Full Disclosure mailing list archives
Re: visa XSS?
From: Mauro Flores <almauri () cs com uy>
Date: 23 Dec 2003 10:22:03 -0300
yes, i wrote an email to to Visa and to nac.net. That box has an anonymous ftp, a mysql open to the world (aghh!) and many other services. regards, Mauro Flores On Tue, 2003-12-23 at 10:10, jan.muenther () nruns com wrote:
I went to http://64.21.80.2/~gotier/verified_by_visa.htm, this guy is using a php script to get card numbers and pins, I think that someone is going to have a merry christmas :)Heh, true. Did you write the connecting ISP (nac.net) an abuse email? The box is running quite a bunch of services, of which quite a few are plain text ones, so I'd guess the kid has sniffed them somewhere and replaced this poor guy's pages in his home dir...
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- Re: visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? Adam Hunt (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- Re: visa XSS? Gary Flynn (Dec 23)
- RE: visa XSS? lists (Dec 23)
- Re: visa XSS? Oliver Gobin (Dec 23)
- Re: visa XSS? William Warren (Dec 23)
- <Possible follow-ups>
- RE: visa XSS? Knarr, Joshua (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- RE: visa XSS? Knarr, Joshua (Dec 23)
- Re: visa XSS? Scott Anderson (Dec 23)
- RE: visa XSS? Bill Royds (Dec 23)
(Thread continues...)
- Re: visa XSS? Mauro Flores (Dec 23)