Advertisements

 Two critical XSS bugs on Barclays bank website

Written by DP

Sunday, 3 May 2009

Security researcher Pierre Gardenat has recently discovered two critical cross-site scripting bugs on Barclays.com.

Barclays is one of the most respected banks in the world, trusted by millions of people to take good care of their money.

Therefore, malicious people can exploit these XSS vulnerabilities to conduct phishing attacks against Barclay's customers and also to infect them with crimeware.

Barclays bank has been XSSed in the past:

XSS:
www.merger.barclays.com XSS by Pierre Gardenat
offer.barclays.com XSS by Pierre Gardenat
www.newsroom.barclays.com XSS by kusomiso.com
www.barclays.co.uk XSS by mox
www.barclays.co.uk XSS by TreX
www.barclays.co.uk XSS by Skyr3x
barclays.metafaq.com XSS by CCC
www.newsroom.barclays.co.uk XSS by PanterA

RELATED NEWS:
Barclays XSS vulnerability comes handy for scammers and blackhat hackers


        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.