A year later, Yahoo finally fixes the SSRF vulnerability-vulnerability warning-the black bar safety net

2015-07-02T00:00:00
ID MYHACK58:62201564259
Type myhack58
Reporter 佚名
Modified 2015-07-02T00:00:00

Description

! After a lapse of a year later, Yahoo finally fixes the image processing system of the SSRF service end request forgery)vulnerabilities. SSRF service end request forgery)vulnerability, also known as XSPA(cross-site port attacks, the problem exists in the application program loading the user provides a URL, not be able to properly validate the server's response, and then feedback back to the client. An attacker could exploit the vulnerability to bypass access restrictions such as firewalls, and then the infected server as a proxy to conduct port scanning, or even to access system data. From the California researcher Behrouz Sadeghipour said he is in the 2 0 1 4 year 7 month in the Yahoo picture processing system on the discovery of the vulnerability, and later found that time had been there nearly a year, until today, Yahoo company was given to repair. Vulnerability details Yahoo offers Flickr and yahoo group service, the user can in the comments using the IMG tag to add images, but the images through Yahoo's image domain name yimg. com loading. ! https://ec.yimg.com/ec?url=http%3A%2F%2Fnahamsec.com%2F2.gif&t=1 4 0 4 2 8 2 4 9 9&sig=gDQqxuPTgioR4SoCGeuIZg–~B ! Sadeghipour by the yimg. com send request, perform cross-site scriptXSS for attack. He can also request the url in the parameter field is replaced into your url, and then launch a SSRF attack. hXtps://ec. yimg. com/ec? url=http%3A%2F%2Fnahamsec. com%3A22&t=1 4 1 2 1 0 2 5 6 1&sig=zY7a9hM3xmRYvX05Avis9A–~B https://ec.yimg.com/ec?url=http%3A%2F%2Flocalhost%3A22&t=1 4 1 2 5 6 9 8 2 7&sig=TyFD2z3x5eqUWlF1PtgMKA–~B ! The vulnerability belonging to the in-risk vulnerabilities, but its degree of harm, but not small. An attacker use it to access the local network, even also can view the local device or the remote device with which the port is open.