Published on February 4th, 2015 📆 | 2291 Views ⚑

0 affected by XSS, XFS, Open Redirect Vulnerabilities since October 2014

TTS Demo
Wang Jing, a PhD student at the Nanyang Technological University in Singapore has discovered that the majority of the web page of are vulnerable different types of attacks, including cross-site scripting (XSS) and iFrame injection (Cross Frame Scripting) .

Wang Jing has analyzed nearly 95,000 links by using a script he developed and discovered that at least 99.88% of them were affected by the security flaws, the news is very disconcerting if we consider that the website is by tens of millions of users each month .

[adsense size='1']

Even the search field on the main homepage is affected by an XSS flaw and as explained by Jing, all the domains related to result affected by the same vulnerability.

The exploitation of the XSS flaw is possible by tricking the user into clicking on a specially crafted link and could be used by an attacker to steal sensitive information from the victims.

“ all “topic sites” are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame Scripting) attacks. This means all sub-domains of are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. Meanwhile, some main pages are vulnerable to XSS attack, too. This means no more than 0.125% links are not affected” wrote Jing. “Simultaneously, the main page’s search field is vulnerable to XSS attacks, too. This means all domains related to are vulnerable to XSS attacks.”

The expert also discovered that is vulnerable to Iframe Injection that could be used to steal sensitive data or to turn the victim’s machine in a bot that is abused to run a DDOS (Distributed Denial-of-Service Attack) against other websites.

[adsense size='1']

“In an XFS (Cross-frame-Scripting) attack, the attacker exploits a specific cross-frame-scripting bug in a web browser to access private data on a third-party website. The attacker induces the browser user to navigate to a web page the attacker controls; the attacker’s page loads a third-party page in an HTML frame; and then JavaScript executing in the attacker’s page steals data from the third-party page.” (OWASP)

Wang Jing also discovered some “Open Redirect” vulnerabilities related to that could be exploited by attackers to do “Covert Redirect” to websites controlled by scammers and phishers that display a site that appear as legitimate that could be used for various kinds of attacks.

“The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0. (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7,” Jing added in the bog post.

The sad thing is that according to the researcher, despite he has reported the flaws to in October 2014, the company ignored him.

Tagged with:

Comments are closed.