[Full-disclosure] Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)
skyout at gmx.net
skyout at gmx.net
Sat Feb 17 14:10:54 GMT 2007
On Fri, 16 Feb 2007 17:47:44 -0500
Matthew Flaschen <matthew.flaschen at gatech.edu> wrote:
> skyout at gmx.net wrote:
> > Dear Sir or Madam,
> >
> > I want to point your attention to a new list, that shows up to 40 (!)
> > vulnerabilities on Bank sites of Austria and proves another time
> > how insecure online banking still is. The list is publicly available under:
> >
> > ------------------------------------------------------------
> > http://baseportal.com/baseportal/phishmarkt/at
> > ------------------------------------------------------------
>
> From the page:
> > All used techniques are well known for many years and can be
> > considered state-of-the-art.
>
> Huh?
>
>
Using search fields (as the most common way) to spoof/manipulate the
content of the page can often easily be solved by filtering the input
value and THIS should be well known to every good (web)coder for years.
So: It is nothing new, people do it wrong, again and again (since years,
just that it now gets more and more public).
That's all ;)
SkyOut
Full-Disclosure is hosted and sponsored by Secunia.