Two critical XSS bugs on Barclays bank website
Written by DP
Sunday, 3 May 2009
Security researcher Pierre Gardenat has recently discovered two critical cross-site scripting bugs on Barclays.com.
Barclays is one of the most respected banks in the world, trusted by millions of people to take good care of their money.
Therefore, malicious people can exploit these XSS vulnerabilities to conduct phishing attacks against Barclay's customers and also to infect them with crimeware.
Barclays bank has been XSSed in the past:
www.merger.barclays.com XSS by Pierre Gardenat
offer.barclays.com XSS by Pierre Gardenat
www.newsroom.barclays.com XSS by kusomiso.com
www.barclays.co.uk XSS by mox
www.barclays.co.uk XSS by TreX
www.barclays.co.uk XSS by Skyr3x
barclays.metafaq.com XSS by CCC
www.newsroom.barclays.co.uk XSS by PanterA
Barclays XSS vulnerability comes handy for scammers and blackhat hackers