Full Disclosure mailing list archives
Re: Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)
From: skyout () gmx net
Date: Sat, 17 Feb 2007 14:10:54 +0000 (GMT)
On Fri, 16 Feb 2007 17:47:44 -0500 Matthew Flaschen <matthew.flaschen () gatech edu> wrote:
skyout () gmx net wrote:Dear Sir or Madam, I want to point your attention to a new list, that shows up to 40 (!) vulnerabilities on Bank sites of Austria and proves another time how insecure online banking still is. The list is publicly available under: ------------------------------------------------------------ http://baseportal.com/baseportal/phishmarkt/at ------------------------------------------------------------From the page:All used techniques are well known for many years and can be considered state-of-the-art.Huh?
Using search fields (as the most common way) to spoof/manipulate the content of the page can often easily be solved by filtering the input value and THIS should be well known to every good (web)coder for years. So: It is nothing new, people do it wrong, again and again (since years, just that it now gets more and more public). That's all ;) SkyOut _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites) skyout (Feb 16)
- Re: Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites) Matthew Flaschen (Feb 16)
- Re: Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites) skyout (Feb 17)
- Re: Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites) Matthew Flaschen (Feb 16)