[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] XSS vulnerability on various german online banking sites (sparkasse) - CORRECTION
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] XSS vulnerability on various german online banking sites (sparkasse) - CORRECTION
- From: Ulrich Keil <full-disclosure@xxxxxxxxxxxxx>
- Date: Fri, 18 May 2007 18:15:14 +0200
Ulrich Keil wrote:
> The "Sparkassen-Finanzgruppe" with a transaction volume of over 3.300
> billion euro is one of the largest banks for private customers in
> germany. Many local member-banks of the group use the online banking
> portal provided by sfze (http://www.sfze.de/), a subsidiary company of
> Sparkassen-Finanzgruppe.
After having published the XSS vulnerability on various sparkassen
online banking sites 24 hours ago, I received feedback from the company
sfze.
They informed me that the DO NOT operate the online banking portal which
is affected by the vulnerability.
I therefore have to apologize: It was not my intention to blame the
wrong company. sfze has nothing to do with the XSS vulnerability on
german online-banking sites.
To say this clear: I do not know definitely which subsidiary company of
Sparkassen-Finanzgruppe is responsible for the online banking portal,
and is able to fix this problem.
Ulrich Keil
--
http://www.derkeiler.com
PGP Fingerprint: 5FA4 4C01 8D92 A906 E831 CAF1 3F51 8F47 1233 9AAD
Public key available at http://www.derkeiler.com/uk/pgp-key.asc
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/