英特尔数字版权交易安全中心爆跨站漏洞-【专注于数字资产管理,数字资产交易,版权保护,版权交易,数据安全】墨者安全科技
墨者链--数字资产保护与交易_数字版权保护与交易_数字内容_数据信息安全保护与交易平台!墨者链--专业数字资产版权保护与交易平台!

主页 > 数字资产保护与交易 > 英特尔数字版权交易安全中心爆跨站漏洞

英特尔数字版权交易安全中心爆跨站漏洞

墨者安全数字资产版权交易平台 2019-04-02 17:15 数字资产保护与交易 89 ℃

英特尔安全中心是家提供英特尔产品安全咨询题问的机构。“经过安全警告和安全告示,英特尔向来在致力于改善我们的客户计算环境的安全。

原文如下:
The XSS weakness on has been discovered by a hacker going by the nickname of Methodman. The flaw seems to affect all advisory pages and can be used by ill-intentioned individuals to distribute malware, launch phishing campaigns, or instrument various malicious attacks.
Intel Security Center Lacks Security
 

译文:英特尔安全中心爆跨站漏洞

跨站足本漏洞阻碍到英特尔产品安全中心网站。可成功地利用IFRAME注射,任意重定向和cookie会话劫持。

因为它们的浮上,我们将致力于迅速解决该咨询题,并提供解决咨询题建议,数字信息安全,”在主页网站上的一条消息讲明。

The Intel Security Center is home to advisories regarding security issues that affect Intel products. "Intel is focused on improving the security of our customers computing environments. We are committed to rapidly addressing issues as they arise, and providing recommendations through security advisories and security notices," a message on the website's main page notes.

Methodman发布了代码的和截图证明,演示袭击者怎么注入任意的IFRAME网址或引发重定向到另一具链接。此外,劫持cookie会话或开恶意玩笑也是大概的。作者写完这篇文章时,该漏洞仍然存在。

在上的跨站足本漏洞是一具名叫Methodman的黑客发觉的。那个安全漏洞也许阻碍到所有问网页,数字资产数字版权交易,能够使用个人公布的恶意软件,举行钓鱼或各种别同的恶意袭击。

A cross-site scripting flaw affecting the Intel Product Security Center website has been disclosed. Successful exploitation allows for rogue iframe injection, arbitrary redirection and session cookie hijacking.
The proof-of-concept code and screenshots published by Methodman demonstrate how poor URL validation allows an attacker to inject an arbitrary iframe or trigger a redirection to another link. In addition, revealing session cookies or launching rogue alerts is also possible. At the time this article was being writtten, the flaws were still active.

 

 

 


当前位置:主页 > 数字资产保护与交易 > 英特尔数字版权交易安全中心爆跨站漏洞

猜你喜欢

标签列表
网站分类