Hacking banks for fun and profit - My first blog post

[MLT]

https://ret2libc.wordpress.com/2016/01/0...nd-profit/

[NO-OP]

Wow a lot of times I see large sites and I don't even bother poking around but as you've discovered even the biggest high risk sites have gaping holes. I love it. Great article.

[Insider]

Very interesting article, nice find on the vulnerabilities MLT. The "data:base64" trick to display web content was a trick I was unaware of, that is something I'll keep in the back of my head next time I find stuff like this on my own

[MLT]

Very interesting article, nice find on the vulnerabilities MLT. The "data:base64" trick to display web content was a trick I was unaware of, that is something I'll keep in the back of my head next time I find stuff like this on my own

in some cases with a redirect you can set the path to javascript:alert(0) and that will also work, there's more of a chance of it throwing a corrupted content error than a redirect to a data: uri, but on the other hand this method will work in both chrome and firefox in pretty much 99% of cases, whereas redirecting to a uri will only work in maybe 10% of cases for chrome

[Peas]

https://ret2libc.wordpress.com/2016/01/0...nd-profit/

Great write up MLT, the LFI vulnerabilities method was sheer brilliance great job. What sort of a response do you frequently get when reporting these things in?

[kingofsalt]

I never would've thought of finding vulnerabilities on a bank site. I always felt that their security was pretty much Fort Knox.

[CW-1]

A good reminder to never make assumptions about security, nice job!

[kingofsalt]

A good reminder to never make assumptions about security, nice job!

That is true. I've found vulnerabilities where I thought I'd never find them.

[Jay]

Damn, I'm reading this and this ridiculous. Nice though aha

[Prometheus.]

Amazing stuff.
Great job!

I really liked the PDF part that was letting you poke around their system.

In fact, I googled that parameter and found another site using it.
www.mandasoldiacasa.it/en/corridorgenpdf?url=

I tried using facebook as a parameter and it successfully downloaded the pdf version of the webpage.
Put a file:/etc/hosts after the url, and viola! It worked.

http://www.mandasoldiacasa.it/en/corrido...etc/passwd

Maybe this is a widget from a specific vendor? I mean, this web also seems to be money/bank related.


I did not not report this vulnerability seeing as this is your find and your credit.
However, I would advise you to report it as soon as possible.

Cheers!

---

Another quick update.

http://www.worldbank.org/en/corridorgenp.../etc/hosts

Its a little messy to explain what I did there but have a glance.
If the file exists, you get a transaction ID error. If not, you get a 404.

Interesting.