[Full-Disclosure] visa XSS?
almauri at cs.com.uy
Tue Dec 23 12:10:56 GMT 2003
I went to http://220.127.116.11/~gotier/verified_by_visa.htm, this guy is
using a php script to get card numbers and pins, I think that someone is
going to have a merry christmas :)
regards, Mauro Flores
On Tue, 2003-12-23 at 08:44, Mauro Flores wrote:
> I receive this mail today, the funny stuff is that when you click on the
> link, you execute:
> I don't have a Visa card and I don't like that 18.104.22.168 which is not a
> Visa IP, AFAIK.
> Anyone else receive it??
> regards, Mauro Flores
> On Tue, 2003-12-23 at 08:29, Mauro Flores wrote:
> > -----Forwarded Message-----
> > From: Visa International Service <security at visa-security.com>
> > Subject: Visa Security Update
> > Date: 23 Dec 2003 05:24:34 -0600
> > [image]
> > Dear Customer,
> > Our latest security system will help you to avoid possible fraud actions
> > and
> > keep your investments in safety.
> > Due to technical security update you have to reactivate your account
> > Click on the link below to login to your updated Visa account.
> > To log into your account, please visit the Visa Website at
> > http://www.visa.com
> > We respect your time and business.
> > It's our pleasure to serve you.
> > Please don't reply to this email. This e-mail was generated by a mail
> > handling system.
> > [image]
> > Copyright 1996-2003, Visa International Service Association. All rights
> > reserved.
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.