[Full-disclosure] XSS at Citibank.co.uk
From: Andrew Smtih (andrew.rse_at_gmail.com)
Date: 08/13/05
- Previous message: Sean Crawford: "RE: [Full-disclosure] bash vulnerability?"
- Next in thread: Jim Duncan: "Re: [Full-disclosure] XSS at Citibank.co.uk"
- Reply: Jim Duncan: "Re: [Full-disclosure] XSS at Citibank.co.uk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 13 Aug 2005 15:38:40 +0100 To: full-disclosure@lists.grok.org.uk
Hi Full-Disclosure,
I'm here to report an XSS vulnerability in one of Citibank's websites.
I actually found this at a log in screen, but it's on an obscure sub domain
so I don't beleive that much cookie stealing can be done from it.
Phishing, however, oh good lord yes. The phishing possbilities for this XSS
vulnerability are immense (did I mention the site was SSL'd?).
Anyway, I informed citibank through e-mail (no response), posted it on my
blog (no response, no fix..) and now I'll post it here.
I've had luck on FD in contacting BankOfAmerica employees in the past, so
maybe there are a few Citibank admins listening? Let's hope so.
Here's the URL:
https://cukehb4.cd.citibank.co.uk/CappWebApp/capp/action/lang.do?languagecode=1&countrycode= And here's an outline (+screenshot) for if/when they fix it:
http://wheresthebeef.co.uk/show.php/xss/citibank.co.uk.html
_______________________________________________
GOES HERE>&servicecode=signon&TS=1119807930296
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Relevant Pages
... Yes your diagnosis is spot on but i still get the error, saved a screenshot ... This posting is provided "AS IS" with no warranties, ... In order to fix this, run the following commands from either the "Run" ...
(microsoft.public.multimedia.windows.mediaplayer)
... Thank you for your response. ... I sent you an email with a screenshot ... is FQDN,A FQDN is a complete DNS name,Fully qualified domain name. ... from your newsreader: microsoft.private.directaccess.partnerfeedback. ...
(microsoft.public.windows.server.sbs)
... [in response to stating in regards to changing the file kind resulting ... and several others that let you change the screenshot image ... format in Mac OS X. ... Use a real news client if you want me to see your posts. ...
(comp.sys.mac.apps)
... The only way to fix it is to ... you could revert the patch you ... and enable UXA, ... combined with a screenshot of mesa's readpix ...
(Linux-Kernel)
... It is not a "fix", ... same since at least Mac System 7... ... that is *not* a screenshot of System 7. ... mistake. ...
(comp.sys.mac.advocacy)
