译文：英特尔安全中心爆跨站漏洞

英特尔安全中心是家提供英特尔产品安全问题咨询的机构。“通过安全警告和安全告示，英特尔一直在致力于改善我们的客户计算环境的安全。

创新互联公司专注于网站建设|企业网站维护|优化|托管以及网络推广，积累了大量的网站设计与制作经验，为许多企业提供了网站定制设计服务，案例作品覆盖成都不锈钢雕塑等行业。能根据企业所处的行业与销售的产品，结合品牌形象的塑造，量身设计品质网站。

因为它们的出现,我们将致力于迅速解决该问题，并提供解决问题建议，”在主页网站上的一条消息说明。

在http://security-center.intel.com上的跨站脚本漏洞是一个名叫Methodman的黑客发现的。这个安全漏洞似乎影响到所有咨询网页，可以使用个人发布的恶意软件，进行钓鱼或各种不同的恶意攻击。

Methodman公布了代码的和截图证明,演示攻击者如何注入任意的IFRAME网址或引发重定向到另一个链接。此外，劫持cookie会话或开恶意玩笑也是可能的。作者写完这篇文章时，该漏洞仍然存在。
　　

原文如下:
　　Intel Security Center Lacks Security
　　A cross-site scripting flaw affecting the Intel Product Security Center website has been disclosed. Successful exploitation allows for rogue iframe injection, arbitrary redirection and session cookie hijacking.
　　The Intel Security Center is home to advisories regarding security issues that affect Intel products. "Intel is focused on improving the security of our customers computing environments. We are committed to rapidly addressing issues as they arise, and providing recommendations through security advisories and security notices," a message on the website's main page notes.
　　The XSS weakness on http://security-center.intel.com has been discovered by a hacker going by the nickname of Methodman. The flaw seems to affect all advisory pages and can be used by ill-intentioned individuals to distribute malware, launch phishing campaigns, or instrument various malicious attacks.
　　The proof-of-concept code and screenshots published by Methodman demonstrate how poor URL validation allows an attacker to inject an arbitrary iframe or trigger a redirection to another link. In addition, revealing session cookies or launching rogue alerts is also possible. At the time this article was being writtten, the flaws were still active.

分享题目：译文：英特尔安全中心爆跨站漏洞
文章起源：http://www.mswzjz.cn/qtweb/news36/397336.html

攀枝花网站建设、攀枝花网站运维推广公司-贝锐智能，是专注品牌与效果的网络营销公司；服务项目有等

广告

声明：本网站发布的内容（图片、视频和文字）以用户投稿、用户转载内容为主，如果涉及侵权请尽快告知，我们将会在第一时间删除。文章观点不代表本网站立场，如需处理请联系客服。电话：028-86922220；邮箱：631063699@qq.com。内容未经允许不得转载，或转载时需注明来源： 贝锐智能