SecuriTeam Blogs » Phishing vulnerability reported at American Express site

Phishing vulnerability reported at American Express site

December 5th, 2006 by Juha-Matti, Filed under: Commentary, Phishing, Web

The most important thing first:

The researcher Andrea Giuliani, 16 years old geek from Italy, has contacted credit card giant about the flaw.

The problem is that intl_ads_redirect.jsp enables redirecting outside of American Express domain too (!), i.e. .jsp?location=http://www.phishingsite.com

Link to the Andrea’s Italian language blog entry:

andreagiuliani.com/2006/12/04/vulnerabilita-su-sito-american-express-possibile-attacco-phishing/

More information and sample links here:

vincenzoampolo.nanofreesoft.org/?p=46

Yeah, Italian entry again. But www.google.com/translate_t will help You.

No need to say that the second example uses location=%68%74%74%70%3A%2F%2F…

I have confirmed with phone and e-mail on Monday that AMEX is aware.

http://www.andreagiuliani.com Andrea Giuliani

Thanks

Ciao
Andrea Giuliani
digi7al64

malorn over at http://sla.ckers.org/forum/read.php?3,505,page=6 disclosed a very similar (i.e different page name) vunerability within the amercian expresss domain back in november.

http://www109.americanexpress.com/rightp/ads_redirect.jsp?location=http://www.cnn.com

maluc (also at sla.ckers.org) later xss’d it (still vunerable) http://www109.americanexpress.com/rightp/ads_redirect.jsp?location=http://%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

As for the url Andrea is talking about it is also xss vunerable

http://www109.americanexpress.com/rightp/intl_ads_redirect.jsp?location=http://%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

Phishing vulnerability reported at American Express site

Categories

More Securiteam

New

Comments

Admin