[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] visa XSS?
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] visa XSS?
- From: Mauro Flores <almauri@cs.com.uy>
- Date: 23 Dec 2003 08:44:49 -0300
I receive this mail today, the funny stuff is that when you click on the
link, you execute:
http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&useroption=SecurityUpdate&StateLevel=GetFrom@64.21.80.2/~gotier/verified_by_visa.htm
I don't have a Visa card and I don't like that 64.21.80.2 which is not a
Visa IP, AFAIK.
Anyone else receive it??
regards, Mauro Flores
On Tue, 2003-12-23 at 08:29, Mauro Flores wrote:
> -----Forwarded Message-----
> From: Visa International Service <security@visa-security.com>
> Subject: Visa Security Update
> Date: 23 Dec 2003 05:24:34 -0600
>
> [image]
>
> Dear Customer,
>
> Our latest security system will help you to avoid possible fraud actions
> and
> keep your investments in safety.
>
> Due to technical security update you have to reactivate your account
>
> Click on the link below to login to your updated Visa account.
>
> To log into your account, please visit the Visa Website at
>
> http://www.visa.com
>
> We respect your time and business.
> It's our pleasure to serve you.
>
>
> Please don't reply to this email. This e-mail was generated by a mail
> handling system.
>
>
> [image]
>
> Copyright 1996-2003, Visa International Service Association. All rights
> reserved.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html