Several greek banks suffer from cross site scripting vulnerabilities.
304e9d8091083adf73b2103cd91f19feThis is a multi-part message in MIME format.
------=_NextPart_000_000B_01C6DC9B.6E911000
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sentinel Computer Security Advisory
Sentinel Co.
http://www.sentinel.gr
info@sentinel.gr
General Flaw Description : Cross Site Scripting Vulnerabilities in =
multiple
Greek Web Banking sites.
-------------------------------------------------------------------------=
------
Advisory Information
-------------------------------------------------------------------------=
------
Advisory Release Date : 2006/09/01
Advisory ID : SGA-0002
Extends : None
Deprecates : None
-------------------------------------------------------------------------=
------
Product Information
-------------------------------------------------------------------------=
------
Flawed File Name : http://www.eurobank.gr/online/home/pops.aspx,
http://www.winbank.gr/eCPage.asp,
http://www.emporiki.gr/cbg/gr/search/search.jsp,
http://www.piraeusbank.gr/ecportal.asp,
http://www.probank.gr/search/index.php
-------------------------------------------------------------------------=
------
Vulnerability Information
-------------------------------------------------------------------------=
------
Flaw Type : Cross Site Scripting
Vulnerability Impact : Phising and Scam attacks
Vulnerability Rating : Critical
Patch Status : Partially Patched
Advisory Status : Verified
Publicity Level : Published
Other Advisories IDs : None
Flaw Discovery Date : 2006/08/31
Patch Date : 2006/09/02
Vulnerability Credit : Emmanouil Gavriil (egavriil@sentinel.gr)
Exploit Status : Not Released
Exploit Publication Date : None
-------------------------------------------------------------------------=
------
Description
-----------
Many Greek banks are using Web Banking service to assist their customers =
with=20
their transactions. Eurobank, Winbank, Pireaus Bank, Probank and =
Emporiki Bank=20
found to be vulnerable to Cross Site Scripting Attacks which can lead to =
execution of arbitrary SCRIPT and HTML code to the user.=20
Technical Information
---------------------
www.eurobank.gr is making use of multiple aspx files which fail to =
sanitise
variables. Most of aspx files in Eurobank website which are getting =
variables
as input are vulnerable to XSS.
www.winbank.gr is using a search function which does not properly =
sanitise the
input of variable text_search.
www.emporiki.gr is using a jsp search function which does not properly =
sanitise
the input of variable searchFld.
www.piraeusbank.gr is having exactly the same problem with Winbank as it =
is
actually the same bank. Even though it doesn't have a Web Banking System
itself, it forwards Web Banking requests to winbank. Cross Site =
Scripting
is possible, and thus the danger is the same, as an unsuspicious user =
can be
lead from www.piraeusbank.gr with a valid redirection to a fake =
www.winbank.gr
login screen.
www.probank.gr doesn't have a Web Banking Service but the site is =
vulnerable
to XSS and while account compromise is not possible, valuable =
information such
as CARD and PIN numbers can be stolen through phising/scam attacks.
Proof of Concept Experiment
---------------------------
http://www.eurobank.gr/online/home/pops.aspx?';alert(String.fromCharCode(=
88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fro=
mCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/S=
CRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=3D=
&{}
http://www.winbank.gr/eCPage.asp?Page=3DeCFullSearchResults.asp&lang=3D1&=
text_search=3D%3Cscript%3Ealert('XSS')%3C/script%3E
http://www.emporiki.gr/cbg/gr/search/search.jsp?searchFld=3D';alert(Strin=
g.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;a=
lert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83=
,83))//%3E%3C/SCRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83)=
)%3C/SCRIPT%3E=3D&{}
http://www.piraeusbank.gr/ecportal.asp?id=3D235212&nt=3D107&pageno=3D1&fr=
omsearch=3D234010&lang=3D2&tid=3D&txtSearch=3D%3Cscript%3Ealert('XSS')%3C=
/script%3E
http://www.probank.gr/search/index.php?qu=3D';alert(String.fromCharCode(8=
8,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.from=
CharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/SC=
RIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=3D=
&{}
Patch Description and Information
---------------------------------
Banks informed. All banks except Emporiki Bank have fixed the =
vulnerability.
References and Other Resources for Information
----------------------------------------------
None.
EOF.
------=_NextPart_000_000B_01C6DC9B.6E911000
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial><PRE> Sentinel Computer =
Security Advisory
Sentinel Co.
http://www.sentinel.gr
info@sentinel.gr
General Flaw Description : Cross Site Scripting Vulnerabilities in =
multiple
Greek Web Banking sites.
-------------------------------------------------------------------------=
------
Advisory Information
-------------------------------------------------------------------------=
------
Advisory Release Date : 2006/09/01
Advisory ID : SGA-0002
Extends : None
Deprecates : None
-------------------------------------------------------------------------=
------
Product Information
-------------------------------------------------------------------------=
------
Flawed File Name : http://www.eurobank.gr/online/home/pops.aspx,
http://www.winbank.gr/eCPage.asp,
http://www.emporiki.gr/cbg/gr/search/search.jsp,
http://www.piraeusbank.gr/ecportal.asp,
http://www.probank.gr/search/index.php
-------------------------------------------------------------------------=
------
Vulnerability Information
-------------------------------------------------------------------------=
------
Flaw Type : Cross Site Scripting
Vulnerability Impact : Phising and Scam attacks
Vulnerability Rating : Critical
Patch Status : Partially Patched
Advisory Status : Verified
Publicity Level : Published
Other Advisories IDs : None
Flaw Discovery Date : 2006/08/31
Patch Date : 2006/09/02
Vulnerability Credit : Emmanouil Gavriil (egavriil@sentinel.gr)
Exploit Status : Not Released
Exploit Publication Date : None
-------------------------------------------------------------------------=
------
Description
-----------
Many Greek banks are using Web Banking service to assist their customers =
with=20
their transactions. Eurobank, Winbank, Pireaus Bank, Probank and =
Emporiki Bank=20
found to be vulnerable to Cross Site Scripting Attacks which can lead to =
execution of arbitrary SCRIPT and HTML code to the user.=20
Technical Information
---------------------
www.eurobank.gr is making use of multiple aspx files which fail to =
sanitise
variables. Most of aspx files in Eurobank website which are getting =
variables
as input are vulnerable to XSS.
www.winbank.gr is using a search function which does not properly =
sanitise the
input of variable text_search.
www.emporiki.gr is using a jsp search function which does not properly =
sanitise
the input of variable searchFld.
www.piraeusbank.gr is having exactly the same problem with Winbank as it =
is
actually the same bank. Even though it doesn't have a Web Banking System
itself, it forwards Web Banking requests to winbank. Cross Site =
Scripting
is possible, and thus the danger is the same, as an unsuspicious user =
can be
lead from www.piraeusbank.gr with a valid redirection to a fake =
www.winbank.gr
login screen.
www.probank.gr doesn't have a Web Banking Service but the site is =
vulnerable
to XSS and while account compromise is not possible, valuable =
information such
as CARD and PIN numbers can be stolen through phising/scam attacks.
Proof of Concept Experiment
---------------------------
http://www.eurobank.gr/online/home/pops.aspx?';alert(String.fromCharCode(=
88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fro=
mCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/S=
CRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=3D=
&{}
http://www.winbank.gr/eCPage.asp?Page=3DeCFullSearchResults.asp&lang=3D=
1&text_search=3D%3Cscript%3Ealert('XSS')%3C/script%3E
http://www.emporiki.gr/cbg/gr/search/search.jsp?searchFld=3D';alert(Strin=
g.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;a=
lert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83=
,83))//%3E%3C/SCRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83)=
)%3C/SCRIPT%3E=3D&{}
http://www.piraeusbank.gr/ecportal.asp?id=3D235212&nt=3D107&pagen=
o=3D1&fromsearch=3D234010&lang=3D2&tid=3D&txtSearch=3D%3C=
script%3Ealert('XSS')%3C/script%3E
http://www.probank.gr/search/index.php?qu=3D';alert(String.fromCharCode(8=
8,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.from=
CharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/SC=
RIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=3D=
&{}
Patch Description and Information
---------------------------------
Banks informed. All banks except Emporiki Bank have fixed the =
vulnerability.
References and Other Resources for Information
----------------------------------------------
None.
EOF.
</PRE></FONT></DIV></BODY></HTML>
------=_NextPart_000_000B_01C6DC9B.6E911000--
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!