'Re: [Full-Disclosure] http://www.chase.com/ vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] http://www.chase.com/ vulnerability
From:       "http-equiv () excite ! com" <1 () malware ! com>
Date:       2004-05-29 16:14:37
Message-ID: 200405291614.i4TGEbws007205 () web120 ! megawebservers ! com
[Download RAW message or body]

Pathetic.

Since you can spoof the main log in site all security calls to 
check for the 'little' padlock icon to determine the site is 
real doesn't exist on it plus the site has cross-site scripting 
capabilities:

http://chase.com/inetSearch/index.jsp?
pageType=&q=f&sort=2&start=1&num=10&lr=&restrict=&gce=&siteID=&se
archoption=&querytext=%22%22%3E%3Cimg%20dynsrc=javascript:alert
()%3E

Best keep your money under your mattress.

-- 
http://www.malware.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic