Web Technology:


About (about.com) Open Redirect Multiple (Dest Redirect Privilege Escalation) Security Vulnerabilities

Some “Open Redirect” vulnerabilities related to about.com are introduced. There may be large number of other Open Redirect Vulnerabilities not discovered. Since About.com are trusted by some the other websites. Those vulnerabilities can be used to do “Covert Redirect” to these websites.

(1) Domain Description:

"About.com, also known as The About Group (formerly About Inc.), is an Internet-based network of content that publishes articles and videos about various subjects on its "topic sites," of which there are nearly 1,000. The website competes with other online resource sites and encyclopedias, including those of the Wikimedia Foundation" (Wikipedia)

(2) Basic of Open Redirect (Dest Redirect Privilege Escalation) Vulnerabilities
"An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it." (OWASP)

Vulnerability Discover:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.

Blog Details:



  1. 白帽子Tetraph 转载了此视频  到 夜落星起
  2. 白帽子行者路上有風有雨有彩虹 转载了此视频  到 竹意
  3. 白帽子行者路上有風有雨有彩虹 转载了此视频  到 湛天雲海碧波影
  4. 白帽子行者路上有風有雨有彩虹 转载了此视频  到 文豆 & 文库
  5. 白帽子行者路上有風有雨有彩虹 转载了此视频
  6. 计算机网络技术爱情比翼 转载了此视频  到 行者路上有風有雨有彩虹
  7. 计算机网络技术爱情比翼 转载了此视频  到 绿意蛙鸣
  8. 计算机网络技术爱情比翼 转载了此视频  到 IT 计算机&信息网络 技术
  9. 计算机网络技术爱情比翼 转载了此视频
©夜如墨 / Powered by LOFTER