Online retailer AliExpress fixed an open redirect vulnerability in its online shopping portal last October that could have been exploited to display a fake coupon designed to phish sensitive information from those who viewed it.
Researchers at Check Point Software Technologies devised an exploit technique for the vulnerability, whereby an attacker could send shoppers a link to a legit AliExpress page that has been compromised with malicious Javascript code. That code would then be executed in the user's web browser, redirecting the victim to a second link that would open the evil coupon.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland