On Thu, Sep 25, 2003 at 06:30:32AM -0700, [EMAIL PROTECTED] wrote: > when you feed a browser the given url, the citibank page comes up. but > you also get a small page with a form that asks for your bank account > number and PIN. [snip] > my question is -- how is this done? how does this URL: > > http://www.citibank.com:[EMAIL PROTECTED]/3/?IYTEw > 4eVTtbH1w6CpDrT > > bring up citibank.com's webpage and then another page with the > account/PIN grabber? i've never seen anything like this before.
If you break down that url it looks like: www.citibank.com <- username : <- seperator ac=VybznNffNxknAUxPrfE2jYaQUptJ <- password @ <- at (duh) a3ksd.PiSeM.NeT <- servername /3/?IYTEw4eVTtbH1w6CpDrT <- misc crap And doing a wget on that url gives me this (comments added) <HTML><HEAD> <META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://citibank.com/us/index.htm";> <title></title></HEAD> <BODY bgColor=#ffffff onload="window.open('welcome2.html', 'nameit', 'top=185,left=250,width=300,height=230,toolbar=no,location=no,scrollbars= no,resizable=no')"> </BODY></HTML> Even if you don't know HTML, it's fairly easy to see what it's doing. It's immediately redirecting you to the citibank page, and telling your browser to give you the popup at the same time. _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
