eurobank e-banking

maxer · Post by **maxer** » Mon Aug 24, 2015 8:08 am

Can you please check this site?
https :// ebanking .eurobank.gr /ebanking/login.faces

Post by **therube** » Mon Aug 24, 2015 2:20 pm

Post by **barbaz** » Mon Aug 24, 2015 4:40 pm

Smells spammy to me...
Broke the link in any case.

@maxer: You have until tomorrow to clarify the issue, and if you do not do so satisfactorily we will delete this thread as spam.

maxer · Post by **maxer** » Mon Aug 24, 2015 10:11 pm

Sorry not clear enough.

So, I disconnect from firefox sync, reset settings in noscript plugin and when I visit *only* the site above, it tries to open/save a part of script code I think.
If I disable the plugin, all is ok.

Could you help?
Thank you

PS: you souldn't trust your nose!

maxer · Post by **maxer** » Mon Aug 24, 2015 10:50 pm

In addition the message:

which of course shows up after I allow scripts in eurobank.gr

Post by **barbaz** » Tue Aug 25, 2015 12:10 am

Hmm, that's weird. So if you Allow Scripts Globally does it also happen?
Any related messages in the Browser Console (Ctrl-Shift-J) when it happens?

maxer wrote:PS: you souldn't trust your nose!

Meh, stupid allergies have it all stuffed up & I can't tell what's what

maxer · Post by **maxer** » Tue Aug 25, 2015 7:19 am

barbaz wrote:Hmm, that's weird. So if you Allow Scripts Globally does it also happen?

Yes, it happens.

Any related messages in the Browser Console (Ctrl-Shift-J) when it happens?

Not sure if it is what you need to see:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in qp=si=1&e=https://ebanking.eurobank.gr&LSESSIONID=jLd1o6Uf5YkncyaHKhIt3DwPqPuSpnzRU0G2EXavFtPX08UvPspx5MKlf26U3I4PREmdHKAvgBceKVibfg==&t=xpost&pd=d=JTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRnN3Zm9i
[NoScript XSS]: sanitized window.name, "qp=si%3D1%26e%3Dhttps%253A%252F%252Febanking.eurobank.gr%26LSESSIONID%3DjLd1o6Uf5YkncyaHKhIt3DwPqPuSpnzRU0G2EXavFtPX08UvPspx5MKlf26U3I4PREmdHKAvgBceKVibfg%253D%253D%26t%3Dxpost&pd=d%3DJTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2lu
https://yhs.eurobank.gr/eurobankcache/sadf.html?
about:blank
SyntaxError: unreachable code after return statement jquery.js.faces:246:18
TypeError: q is null lastpass.js:1042:292
[NoScript InjectionChecker] JavaScript Injection in qp=si=1&e=https://ebanking.eurobank.gr&LSESSIONID=jLd1o6Uf5YkncyaHKhIt3DwPqPuSpnzRU0G2EXavFtPX08UvPspx5MKlf26U3I4PREmdHKAvgBceKVibfg==&t=xpost&pd=d=JTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRnN3Zm9i
[NoScript XSS]: sanitized window.name, "qp=si%3D1%26e%3Dhttps%253A%252F%252Febanking.eurobank.gr%26LSESSIONID%3DjLd1o6Uf5YkncyaHKhIt3DwPqPuSpnzRU0G2EXavFtPX08UvPspx5MKlf26U3I4PREmdHKAvgBceKVibfg%253D%253D%26t%3Dxpost&pd=d%3DJTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2lu
https://yhs.eurobank.gr/eurobankcache/sadf.html?
javascript:%20false;
Using //@ to indicate sourceURL pragmas is deprecated. Use //# instead rs=AGLTcCO1-caRQi1vAcPxcufbx1g1JHQ13w:87:0
Using //@ to indicate sourceURL pragmas is deprecated. Use //# instead rs=AGLTcCO1-caRQi1vAcPxcufbx1g1JHQ13w:224:0
Using //@ to indicate sourceURL pragmas is deprecated. Use //# instead rs=AGLTcCO1-caRQi1vAcPxcufbx1g1JHQ13w:1387:0
[NoScript InjectionChecker] JavaScript Injection in qp=si=1&e=https://ebanking.eurobank.gr&LSESSIONID=jLd1pqMd54QvdCaHKh8q2D4NpPOSpnzRU0G2EXavFtPX08UvPspx5MKlf26U14kOQk+eGKAjjBQYKF6V&t=xpost&pd=d=JTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRnN3Zm9iamVj
[NoScript XSS]: sanitized window.name, "qp=si%3D1%26e%3Dhttps%253A%252F%252Febanking.eurobank.gr%26LSESSIONID%3DjLd1pqMd54QvdCaHKh8q2D4NpPOSpnzRU0G2EXavFtPX08UvPspx5MKlf26U14kOQk%252BeGKAjjBQYKF6V%26t%3Dxpost&pd=d%3DJTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJG
https://yhs.eurobank.gr/eurobankcache/sadf.html?
javascript:%20false;
TypeError: q is null lastpass.js:1042:292
TypeError: can't access dead object lastpass.js:1070:44

