[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)
- To: Matthew Flaschen <matthew.flaschen@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)
- From: skyout@xxxxxxx
- Date: Sat, 17 Feb 2007 14:10:54 +0000 (GMT)
On Fri, 16 Feb 2007 17:47:44 -0500
Matthew Flaschen <matthew.flaschen@xxxxxxxxxx> wrote:
> skyout@xxxxxxx wrote:
> > Dear Sir or Madam,
> >
> > I want to point your attention to a new list, that shows up to 40 (!)
> > vulnerabilities on Bank sites of Austria and proves another time
> > how insecure online banking still is. The list is publicly available under:
> >
> > ------------------------------------------------------------
> > http://baseportal.com/baseportal/phishmarkt/at
> > ------------------------------------------------------------
>
> From the page:
> > All used techniques are well known for many years and can be
> > considered state-of-the-art.
>
> Huh?
>
>
Using search fields (as the most common way) to spoof/manipulate the
content of the page can often easily be solved by filtering the input
value and THIS should be well known to every good (web)coder for years.
So: It is nothing new, people do it wrong, again and again (since years,
just that it now gets more and more public).
That's all ;)
SkyOut
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/