[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)
From: skyout@xxxxxxx
Date: Fri, 16 Feb 2007 16:26:52 +0000 (GMT)

Dear Sir or Madam,

I want to point your attention to a new list, that shows up to 40 (!)
vulnerabilities on Bank sites of Austria and proves another time
how insecure online banking still is. The list is publicly available under:

------------------------------------------------------------
http://baseportal.com/baseportal/phishmarkt/at
------------------------------------------------------------

To every page a demo is provided, that shows how to trigger the
mostly IFrame Spoofing and XSS vulnerabilities on the page.

I would appreciate you taking a look at the list and spreading the
link to make those sites react quickly and fix the problem.

SkyOut

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)
  - From: Matthew Flaschen

Prev by Date: Re: [Full-disclosure] Drive-by Pharming
Next by Date: Re: [Full-disclosure] Web Server Botnets and Server Farms as Attack Platforms
Previous by thread: Re: [Full-disclosure] utorrent issue?
Next by thread: Re: [Full-disclosure] Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)
Index(es):
- Date
- Thread