Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

citibankXSS.txt

🗓️ 17 Aug 2005 00:00:00Reported by Andrew SmithType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 38 Views

Reported XSS vulnerability in Citibank's website, allows phishing, SSL secured, and no response from Citibank

Code
`------=_Part_8324_496004.1123943920825  
Content-Type: text/plain; charset=ISO-8859-1  
Content-Transfer-Encoding: quoted-printable  
Content-Disposition: inline  
  
Hi Full-Disclosure,  
I'm here to report an XSS vulnerability in one of Citibank's websites.  
I actually found this at a log in screen, but it's on an obscure sub domain=  
=20  
so I don't beleive that much cookie stealing can be done from it.  
Phishing, however, oh good lord yes. The phishing possbilities for this XSS=  
=20  
vulnerability are immense (did I mention the site was SSL'd?).  
  
Anyway, I informed citibank through e-mail (no response), posted it on my=  
=20  
blog (no response, no fix..) and now I'll post it here.  
I've had luck on FD in contacting BankOfAmerica employees in the past, so=  
=20  
maybe there are a few Citibank admins listening? Let's hope so.  
  
Here's the URL:  
  
https://cukehb4.cd.citibank.co.uk/CappWebApp/capp/action/lang.do?languageco=  
de=3D1&countrycode=3D<HTML  
GOES HERE>&servicecode=3Dsignon&TS=3D1119807930296  
  
And here's an outline (+screenshot) for if/when they fix it:  
  
http://wheresthebeef.co.uk/show.php/xss/citibank.co.uk.html  
  
------=_Part_8324_496004.1123943920825  
Content-Type: text/html; charset=ISO-8859-1  
Content-Transfer-Encoding: quoted-printable  
Content-Disposition: inline  
  
Hi Full-Disclosure,<br>  
I'm here to report an XSS vulnerability in one of Citibank's websites.<br>  
I actually found this at a log in screen, but it's on an obscure sub  
domain so I don't beleive that much cookie stealing can be done from it.<br=  
>  
Phishing, however, oh good lord yes. The phishing possbilities for this  
XSS vulnerability are immense (did I mention the site was SSL'd?).<br>  
<br>  
Anyway, I informed citibank through e-mail (no response), posted it on  
my blog (no response, no fix..) and now I'll post it here.<br>  
I've had luck on FD in contacting BankOfAmerica employees in the past,  
so maybe there are a few Citibank admins listening? Let's hope so.<br>  
<br>  
Here's the URL:<br>  
<br>  
<a href=3D"https://cukehb4.cd.citibank.co.uk/CappWebApp/capp/action/lang.do=  
?languagecode=3D1&countrycode=3D">https://cukehb4.cd.citibank.co.uk/Cap=  
pWebApp/capp/action/lang.do?languagecode=3D1&countrycode=3D</a><span st=  
yle=3D"font-weight: bold;">  
<HTML GOES HERE></span>&servicecode=3Dsignon&TS=3D11198079302=  
96<br>  
<br>  
And here's an outline (+screenshot) for if/when they fix it:<br>  
<br>  
<a href=3D"http://wheresthebeef.co.uk/show.php/xss/citibank.co.uk.html">htt=  
p://wheresthebeef.co.uk/show.php/xss/citibank.co.uk.html</a><br>  
<br>  
<br>  
  
------=_Part_8324_496004.1123943920825--  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
xss vulnerabilitycitibankphishingssl securedno response
38