[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] visa XSS?

To: jan.muenther@nruns.com
Subject: Re: [Full-Disclosure] visa XSS?
From: Mauro Flores <almauri@cs.com.uy>
Date: 23 Dec 2003 10:22:03 -0300

yes, i wrote an email to to Visa and to nac.net.
That box has an anonymous ftp, a mysql open to the world (aghh!)
and many other services.

regards, Mauro Flores

On Tue, 2003-12-23 at 10:10, jan.muenther@nruns.com wrote:
> > I went to http://64.21.80.2/~gotier/verified_by_visa.htm, this guy is
> > using a php script to get card numbers and pins, I think that someone is
> > going to have a merry christmas :)
> 
> Heh, true. Did you write the connecting ISP (nac.net) an abuse email? The
> box is running quite a bunch of services, of which quite a few are plain
> text ones, so I'd guess the kid has sniffed them somewhere and replaced this
> poor guy's pages in his home dir... 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] visa XSS?
  - From: Mauro Flores <almauri@cs.com.uy>
- Re: [Full-Disclosure] visa XSS?
  - From: Mauro Flores <almauri@cs.com.uy>
- Re: [Full-Disclosure] visa XSS?
  - From: jan.muenther@nruns.com

Prev by Date: Re: [Full-Disclosure] visa XSS?
Next by Date: RE: [Full-Disclosure] visa XSS?
Previous by thread: Re: [Full-Disclosure] visa XSS?
Next by thread: Re: [Full-Disclosure] visa XSS?
Index(es):
- Date
- Thread