Hacking banks for fun and profit - My first blog post
#1
Quote:https://ret2libc.wordpress.com/2016/01/0...nd-profit/
Reply
#2
Wow a lot of times I see large sites and I don't even bother poking around but as you've discovered even the biggest high risk sites have gaping holes. I love it. Great article.
Reply
#3
Very interesting article, nice find on the vulnerabilities MLT. The "data:base64" trick to display web content was a trick I was unaware of, that is something I'll keep in the back of my head next time I find stuff like this on my own Smile
Reply
#4
(01-04-2016, 05:35 AM)Insider Wrote: Very interesting article, nice find on the vulnerabilities MLT. The "data:base64" trick to display web content was a trick I was unaware of, that is something I'll keep in the back of my head next time I find stuff like this on my own Smile

in some cases with a redirect you can set the path to javascript:alert(0) and that will also work, there's more of a chance of it throwing a corrupted content error than a redirect to a data: uri, but on the other hand this method will work in both chrome and firefox in pretty much 99% of cases, whereas redirecting to a uri will only work in maybe 10% of cases for chrome
Reply
#5
(01-03-2016, 06:14 PM)MLT Wrote:
Quote:https://ret2libc.wordpress.com/2016/01/0...nd-profit/

Great write up MLT, the LFI vulnerabilities method was sheer brilliance great job. What sort of a response do you frequently get when reporting these things in?
Reply
#6
I never would've thought of finding vulnerabilities on a bank site. I always felt that their security was pretty much Fort Knox.
Reply
#7
A good reminder to never make assumptions about security, nice job!
Reply
#8
(01-06-2016, 04:35 PM)CW-1 Wrote: A good reminder to never make assumptions about security, nice job!

That is true. I've found vulnerabilities where I thought I'd never find them.
Reply
#9
Damn, I'm reading this and this ridiculous. Nice though aha
Reply
#10
Amazing stuff.
Great job!

I really liked the PDF part that was letting you poke around their system.

In fact, I googled that parameter and found another site using it.
www.mandasoldiacasa.it/en/corridorgenpdf?url=

I tried using facebook as a parameter and it successfully downloaded the pdf version of the webpage.
Put a file:/etc/hosts after the url, and viola! It worked.

http://www.mandasoldiacasa.it/en/corrido...etc/passwd

Maybe this is a widget from a specific vendor? I mean, this web also seems to be money/bank related.


I did not not report this vulnerability seeing as this is your find and your credit.
However, I would advise you to report it as soon as possible.

Cheers!

Another quick update.

http://www.worldbank.org/en/corridorgenp.../etc/hosts

Its a little messy to explain what I did there but have a glance.
If the file exists, you get a transaction ID error. If not, you get a 404.

Interesting. Wink
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] Request header MySQL injection using netcat and burp suite Insider 0 474 06-16-2020, 02:53 AM
Last Post: Insider
  would this be a good way to start web hacking? QMark 19 6,941 04-04-2020, 06:28 AM
Last Post: QMark
  Basics of website and server hacking Insider 0 1,522 03-26-2020, 09:34 PM
Last Post: Insider
  is my site secure from common hacking? mhiats37 1 2,173 05-11-2019, 03:03 AM
Last Post: misfit