Home > Quick > Body

慢雾余弦:攻击者利用Cointelegraph网站的XSS漏洞,诱骗目标用户打开Cointelegraph官网链接

clock
2024-11-28 01:16:58
慢雾创始人余弦于X发文表示,攻击者利用Cointelegraph网站的XSS漏洞,诱骗目标用户打开Cointelegraph官网链接(带XSS恶意脚本),于是:
- 恶意脚本加载执行;
- 地址栏被设置成 https://cointelegraph[.]com/not-public/drafts/article-1033一看还以为是官方未发布的草稿;
- 接着弹出Sign in with X的伪造框;
- 点击Sign in with X后打开X的第三方应用授权,权限列表那处留了超大段空白,此时如果没留意点击了授权,X平台有关权限就会被攻击者接管。
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.