Full Disclosure mailing list archives
Re: http://www.chase.com/ vulnerability
From: "http-equiv () excite com" <1 () malware com>
Date: Sat, 29 May 2004 16:14:37 -0000
Pathetic. Since you can spoof the main log in site all security calls to check for the 'little' padlock icon to determine the site is real doesn't exist on it plus the site has cross-site scripting capabilities: http://chase.com/inetSearch/index.jsp? pageType=&q=f&sort=2&start=1&num=10&lr=&restrict=&gce=&siteID=&se archoption=&querytext=%22%22%3E%3Cimg%20dynsrc=javascript:alert ()%3E Best keep your money under your mattress. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability Brandon (May 28)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability gauntlet (May 28)
- <Possible follow-ups>
- RE: http://www.chase.com/ vulnerability Schmidt, Michael R. (May 28)
- Re: http://www.chase.com/ vulnerability Dark-Avenger (May 28)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability James Patterson Wicks (May 29)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 29)
- Re: http://www.chase.com/ vulnerability http-equiv () excite com (May 29)
- RE: http://www.chase.com/ vulnerability Brandon (May 28)