao is a Chinese website for online shopping similar to eBay and Amazon that is operated in China by Alibaba Group.” (Wikipedia)
“With around 760 million product listings as of March 2013, Taobao Marketplace is one of the world’s top 10 most visited websites according to Alexa. For the year ended March 31, 2013, the combined gross merchandise volume (GMV) of Taobao Marketplace and Tmall.com exceeded 1 trillion yuan.” (Wikipedia)
Alexa ranking 9 at 10:40 am Thursday, 22 January 2015 (GMT+8).



(1.2) AliExpress
"Launched in 2010, AliExpress.com is an online retail service made up of mostly small Chinese businesses offering products to international online buyers. It is the most visited e-commerce website in Russia" (Wikipedia)



(1.3) Tmall
"Taobao Mall, is a Chinese-language website for business-to-consumer (B2C) online retail, spun off from Taobao, operated in the People's Republic of China by Alibaba Group. It is a platform for local Chinese and international businesses to sell brand name goods to consumers in mainland China, Hong Kong, Macau and Taiwan." (Wikipedia)




(2) Vulnerability descriptions:
Alibaba Taobao AliExpress Tmall online electronic shopping website has a cyber security bug problem. It can be exploited by XSS and Covert Redirect attacks. 



Detail:
http://seclists.org/fulldisclosure/2015/Jan/100




Related Articles:
http://marc.info/?l=full-disclosure&m=142196709216464&w=4

https://packetstormsecurity.com/files/130074/alibaba-xssredirect.txt

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01603.html

http://blog.163.com/greensun_2006/blog/static/1112211220155461411426/

http://japanbroad.blogspot.com/2015/06/alibaba-taobao-aliexpress-tmall-online.html

https://www.facebook.com/permalink.php?story_fbid=1042316725808331&id=922151957824809

https://plus.google.com/u/0/110001022997295385049/posts/95LnymyZJd9

http://germancast.blogspot.com/2015/06/alibaba-taobao-aliexpress-tmall-online.html

http://www.weibo.com/5099722551/Cl0FZAzlv?from=page_1005055099722551_profile&type=comment

https://www.facebook.com/computersecurities/posts/384148665105259

https://itinfotechnology.wordpress.com/2015/01/31/alibaba-taobao-aliexpress-tmall

https://twitter.com/tetraphibious/status/606402733185245184

http://webtech.lofter.com/post/1cd3e0d3_72d5d2f

http://webcabinet.tumblr.com/post/120682398002/alibaba-taobao-aliexpress-tmall-online

https://inzeed.wordpress.com/2015/01/29/alibaba-taobao-aliexpress



评论

热度(16)

  1. 白帽子安全IT 计算机&信息网络 技术 转载了此图片  到 竹意
  2. 白帽子安全IT 计算机&信息网络 技术 转载了此图片  到 测试想法
  3. 白帽子安全IT 计算机&信息网络 技术 转载了此图片  到 湛天雲海碧波影
  4. 白帽子安全IT 计算机&信息网络 技术 转载了此图片  到 文豆 & 文库
  5. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 行者路上有風有雨有彩虹
  6. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 绿意蛙鸣
  7. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 IT 计算机&信息网络 技术
  8. 计算机网络技术白帽子安全 转载了此图片