Sunday, June 22, 2008

HSBC Web Sites Are Open to Critical XSS Attacks

Via -

Evidently, major unwanted consequences could be a result of multiple cross-site scripting vulnerabilities affecting bank web sites. XSS must be considered as the phishers' future weapon by all people working in the security industry.

Scammers can register domains and set up fake bank web sites in a few minutes. With the help of bulk e-mailers they can phish personal sensitive data from thousands of unsuspecting web users.

If they want to own HSBC's e-banking customers, all they have to do is to register a "suspicious" looking domain like which is currently available and then serve a phishing page.

Even better, they can exploit a cross-site scripting vuln on, obfuscate the attack vector and significantly increase their phishing success rate!


Check the link above for all the XSS attack vectors....

No comments:

Post a Comment