[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] http://www.chase.com/ vulnerability
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] http://www.chase.com/ vulnerability
- From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
- Date: Sat, 29 May 2004 16:14:37 -0000
Pathetic.
Since you can spoof the main log in site all security calls to
check for the 'little' padlock icon to determine the site is
real doesn't exist on it plus the site has cross-site scripting
capabilities:
http://chase.com/inetSearch/index.jsp?
pageType=&q=f&sort=2&start=1&num=10&lr=&restrict=&gce=&siteID=&se
archoption=&querytext=%22%22%3E%3Cimg%20dynsrc=javascript:alert
()%3E
Best keep your money under your mattress.
--
http://www.malware.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html