Sunday, September 10, 2017

XSS - Santander Totta Portal (2014) - Full Disclosure

Back in 2014 I found a serious XSS vulnerability at Santander Totta Portal. This flaw allowed attackers to create high phishing schemes and highjack bank accounts.
At the time of reporting this issue, Santander Totta ignored the problem, for months, after Portuguese social media confront them with this situation. Exame Informatica and Visão published articles calling their attention for the problem that was fixed right after. 
Today I fully disclose this situation, as it won’t bring any problems to the bank, as they changed their platform.

This is a lesson to all the companies who receive free reports every day. Do not ignore the reports you receive from researchers. They dedicate their free time to protect the internet at no cost. If you don’t know what to do, reply to them and ask for help, they will certainly redirect you to competent services.

You can watch this vulnerability being exploited on the video bellow. Sorry for the bad quality.



Share:

2 comments:

  1. Lucky 88 slot machine for beginners: Review - Casino In Japan
    In short, lucky 88 slot machine is ラッキーニッキー a good game to play. The slot is played on a high-quality grid and has a lot of features and 퍼스트카지노 rules. 188bet The

    ReplyDelete
  2. Harrah's Cherokee Casino & Hotel - MapYRO
    Find your 토토 사이트 도메인 way around the casino, 출장샵 find where everything is located with the most good air jordan 12 retro up-to-date information about Harrah's Cherokee 사이트 추천 Casino & Hotel in Cherokee, NC. cheap retro jordans

    ReplyDelete