Phishing vulnerability reported at American Express site
December 5th, 2006 by Juha-Matti, Filed under: Web, Commentary, Phishing
The most important thing first:
The researcher Andrea Giuliani, 16 years old geek from Italy, has contacted credit card giant about the flaw.
The problem is that intl_ads_redirect.jsp enables redirecting outside of American Express domain too (!), i.e. .jsp?location=http://www.phishingsite.com
Link to the Andrea’s Italian language blog entry:
andreagiuliani.com/2006/12/04/vulnerabilita-su-sito-american-express-possibile-attacco-phishing/
More information and sample links here:
vincenzoampolo.nanofreesoft.org/?p=46
Yeah, Italian entry again. But www.google.com/translate_t will help You.
No need to say that the second example uses location=%68%74%74%70%3A%2F%2F…
I have confirmed with phone and e-mail on Monday that AMEX is aware.
-
Is your site safe from XSS Attacks? Use Active Network Scanning to protect your network!
Subscribe
Subscribe
Thanks
Ciao
Andrea Giuliani
malorn over at http://sla.ckers.org/forum/read.php?3,505,page=6 disclosed a very similar (i.e different page name) vunerability within the amercian expresss domain back in november.
http://www109.americanexpress.com/rightp/ads_redirect.jsp?location=http://www.cnn.com
maluc (also at sla.ckers.org) later xss’d it (still vunerable) http://www109.americanexpress.com/rightp/ads_redirect.jsp?location=http://%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
As for the url Andrea is talking about it is also xss vunerable
http://www109.americanexpress.com/rightp/intl_ads_redirect.jsp?location=http://%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E