Description: Early this year, Citi-Bank introduced the concept of Virtual Keyboard to defend against malicious programs like keyloggers, Trojans and spywares etc. However, the Virtual Keyboard concept can be easily defeated by using Win32 APIs to access HTML documents. Refer the PoC (Proof of Concept) for more details.
More details can be found at:
http://xforce.iss.net/xforce/xfdb/21727
http://www.us-cert.gov/cas/bulletins/SB05-222.html
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=17684
http://www.virus.org/Article151.html
Download link of the PoC:
http://www.hackingspirits.com/vuln-rnd/defeat-citibank-vk.zip
0 comments:
Post a Comment