InformAction Forums

Posted: **Mon Aug 24, 2015 8:08 am**

Can you please check this site?
https :// ebanking .eurobank.gr /ebanking/login.faces

Posted: **Mon Aug 24, 2015 2:20 pm**

Posted: **Mon Aug 24, 2015 4:40 pm**

Smells spammy to me...
Broke the link in any case.

@maxer: You have until tomorrow to clarify the issue, and if you do not do so satisfactorily we will delete this thread as spam.

Posted: **Mon Aug 24, 2015 10:11 pm**

Sorry not clear enough.

So, I disconnect from firefox sync, reset settings in noscript plugin and when I visit *only* the site above, it tries to open/save a part of script code I think.
If I disable the plugin, all is ok.

Could you help?
Thank you

PS: you souldn't trust your nose!

Posted: **Mon Aug 24, 2015 10:50 pm**

In addition the message:

which of course shows up after I allow scripts in eurobank.gr

Posted: **Tue Aug 25, 2015 12:10 am**

Hmm, that's weird. So if you Allow Scripts Globally does it also happen?
Any related messages in the Browser Console (Ctrl-Shift-J) when it happens?

maxer wrote:PS: you souldn't trust your nose!

Meh, stupid allergies have it all stuffed up & I can't tell what's what

Posted: **Tue Aug 25, 2015 7:19 am**

barbaz wrote:Hmm, that's weird. So if you Allow Scripts Globally does it also happen?

Yes, it happens.

Any related messages in the Browser Console (Ctrl-Shift-J) when it happens?

Not sure if it is what you need to see:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in qp=si=1&e=https://ebanking.eurobank.gr&LSESSIONID=jLd1o6Uf5YkncyaHKhIt3DwPqPuSpnzRU0G2EXavFtPX08UvPspx5MKlf26U3I4PREmdHKAvgBceKVibfg==&t=xpost&pd=d=JTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRnN3Zm9i
[NoScript XSS]: sanitized window.name, "qp=si%3D1%26e%3Dhttps%253A%252F%252Febanking.eurobank.gr%26LSESSIONID%3DjLd1o6Uf5YkncyaHKhIt3DwPqPuSpnzRU0G2EXavFtPX08UvPspx5MKlf26U3I4PREmdHKAvgBceKVibfg%253D%253D%26t%3Dxpost&pd=d%3DJTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2lu
https://yhs.eurobank.gr/eurobankcache/sadf.html?
about:blank
SyntaxError: unreachable code after return statement jquery.js.faces:246:18
TypeError: q is null lastpass.js:1042:292
[NoScript InjectionChecker] JavaScript Injection in qp=si=1&e=https://ebanking.eurobank.gr&LSESSIONID=jLd1o6Uf5YkncyaHKhIt3DwPqPuSpnzRU0G2EXavFtPX08UvPspx5MKlf26U3I4PREmdHKAvgBceKVibfg==&t=xpost&pd=d=JTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRnN3Zm9i
[NoScript XSS]: sanitized window.name, "qp=si%3D1%26e%3Dhttps%253A%252F%252Febanking.eurobank.gr%26LSESSIONID%3DjLd1o6Uf5YkncyaHKhIt3DwPqPuSpnzRU0G2EXavFtPX08UvPspx5MKlf26U3I4PREmdHKAvgBceKVibfg%253D%253D%26t%3Dxpost&pd=d%3DJTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2lu
https://yhs.eurobank.gr/eurobankcache/sadf.html?
javascript:%20false;
Using //@ to indicate sourceURL pragmas is deprecated. Use //# instead rs=AGLTcCO1-caRQi1vAcPxcufbx1g1JHQ13w:87:0
Using //@ to indicate sourceURL pragmas is deprecated. Use //# instead rs=AGLTcCO1-caRQi1vAcPxcufbx1g1JHQ13w:224:0
Using //@ to indicate sourceURL pragmas is deprecated. Use //# instead rs=AGLTcCO1-caRQi1vAcPxcufbx1g1JHQ13w:1387:0
[NoScript InjectionChecker] JavaScript Injection in qp=si=1&e=https://ebanking.eurobank.gr&LSESSIONID=jLd1pqMd54QvdCaHKh8q2D4NpPOSpnzRU0G2EXavFtPX08UvPspx5MKlf26U14kOQk+eGKAjjBQYKF6V&t=xpost&pd=d=JTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRnN3Zm9iamVj
[NoScript XSS]: sanitized window.name, "qp=si%3D1%26e%3Dhttps%253A%252F%252Febanking.eurobank.gr%26LSESSIONID%3DjLd1pqMd54QvdCaHKh8q2D4NpPOSpnzRU0G2EXavFtPX08UvPspx5MKlf26U14kOQk%252BeGKAjjBQYKF6V%26t%3Dxpost&pd=d%3DJTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uc2NyaXB0JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmE0aiUyNTJGZyUyNTJGM18zXzMuRmluYWxvcmcuYWpheDRqc2YuamF2YXNjcmlwdC5BamF4U2NyaXB0LmZhY2VzJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIxJTI1MkMlMjUyMiUyNTJGZWJhbmtpbmclMjUyRmpzJTI1MkZqcXVlcnkuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmpxdWVyeS5jcnlwdG8uanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjMlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJGanMlMjUyRmJyb3dzZXJEZXRlY3QuanMlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjQlMjUyQyUyNTIyJTI1MkZlYmFua2luZyUyNTJG
https://yhs.eurobank.gr/eurobankcache/sadf.html?
javascript:%20false;
TypeError: q is null lastpass.js:1042:292
TypeError: can't access dead object lastpass.js:1070:44

Thank you.

Posted: **Tue Aug 25, 2015 8:50 am**

Same here since yesterday
Part of the script

Code: Select all

javascript__(function(){function i(){if(typeof XMLHttpRequest!='undefined'){return new XMLHttpRequest()}try{return new ActiveXObject(_Msxml2.XMLHTTP_)}catch(e){try{return new ActiveXObject(_.join(_&_)}function k(a){var b={},c=(a
…

When Allow Globally the same
Only solution to disable

Posted: **Tue Aug 25, 2015 2:16 pm**

Please try disabling the XSS filter & see if that helps (note that this is *not* a solution, just a test!):
NoScript Options > Advanced > XSS, un-check both the checkboxes

Posted: **Tue Aug 25, 2015 2:41 pm**

YEP it works
disabling the XSS filter (both sanitizing & turn cross)
You can check it yourself, no need to login.
Just go to the welcome page, https://ebanking.eurobank.gr/ebanking/login.faces
there is a looong delay, browser freezes, cursor, tabs…

Posted: **Tue Aug 25, 2015 2:44 pm**

Disabling XSS filter works.
So, do we need to put an XSS exception for this site?

Posted: **Tue Aug 25, 2015 8:54 pm**

I'm really not sure what would be the actual solution here.

@Thrawn: any advice as to whether an XSS exception is safe, & if so what XSS exception to be made?

Posted: **Tue Aug 25, 2015 10:51 pm**

Till Thrawn's jump,

Code: Select all

^https://([a-z]+)\.eurobank\.gr/

is it ok as an exception? It seems to work.

Posted: **Tue Aug 25, 2015 11:05 pm**

Eww, they're polluting window.name! Look at the second line of the console output.

This is *not* a safe practice. If you can leave the XSS filter on, then please do. Otherwise, maybe create a separate profile to do your banking, and don't visit any other sites in that profile.

Posted: **Tue Aug 25, 2015 11:06 pm**

*If* an XSS exception is the way to go.
That one doesn't look safe to me - it's allowing *all* site to XSS eurobank.

However the regexp matching the address looks like the best that can be done.

Does this exception work?

Code: Select all

^@https://[a-z]+\.eurobank\.gr/

If so it's safer because rather than allowing all sites to XSS eurobank, it's allowing eurobank to XSS anything.

(I'd suggest removing the unneeded parentheses in any case.)

EDIT Again, note that an XSS exception may not be a good answer here - see Thrawn's post above which collided with mine.

InformAction Forums

eurobank e-banking

eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking

Re: eurobank e-banking