I think this is also the first sighting of the @ vulnerability in the wild. Or am I mistaken? It seems the tool available from Xforce does nothing to stop this. (http://xforce.iss.net/xforce/alerts/id/159).
Thanks Joshua Knarr >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >Mauro Flores >Sent: Tuesday, December 23, 2003 6:45 AM >To: [EMAIL PROTECTED] >Subject: [Full-Disclosure] visa XSS? > >I receive this mail today, the funny stuff is that when you >click on the >link, you execute: >http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&u seroption=SecurityUpdate&[EMAIL PROTECTED]/~gotier/verified_by_visa.htm > >I don't have a Visa card and I don't like that 64.21.80.2 >which is not a >Visa IP, AFAIK. >Anyone else receive it?? > >regards, Mauro Flores > >On Tue, 2003-12-23 at 08:29, Mauro Flores wrote: >> -----Forwarded Message----- >> From: Visa International Service <[EMAIL PROTECTED]> >> Subject: Visa Security Update >> Date: 23 Dec 2003 05:24:34 -0600 >> >> [image] >> >> Dear Customer, >> >> Our latest security system will help you to avoid possible >fraud actions >> and >> keep your investments in safety. >> >> Due to technical security update you have to reactivate >your account >> >> Click on the link below to login to your updated Visa account. >> >> To log into your account, please visit the Visa Website at >> >> http://www.visa.com >> >> We respect your time and business. >> It's our pleasure to serve you. >> >> >> Please don't reply to this email. This e-mail was generated >by a mail >> handling system. >> >> >> [image] >> >> Copyright 1996-2003, Visa International Service Association. >All rights >> reserved. >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
