Wednesday, 26 November 2014

One RCE Being exposed in which affects Microsoft company, Yahoo and Orange

Leave a Comment

Ebrahim Hegazy, some sort of Pester Bounty Rogue via Egypt, provides determined some sort of stability vulnerability in which helped your pet to be able to chop Microsoft, Google in addition to Orange.
While he's within the seek out some sort of stability bug with Google domain names, he found some sort of website page in which helped your pet to be able to add. aspx document in addition to change the previous aspx data.

You possibly can simply develop a new document by simply transmitting WRITE-UP demand on the WEBSITE "http: //mx. horoscopo. bing. net/ymx/editor/inc/GenerateFile. asp" while using pursuing article content: "FileName=New_File_Name. aspx&FileContent=File_Content_Here".
Ebrahim provides purely uploaded some sort of document called 'zigoo. aspx' using 'zigoo' since content. To find out additional Google domain names that had been troubled by the same vulnerability, examiner performed some sort of Yahoo seek. The subsequent domain names ended up furthermore troubled by this particular bug: **. horoscopo. bing. internet, astrocentro. latino. live messenger. com, horoscopo. es. live messenger. com, astrologia. latino. live messenger. com, horoscopos. natural born player. live messenger. com in addition to astrocentro. mujer. fruit. es. Useful actuality concerning this vulnerability can be how the page developed with Google site mirrored with additional domain names more. "It’s Some sort of CDN(Content Delivery Network) Service regarding astrology in which cashes the same content to be able to give the item for that bass speaker domain names of their mentioned susceptible domain names, Consequently almost all data on one site will be demonstrated on all the domain names within the server.

Specialist claims. After canceling to be able to Google, Google provides compensated this examiner using some resources. While usual, Ms didn't give just about any prize on the examiner. Earlier this holiday season, Ebrahim found a vital Remote control PHP Program code Injection vulnerability with one of several Google domain names.


Post a Comment