InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

winbank XSS exception

https://forums.informaction.com/viewtopic.php?t=21301

Page 1 of 1

winbank XSS exception

Posted: Sun Oct 04, 2015 11:26 am
by gvp
I get he following error in my console

Code: Select all

[NoScript XSS] Sanitized suspicious upload to [https://ebanking.winbank.gr/Login.aspx###DATA###something_here.+something_here] from [https://www.winbank.gr/el/Pages/Home.aspx]: transformed into a download-only GET request.
Which exception is safer

^https?://([a-z]+)\.winbank\.(?:[a-z]{1,3}\.)?[a-z]
or
^@https://[a-z]+\.winbank\.gr/

both of them work ...

Re: winbank XSS exception

Posted: Sun Oct 04, 2015 12:00 pm
by Giorgio Maone
gvp wrote: ^@https://[a-z]+\.winbank\.gr/
This one, which authorizes https://*.winbank.gr to bypass the filter when loading another resource.

Re: winbank XSS exception

Posted: Sun Oct 04, 2015 8:13 pm
by gvp
thank you ...
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited