[Am-info] Cross-Site Scripting Vulnerability in Citibank Payment Service Site
Fred A. Miller
fm@cupserv.org
Wed, 16 Jan 2002 15:57:19 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
'Last I knew, CTB was using 'Bloze2000 servers, so this news isn't all
that surprising.
Fred
________________
Cross-Site Scripting Vulnerability in Citibank Payment Service Site
A security researcher has found a cross-site scripting vulnerability in
C2it.com, Citibank's on-line payment service. The security hole could
expose customer account data and even allow attackers to move money out
of customer accounts.
http://www.msnbc.com/news/683646.asp?0dm=T225T
[Editor's (Murray) Note: Characterizing this activity as "security
research" is inappropriate, not to say destructive.]
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8RekvIhTtc6nTZIIRAkZ8AJ9EYRLtanaITQvzmKEbNmDoDBfzawCgjgtM
m99EJEq5RbxyLvb+0qC/T8Q=
=Fds+
-----END PGP SIGNATURE-----