Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Title: Hacking
Description: It's a complete notes on Banking Flaws of Ethical Hacking
Description: It's a complete notes on Banking Flaws of Ethical Hacking
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
By: webDEViL
Email: w3bd3vil [at] gmail [dot] com
Written: 20th Oct, 2008
Discovered: Somwhere in March, 2008
Internet Banking Flaws in India
This paper talks about the primitve POST manipulation vulnerabilities that still exist in the Indian
Banking Sector
...
This vulnerability has a huge effect, all related to Indian Banks
...
POST /index
...
1
Host: 192
...
9
...
0 (X11; U; Linux i686; enUS; rv:1
...
0
Accept: text/html,application/xhtml+xml,application/xml;q=0
...
8
AcceptLanguage: enus,en;q=0
...
7,*;q=0
...
168
...
231/
Cookie: ASPSESSIONIDCARADCQD=NBAFPHOAIECLLFGDIDNIGJFI
ContentType: application/xwwwformurlencoded
ContentLength: 43
x=165&y=134&Username=test&Password=test
Lets start off with the an example of how Internet Banking works
...
With
that you have your debit card of which certain details are required while doing a purchase online
...
in, start shopping and search for and buy a candy
...
The payment!
While paying you have options to select from credit card, cheque etc
...
So, one selects the Online Banking
option and is redirected to the banks site
...
The data is all the details of the purchase
that you make
...
So we could very
well manipulate the data and set the price value to like Rs 1 (US $ 0
...
Upon changing the values
the bank raises no question marks and our payment gets accepted and we are redirected back to
xxxx
...
POST /BANKAWAY?IWQRYTASKOBJNAME=bay_mc_login&BAY_BANKID=ICI HTTP/1
...
msxpsdocument,
application/xaml+xml, */*
AcceptLanguage: enus
ContentType: application/xwwwformurlencoded
UACPU: x86
AcceptEncoding: gzip, deflate
UserAgent: Mozilla/4
...
0; Windows NT 5
...
NET CLR 2
...
50727;
...
0
...
648;
...
5
...
icicibank
...
in
Connection: KeepAlive
CacheControl: nocache
Referer: http://www
...
com/epay/payICICI
...
00&CRN=INR&RU=http%3A%2F%2Fwww
...
com%2Fepay
%2FEftPay
...
But our payment never gets accepted as the payment is actually not
made and the rejection mail comes in after a few days
...
There is more to it
...
in the site doesnt have integration
directly with a bank but they still offer payment through online banking, How? Easy, by being a
merchant at one of the payment gateways like ccavenue
...
There are quite a few, I cannot
remember the others
...
I browse off to yyyyy
...
Jumping to the payment we have an option of Online
Banking and asusual I select that
...
DOING DOING DOING!
Ok, so there is a clear cut difference on how things operate in the two cases
...
in > Bank
2 yyyyy
...
In case two thats not the case ;)
...
Now, if I were to modify the POST (sometimes its GET also) data being sent from the shopping site
yyyyy
...
My payment would get accepted but the transaction would be
rejected after a few days
...
The direct realtion here is between
yyyyy
...
Now, I buy a ticket from yyyyy
...
The bank accepts it and redirects me to the
payment gateway which says the payment is done
...
The payment gateway acts as
the MiTM ;) The POST header being passed from the Payment Gateway to the Bank is modified
...
Even if the amount is passed through, like in some sites like ebay
...
Your payment does
get accepted with the yellow bar appearing below your order, but ebay(
...
So, tough luck
...
I have confirmed its existence on Spicejet
...
com and using the Ccavenue
...
The security in our Banking sector might be good enough but there they miss out on the basics, I
guess!
Another example of how things go about in the Banking Sector here is a look at Jammu and
Kashmir Bank
...
net has the IP address: 68
...
156
...
178
...
75
1) (cut)
2) BURNHALLSCHOOL
...
NET
4) (cut)
5) (cut)
6) (cut)
7) albasons
...
com
9) bioinfoku
...
net
11) habibcomputers
...
com
13) hotellidder
...
com
15) jammuandkashmirbank
...
net
17) jkccc
...
com
19) jkwdc
...
Well,
after that there is nothing much to tell
...
This happened on the form where you enter your
credit card details
...
Probably some bot spoiled the fun for them and then they realised their mistake and changed the
way that operates
...
Hopefully we will develop soon enough
Title: Hacking
Description: It's a complete notes on Banking Flaws of Ethical Hacking
Description: It's a complete notes on Banking Flaws of Ethical Hacking