[Full-Disclosure] visa XSS?
Date: Tue Dec 23 2003 - 05:44:49 CST
I receive this mail today, the funny stuff is that when you click on the
link, you execute:
http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&useroption=SecurityUpdate&StateLevel=GetFrom@64.21.80.2/~gotier/verified_by_visa.htm
I don't have a Visa card and I don't like that 64.21.80.2 which is not a
Visa IP, AFAIK.
Anyone else receive it??
regards, Mauro Flores
On Tue, 2003-12-23 at 08:29, Mauro Flores wrote:
> -----Forwarded Message-----
> From: Visa International Service <security@visa-security.com>
> Subject: Visa Security Update
> Date: 23 Dec 2003 05:24:34 -0600
>
> [image]
>
> Dear Customer,
>
> Our latest security system will help you to avoid possible fraud actions
> and
> keep your investments in safety.
>
> Due to technical security update you have to reactivate your account
>
> Click on the link below to login to your updated Visa account.
>
> To log into your account, please visit the Visa Website at
>
> http://www.visa.com
>
> We respect your time and business.
> It's our pleasure to serve you.
>
>
> Please don't reply to this email. This e-mail was generated by a mail
> handling system.
>
>
> [image]
>
> Copyright 1996-2003, Visa International Service Association. All rights
> reserved.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Tue Dec 23 06:00:56 2003
This archive was generated by hypermail 2.1.8 : Tue Dec 23 2003 - 06:01:01 CST
