http://securethoughts.com/2009/03/phishing-with-non-scriptable-user-input/ Inferno's Blog on Application Security Fri, 02 Apr 2010 17:28:55 -0700 http://wordpress.org/?v=abc hourly 1 http://securethoughts.com/2009/03/phishing-with-non-scriptable-user-input/comment-page-1/#comment-70 David Sun, 07 Jun 2009 08:30:27 +0000 http://securethoughts.com/?p=184#comment-70 Most vendors and admins think that XSS is a joke and they keep it un-patched. According a past study I made, 6 on 10 online banks are vulnerable to a XSS attack and could be used to inject a HTML form to spoof the login. Nice article, as always. Most vendors and admins think that XSS is a joke and they keep it un-patched. According a past study I made, 6 on 10 online banks are vulnerable to a XSS attack and could be used to inject a HTML form to spoof the login.
Nice article, as always.

]]> http://securethoughts.com/2009/03/phishing-with-non-scriptable-user-input/comment-page-1/#comment-29 Tukimin Sun, 15 Mar 2009 13:58:54 +0000 http://securethoughts.com/?p=184#comment-29 I remember when i raised this as a vulnerability issue (phishing) i had an argument with the vendor (owner of the application) as they think this is not even a low risk issue! funny huh I remember when i raised this as a vulnerability issue (phishing) i had an argument with the vendor (owner of the application) as they think this is not even a low risk issue! funny huh

]]>