------=_Part_8324_496004.1123943920825
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Full-Disclosure,
I'm here to report an XSS vulnerability in one of Citibank's websites.
I actually found this at a log in screen, but it's on an obscure sub domain=
=20
so I don't beleive that much cookie stealing can be done from it.
Phishing, however, oh good lord yes. The phishing possbilities for this XSS=
=20
vulnerability are immense (did I mention the site was SSL'd?).

Anyway, I informed citibank through e-mail (no response), posted it on my=
=20
blog (no response, no fix..) and now I'll post it here.
I've had luck on FD in contacting BankOfAmerica employees in the past, so=
=20
maybe there are a few Citibank admins listening? Let's hope so.

Here's the URL:

https://cukehb4.cd.citibank.co.uk/CappWebApp/capp/action/lang.do?languageco=
de=3D1&countrycode=3D<HTML
GOES HERE>&servicecode=3Dsignon&TS=3D1119807930296

And here's an outline (+screenshot) for if/when they fix it:

http://wheresthebeef.co.uk/show.php/xss/citibank.co.uk.html

------=_Part_8324_496004.1123943920825
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Full-Disclosure,<br>
I'm here to report an XSS vulnerability in one of Citibank's websites.<br>
I actually found this at a log in screen, but it's on an obscure sub
domain so I don't beleive that much cookie stealing can be done from it.<br=
>
Phishing, however, oh good lord yes. The phishing possbilities for this
XSS vulnerability are immense (did I mention the site was SSL'd?).<br>
<br>
Anyway, I informed citibank through e-mail (no response), posted it on
my blog (no response, no fix..) and now I'll post it here.<br>
I've had luck on FD in contacting BankOfAmerica employees in the past,
so maybe there are a few Citibank admins listening? Let's hope so.<br>
<br>
Here's the URL:<br>
<br>
<a href=3D"https://cukehb4.cd.citibank.co.uk/CappWebApp/capp/action/lang.do=
?languagecode=3D1&amp;countrycode=3D">https://cukehb4.cd.citibank.co.uk/Cap=
pWebApp/capp/action/lang.do?languagecode=3D1&amp;countrycode=3D</a><span st=
yle=3D"font-weight: bold;">
&lt;HTML GOES HERE&gt;</span>&amp;servicecode=3Dsignon&amp;TS=3D11198079302=
96<br>
<br>
And here's an outline (+screenshot) for if/when they fix it:<br>
<br>
<a href=3D"http://wheresthebeef.co.uk/show.php/xss/citibank.co.uk.html">htt=
p://wheresthebeef.co.uk/show.php/xss/citibank.co.uk.html</a><br>
<br>
<br>

------=_Part_8324_496004.1123943920825--