Thank you.

gpap · Post by **gpap** » Tue Aug 25, 2015 8:50 am

Same here since yesterday
Part of the script

Code: Select all

javascript__(function(){function i(){if(typeof XMLHttpRequest!='undefined'){return new XMLHttpRequest()}try{return new ActiveXObject(_Msxml2.XMLHTTP_)}catch(e){try{return new ActiveXObject(_.join(_&_)}function k(a){var b={},c=(a
…

When Allow Globally the same
Only solution to disable

Post by **barbaz** » Tue Aug 25, 2015 2:16 pm

Please try disabling the XSS filter & see if that helps (note that this is *not* a solution, just a test!):
NoScript Options > Advanced > XSS, un-check both the checkboxes

gpap · Post by **gpap** » Tue Aug 25, 2015 2:41 pm

YEP it works
disabling the XSS filter (both sanitizing & turn cross)
You can check it yourself, no need to login.
Just go to the welcome page, https://ebanking.eurobank.gr/ebanking/login.faces
there is a looong delay, browser freezes, cursor, tabs…

maxer · Post by **maxer** » Tue Aug 25, 2015 2:44 pm

Disabling XSS filter works.
So, do we need to put an XSS exception for this site?

Post by **barbaz** » Tue Aug 25, 2015 8:54 pm

I'm really not sure what would be the actual solution here.

@Thrawn: any advice as to whether an XSS exception is safe, & if so what XSS exception to be made?

maxer · Post by **maxer** » Tue Aug 25, 2015 10:51 pm

Till Thrawn's jump,

Code: Select all

^https://([a-z]+)\.eurobank\.gr/

is it ok as an exception? It seems to work.

Post by **Thrawn** » Tue Aug 25, 2015 11:05 pm

Eww, they're polluting window.name! Look at the second line of the console output.

This is *not* a safe practice. If you can leave the XSS filter on, then please do. Otherwise, maybe create a separate profile to do your banking, and don't visit any other sites in that profile.

Post by **barbaz** » Tue Aug 25, 2015 11:06 pm

*If* an XSS exception is the way to go.
That one doesn't look safe to me - it's allowing *all* site to XSS eurobank.

However the regexp matching the address looks like the best that can be done.

Does this exception work?

Code: Select all

^@https://[a-z]+\.eurobank\.gr/

If so it's safer because rather than allowing all sites to XSS eurobank, it's allowing eurobank to XSS anything.

(I'd suggest removing the unneeded parentheses in any case.)

EDIT Again, note that an XSS exception may not be a good answer here - see Thrawn's post above which collided with mine.

InformAction Forums

eurobank e-banking

eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking