Lucene search
K

commbankXSS.txt

🗓️ 14 Sep 2005 00:00:00Reported by Calum PowerType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 28 Views

A full audit of Commonwealth Bank's web applications has been promised to eliminate Cross-Site-Scripting vulnerabilities. The vulnerability in the NetBank website could lead to account compromise via phishing methods

Code
`-- A quick note before the advisory --  
During my conversation(s) with the Commonwealth Bank 'Group IT Security'   
department, they have promised to undertake a full audit of the NetBank,   
CBA website and other existing pages in an effort to stamp out all   
Cross-Site-Scripting (XSS) vulnerabilities in their web applications.  
  
This is a very positive step in the direction of completely securing the   
Commonwealth Bank's web applications. Big congratulations go to Stephen   
and Chris from the CBA's security team for initiating a quick response, as   
well as a concerted effort for the future security of the bank.  
-- Advisory follows --  
  
--------------- 05/09/2005 ---------------  
-- Fribble Technologies --  
-- Security Advisory --  
-- FOR IMMEDIATE PUBLIC RELEASE --  
---------------TIMELINE-------------------  
-- Discovered: 05/09/2005 --  
-- Reported: 06/09/2005 --  
-- Released: 15/09/2005 --  
------------------------------------------  
Security Advisory: Cross-Site-Scripting in www.netbank.commbank.com.au may  
lead to account compromise  
  
Discovered by: Calum Power [[email protected]]  
Versions Affected: All Current  
Unaffected versions: None known.  
  
Product Description:  
www.commbank.com.au is the Commonwealth Bank of Australia's official website.  
The sub-section of the website '/NetBank/' is devoted to information and help  
in regards to their online banking service.  
Using the service, it is possible to transfer money, check account balances,  
review account histories, etc.  
  
Summary:  
* Cross-Site Scripting (A.K.A "XSS") could lead to the compromise of user  
* accounts via 'phishing' methods.  
  
Details:  
The Commonwealth Bank provide a 'search' service for the searching of  
help/information with direct relevance to their online banking service  
'NetBank'. The script is located at 'NetBank/search.asp' on the webserver  
www.commbank.com.au  
  
This script accepts a few variables, the vulnerable one being 'SearchString'  
Unfortunately, the ASP script responsible for the searching of pages within  
the website fails to sanitise this variable before printing it in the form  
element also named 'SearchString'.  
This could lead to 'escaping' from the input tag, and printing arbitrary HTML  
code to the user. A simple, harmless demonstration is as follows:  
http://www.commbank.com.au/NetBank/search.asp?SearchString=%22%3E%3Cimg%20src=%22http://fribble.net/image.jpg%22%3E  
  
Although the above example would not be of any risk to a user, with the use of  
URI encoding and advanced HTML inclusion (possibly from a third-party  
website), it would be possible to emulate a false website, or even a  
legitimate-looking login page.  
  
Further information on the threat of Cross-Site Scripting may be obtained  
here:  
http://www.securitydocs.com/library/3261  
  
Impact: High  
In an environment such as Netbank, ALL user-supplied input variables should be  
filtered for malformed content.  
Succesfull exploitation of this vulnerability may lead to compromised bank  
accounts and/or user data via scamming (or "phishing") attacks on NetBank users.  
  
Credit:  
This vulnerability was discovered by Calum Power on the 5th of September 2005.  
The vendor has subsequently been notified.  
  
Rights:  
Copyright(c) 2005 Fribble Technologies (C. Power)  
This advisory may be quoted, transmitted or copied, providing original author   
credit is included in the publication.  
  
  
*** This vulnerability has been disclosed in accordance with the RFP  
Full-Disclosure Policy v2.0, available at:  
http://www.wiretrip.net/rfp/policy.html  
  
--  
Calum Power  
Security Enthusiast  
Cultural Jammer  
Hopeless Cynic  
E: [email protected]  
W: www.fribble.net  
  
--   
This message has been scanned for viruses and  
dangerous content by MailScanner, and is  
believed to be clean.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation