安全黑客
当前位置:安全黑客文章资讯安全资讯安全新闻
日期:2019-01-20 23:25:00  来源:本站整理

Gradle Plugin Portal:结合点击劫持和CSRF漏洞实现帐户接管[安全新闻]

赞助商链接



  本文“Gradle Plugin Portal:结合点击劫持和CSRF漏洞实现帐户接管[安全新闻]”是由安全黑客为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:

一、点击劫持漏洞
1.1 关于点击劫持
点击劫持,也称为“用户界面纠正攻击(UI Redress Attack)”,是指攻击者使用多个透明或不透明层,诱使用户在打算点击顶层页面时,点击到其他页面上的按钮或链接。因此,攻击者“劫持”针对其页面的点击,并将其跳转到另一个页面,而该页面很可能是由另一个应用程序或域名所持有。
使用类似的技术,也同样可以劫持击键。通过精心设计的样式表、iframe和文本框组合,用户以为自己是在输入电子邮件或银行帐户的密码,但实际上可能是在键入由攻击者控制的隐形框架。
1.2 漏洞发现
最近,我对于软件安全CTF挑战比较感兴趣。在观看YouTube时,我偶然发现了Mr. Robot CTF Hacking Walkthrough(https://youtu.be/0VJyfJzbPE4),并且了解到一个名为Nikto的有趣工具。Nikto是一个简单的实用程序,可以用于扫描Web域以查找已知的安全漏洞。我之前在Gradle Plugin Portal中发现过一个安全漏洞,因此我决定尝试丢Gradle Plugin Portal运行这一工具。
nikto -h https://plugins.gradle.org/
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          104.16.174.166
+ Target Hostname:    plugins.gradle.org
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=ssl473435.cloudflaressl.com
                   Altnames: ssl473435.cloudflaressl.com, *.gradle.org, gradle.org
                   Ciphers:  ECDHE-ECDSA-CHACHA20-POLY1305
                   Issuer:   /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
+ Start Time:         2018-10-20 12:13:30 (GMT-4)
---------------------------------------------------------------------------
+ Server: cloudflare
+ Retrieved via header: 1.1 vegur
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ Uncommon header 'cf-ray' found, with contents: 46ccc5bf2d9f9a1c-EWR
+ Uncommon header 'expect-ct' found, with contents: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie __cfduid created without the secure flag
+ Uncommon header 'cf-cache-status' found, with contents: MISS
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Entry '/m2/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ "robots.txt" contains 1 entry which should be manually viewed.
+ Server is using a wildcard certificate: *.gradle.org
+ The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
+ Server banner has changed from 'cloudflare' to 'cloudflare-nginx' which may suggest a WAF, load balancer or proxy is in place
+ Uncommon header 'x-amz-version-id' found, with contents: 4CuDbNLw3ZyTEYAmFHvtPU.P25twrUJH
+ Uncommon header 'x-amz-error-code' found, with contents: NoSuchKey
+ Uncommon header 'x-amz-error-message' found, with contents: The specified key does not exist.
+ Uncommon header 'x-amz-request-id' found, with contents: 5C1075D723B3C9D2
+ Uncommon header 'x-amz-error-detail-key' found, with contents: 11207779/head/cart32.exe
+ Uncommon header 'x-amz-id-2' found, with contents: fbYSEo6uojolLGL8uQZaGT6pmtW/DW5+s/aUxy2rOzep8qV+f8z1tBilEpZugMVKTUfuSJMPPIc=
+ OSVDB-3092: : This might be interesting... possibly a system shell found.
+ 9123 requests: 0 error(s) and 20 item(s) reported on remote host
+ End Time:           2018-10-20 12:32:52 (GMT-4) (1162 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
最后的结果是这样的:
反点击劫持X-Frame-Options头部不存在。
在大学时期,我就掌握了点击劫持漏洞的相关知识,甚至我还在上一家公司实习期间发现了他们的一个漏洞。对于不熟悉X-Frame-Options头部的读者来说,其具体描述如下。

[1] [2] [3]  下一页


  以上是“Gradle Plugin Portal:结合点击劫持和CSRF漏洞实现帐户接管[安全新闻]”的内容,如果你对以上该文章内容感兴趣,你可以看看安全黑客为您推荐以下文章:
  • Gradle Plugin Portal:结合点击劫持和CSRF漏洞实现帐户接管
  • 思科ICM安装管理器Agent.exe HandleUpgradeTrace远程执行代码漏洞
  • 思科ICM安装管理器Agent.exe AgentUpgrade远程代码执行漏洞
  • 思科ICM安装管理器Agent.exe HandleUpgradeAll远程代码执行漏洞
  • 苹果Webkit的SVG RadialGradiant运行中的远程代码执行漏洞
  • win7系统Windows Anytime Upgrade探秘
  • 本文地址: 与您的QQ/BBS好友分享!

    文章评论评论内容只代表网友观点,与本站立场无关!

       评论摘要(共 0 条,得分 0 分,平均 0 分) 查看完整评论
    免责条款 - 广告合作 - 下载声明 - 欢迎投稿 - 友情连接 - 网站地图 -
    Copyright © 2012-2013 www.110hack.com. All Rights Reserved .