Sunday, September 10, 2017

XSS - Santander Totta Portal (2014) - Full Disclosure

Back in 2014 I found a serious XSS vulnerability at Santander Totta Portal. This flaw allowed attackers to create high phishing schemes and highjack bank accounts.
At the time of reporting this issue, Santander Totta ignored the problem, for months, after Portuguese social media confront them with this situation. Exame Informatica and Visão published articles calling their attention for the problem that was fixed right after. 
Today I fully disclose this situation, as it won’t bring any problems to the bank, as they changed their platform.

This is a lesson to all the companies who receive free reports every day. Do not ignore the reports you receive from researchers. They dedicate their free time to protect the internet at no cost. If you don’t know what to do, reply to them and ask for help, they will certainly redirect you to competent services.

You can watch this vulnerability being exploited on the video bellow. Sorry for the bad quality.



  1. Lucky 88 slot machine for beginners: Review - Casino In Japan
    In short, lucky 88 slot machine is ラッキーニッキー a good game to play. The slot is played on a high-quality grid and has a lot of features and 퍼스트카지노 rules. 188bet The

  2. This platform is accessible from all mainstream working techniques, including Android, iOS, Windows, and Huawei. There are over four hundred titles available and you may declare generous bonuses starting along with your first crypto or USD deposit. There are just a few tablet casinos which are be} authorized within the US. Throughout this information, we have listed the most effective offshore tablet 우리카지노 casino apps which are be} available across the country.

  3. The home benefit is 100% minus the 먹튀검증 abc-1111 payout proportion. Meaning, find a way to|you presumably can} maintain one card or extra, and substitute the remaining with new playing cards. The extra you train, the upper your possibilities of profitable.