recently, there are a lot of people to reflect their Taobao account stolen, his Taobao account was used to mass spam and fraud advertising, resulting in an account was sealed.
when I saw the news really surprised, how could this be possible, they are now Taobao security personnel in the country are more, the system is not afraid of the loopholes in the matter. With the question mood to understand is the process when hacking, finally found the following:
instance links form cross site vulnerabilities as follows
http://s.auction1.taobao.com/auction/mall/shopvip%2ehtm? Turbine_uri=http://s.ru.rd.yahoo.com/SIG=10uaccr0v/D=maps/Y=YAHOO/EXP=1288992407/? Http://s.onlinedm.net/taobao/member/login.jsp? Wwname=%B1%F9%CC%EC%D1%A9%B5%D8001& url= item_detail-0db1-8fe231761123c212aa41c213417a5600c.htm
look, really link below in the taobao.com, seemingly legitimate links, but the tragedy is that this is a cross site scripting vulnerability of Taobao, is a phishing site use. Click on the future, you look at the link to open the site, it was found that the other site. If you don’t pay attention to the URL of the open web site, you will be sad.
we all know, for security, Taobao station is not directly click on the link in the forum, and the fishing links, the Taobao vulnerability, can click to enter, Wangwang will show the security, this is the risk of phishing links.
just look at the gang, it has been posted claiming to be cheated, the amount of a few hundred, there are more than 1 thousand, the vulnerability should not just appear on the hope that Taobao quickly repaired.
again, to remind you that there are two forms of phishing links
The first kind of
: naked fishing, fishing links directly, or by other well-known legal website blog, more old-fashioned, most educated people can identify the safety study.
second: the use of well-known legal website vulnerabilities, even Taobao, Alipay, Alibaba’s own vulnerability, this is the most difficult to prevent phishing links. Just like the link above, Wangwang is certainly a green check mark, for only according to the green check mark to judge the rookie, inevitable tragedy.
again, I give you to guard against phishing site three board ax
first Axe: look at the domain name, see >