XSS vulnerability found in various Bank websites

GreyHat hackers known as "Sony" and Flexxpoint , have discovered Cross site scripting vulnerability in various Bank websites.

"We staged an experiment out of interest. We looked through several randomly selected websites of Worlds banks to check them for vulnerabilities. This was done rather quick even without any specialized software. The results were not surprising. We will demonstrate different bugs of the same type." Hacker said in his blog post.

Sberbank of Russia(http://www.sbrf.ru), is the largest bank in Russia and Eastern Europe. Sbrf is found to be vulnerable to Cross site scripting vulnerability.

Banki.ru, according to all rating systems in Russia, is the number one bank information website which is profitable and growing. The Banki.ru is found to be vulnerable to redirection vulnerability.
Citizens Bank,Wells Fargo,eximb,procreditbank,Banco Central De Bolivia,vtb24.ru ,homecredit.ru are vulnerable to Cross site scripting. Hacker found XSS in chat application of migbank.com, msufcu.org,bcb.gob.bo.

"We would like to add a few words about security. There's no need to panic, perfect security just isn't possible, though we should try to come as close as possible. We would like to give a couple of advices for these banks. "Hacker wrote in his blog." They should certainly pay more attention to their IT personnel's competence and discipline, spend their money not only on market research, but also on penetration testing, organize penetration testers' contests like Google and Facebook do or possible have their own staff of penetration testers. The bank personnel should be tested for their vulnerability to social engineering. These are just the basics."

Category: / /

Share this with Your friends: