Bank of Brazil Multiple Security Bugs
CXSECURITY
https://t.co/KTtxDyM6Cb
-------------------------
Time Line Security
-------------------------
10-05-2018 First Security Advisory Not Response
18-05-2018 Second Security Advisory Not Response
22-05-2018 Third Security Advisory Not Response
25-05-2018 Forth Security Advisory Not Response
29-05-2018 - Full Disclosure Not Reponse
---------------------------------------------------------------
|||||
|||||
|||||
\ /
º
CxSecurity and PacketStorm have this information but
I dont´t know why i Haven´t any response about this
Advisries
For all these reasons, I have to
make a disclosure of the extremely
serious security falols.
I have gone through all the steps so that
this notice has a responsible disclosure, and as
both the companies and the bank have the information
of the failures of the Bank of Brazil, and once a more
reasonable time has passed, I think that the disclosure
responsible occurs in these momnetos.
IF the companies have not published for the excess of
work that they have, I understand it and for that reason,
I made the safety notice from the bloh of habemus course.
-----------------------------
FULL DISCLOSURE
-----------------------------
The bank currently has more than 30 security failures, so I leave these security flaws in the report,
but putting them all makes no sense. They need a Penetration Test,
Continuous Cycle,Code Review
and for the huge failures,the ç
severity causes the faults to be fixed as quickly as possible
===========================================================
Bank of Brazil Multiple security Flaws
===========================================================
I. VULNERABILITY
----------------------------
#Title: Bank of Brazil Multiple security Flaws
#Vendor:Bank Of Brasil
#Author:Juan Carlos García (@secnight)
Special Thanks Vertigosistems
https://www.vertigosistems.com/
Follow me Twitter:@secnight
http://habemuscurso.blogspot.com
http://hackingmadrid.blogspot.com
II. DESCRIPTION
-------------------------
Banco do Brasil S.A. (English: Bank of Brazil) is the second largest bank
by assets in Brazil and all of Latin America. The bank, headquartered in
Brasília, was founded in 1808 and is the oldest active bank in Brazil,
even older than the country's central bank.
It is also one of the oldest banks in continuous
operation in the world.
Banco do Brasil is controlled by the Brazilian government but its
stock is traded on the São Paulo Stock Exchange and its management follows
standard international banking practices (Basel Accords).
Since 2000 it has been one of the four most-profitable
Brazilian banks (the others being Itaú Unibanco, Bradesco, and Santander Brasil)
and holds a strong leadership position in retail banking
------------------
Security Flaws |
------------------
1 PII Scanneer
The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.
URL http://www.bb.com.br/docs/pub/atend/toquio/dwn/NetprMaintPT.pdf
Method GET
Evidence 500278556500
URL http://www.bb.com.br/docs/pub/atend/toquio/dwn/NetprMaintPT.pdf
Method GET
Evidence 3556556556556333
Instances 2
Solution
Other information
Credit Card Type detected: Maestro
Reference
CWE Id 359
WASC Id 13
Source ID 3
2 HTTP to HTPPS transition insecure in the form of a post
Description
This check looks for insecure HTTP pages that host HTTPS forms.
The problem is that an insecure HTTP page can easily be
hijacked through MITM and the secure HTTPS form
can be replaced or simulated.
URL http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page4,8305,3912,0,0,1,6.bb?codigoMenu=15217&codigoNoticia=28458
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method POST
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page100,8305,19205,0,0,1,6.bb?codigoMenu=15368&codigoNoticia=28840
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page100,8305,19205,0,0,1,6.bb?codigoMenu=15368&codigoNoticia=28840
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method POST
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method POST
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method POST
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method POST
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method POST
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page4,8305,3912,0,0,1,6.bb?codigoMenu=15217&codigoNoticia=28458
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page4,8305,8388,0,0,1,6.bb?codigoMenu=15245&codigoNoticia=28842
Method GET
Attack [cadena vacía]
URL http://www.bb.com.br/portalbb/page4,8305,8388,0,0,1,6.bb?codigoMenu=15245&codigoNoticia=28842
Method GET
Attack [cadena vacía]
Instances 27
Solution
Use HTTPS for landing pages that host secure forms
Other information
The response to the following HTTP request included a tag action attribute value of HTTPS form:
http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839 el contexto era:
<form name="formNaoCorrentista" action="https://www2.bancobrasil.com.br/aapf/login.jsp" method="post">
<div class="grade">
<input type="Hidden" name="aapf.NC" value="sim">
<input type="Hidden" name="ativaCadastroNC" value="sim">
</div>
<div class="grade"><label for="cpf">CPF</label><input type="text" value=" CPF" name="cpf"
id="cpf" class="busca" onfocus="setElmAtv(this);letreiro(this,' CPF');"
onblur="letreiro(this,' CPF');" maxlength="14" size="15"
onkeypress="return mask(true, event, this, '###.###.###-##');"
tabindex="28"></div>
<div class="grade botaoOK" style="margin-left:5px;margin-top:1px;"><a href="#" title="Entrar"
onclick="return validaCNC();"
onkeypress="return validaCNC();"
tabindex="29"><span> OK </span></a></div>
</form>
Reference
[cadena vacía]
CWE Id 16
WASC Id 15
Source ID 3
3 Source Code Divulgation in Perl -Description
The source code of the application was disclosed by the web server - Perl
URL http://www.bb.com.br/docs/pub/siteEsp/uds/dwn/Proequidade.pdf
Method GET
Evidence $#waRFp
Instances 1
Solution
Make sure that the Source Code application is not enabled with alternative extensions, and make sure that the source code is not present within other files or data displayed to the web server, or served by the web server.
Other information
$#waRFp
Reference
http://blogs.wsj.com/cio/2013/10/08/adobe-source-code-leak-is-bad-news-for-u-s-government/
CWE Id 540
WASC Id 13
4 X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks - Description-
* URL: [http://www.bb.com.br/portalbb/hs001003,500490,500491,1,0,1,1,80.bb](http://www.bb.com.br/portalbb/hs001003,500490,500491,1,0,1,1,80.bb)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/jsp/eng/index.jsp](http://www.bb.com.br/portalbb/jsp/eng/index.jsp)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/page44,8305,8330,0,0,1,6.bb?bread=4&codigoMenu=3800&codigoNoticia=4561&codigoRet=3809](http://www.bb.com.br/portalbb/page44,8305,8330,0,0,1,6.bb?bread=4&codigoMenu=3800&codigoNoticia=4561&codigoRet=3809)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839](http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/page3,7932,7950,0,0,1,0.bb?bread=1_2&codigoMenu=3490&codigoRet=3510](http://www.bb.com.br/portalbb/page3,7932,7950,0,0,1,0.bb?bread=1_2&codigoMenu=3490&codigoRet=3510)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb](http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb](http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb)
* Method: `POST`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb](http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/home23,10548,10548,0,0,1,5.bb](http://www.bb.com.br/portalbb/home23,10548,10548,0,0,1,5.bb)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/](http://www.bb.com.br/)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/docs/sitesp/sustentabilidade/hotsite_Internet.html](http://www.bb.com.br/docs/sitesp/sustentabilidade/hotsite_Internet.html)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/page3,7932,7952,0,0,1,0.bb?bread=1_4&codigoMenu=3490&codigoRet=3512](http://www.bb.com.br/portalbb/page3,7932,7952,0,0,1,0.bb?bread=1_4&codigoMenu=3490&codigoRet=3512)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb?dv=1](http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb?dv=1)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb](http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br](http://www.bb.com.br)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/page3,7932,7949,0,0,1,0.bb?bread=1_1&codigoMenu=3490&codigoRet=3508](http://www.bb.com.br/portalbb/page3,7932,7949,0,0,1,0.bb?bread=1_1&codigoMenu=3490&codigoRet=3508)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb?dv=1](http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb?dv=1)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb](http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb)
* Method: `POST`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/home16,500355,500355,21,0,1,1.bb?dv=1](http://www.bb.com.br/portalbb/home16,500355,500355,21,0,1,1.bb?dv=1)
* Method: `GET`
* Parameter: `X-Frame-Options`
* URL: [http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200](http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200)
* Method: `POST`
* Parameter: `X-Frame-Options`
Instances: 32
### Solution
Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. ALLOW-FROM allows specific websites to frame the web page in supported web browsers).
### Reference
* http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
#### CWE Id : 16
#### WASC Id : 15
#### Source ID : 3
5 HTTP Parameter Override
-Description
Unspecified form action: HTTP parameter override attack potentially possible.
This is a known problem with Java Servlets but other platforms may also be vulnerable
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method POST
Evidence <form name="formContaEmp" action="" method="post">
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method POST
Evidence <form name="formContaEmp" action="" method="post">
URL http://www.bb.com.br/portalbb/page4,8305,8388,0,0,1,6.bb?codigoMenu=15245&codigoNoticia=28842
Method GET
Evidence <form name="formContaEmp" action="" method="post">
URL http://www.bb.com.br/portalbb/page3,7932,7948,22,0,1,8.bb?bread=1&codigoMenu=3490&codigoNoticia=4246&codigoRet=3494
Method GET
Evidence <form name="formPerfil" autocomplete="off" action="" method="post">
URL http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb
Method GET
Evidence <form name="formContaEmp" action="" method="post">
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method GET
Evidence <form name="formPerfil" autocomplete="off" action="" method="post">
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method GET
Evidence <form name="formContaEmp" action="" method="post">
URL http://www.bb.com.br/portalbb/page4,8305,3912,0,0,1,6.bb?codigoMenu=15217&codigoNoticia=28458
Method GET
Evidence <form name="formContaEmp" action="" method="post">
URL http://www.bb.com.br/portalbb/page100,8305,19205,0,0,1,6.bb?codigoMenu=15368&codigoNoticia=28840
Method GET
Evidence <form name="formContaEmp" action="" method="post">
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method POST
Evidence <form name="formPerfil" autocomplete="off" action="" method="post">
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method GET
Evidence <form name="formContaEmp" action="" method="post">
URL http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839
Method GET
Evidence <form name="formContaEmp" action="" method="post">
Instances 12
Solution
All forms must specify the action URL.
Reference
http://download.oracle.com/javaee-archive/servlet-spec.java.net/jsr340-experts/att-0317/OnParameterPollutionAttacks.pdf
CWE Id 20
WASC Id 20
Source ID 3
6 X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://www.bb.com.br/docs/pub/atend/toquio/dwn/tela7.gif
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/pbb/pagina-inicial/private
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/portalbb/img.ImgWriter?codigo=19634&origem=CCI
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/css/ac/menuHorizontal.css
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/pub/inst/img/tela5red.gif
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/portalbb/page100,8305,19205,0,0,1,6.bb?codigoMenu=15368&codigoNoticia=28840
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-180x180.png
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/pbb/pagina-inicial/estilo
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method POST
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/pub/atend/toquio/dwn/tela10.gif
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/img/v5/imgCantoMenuEsq.png
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/css/grupoCAbas.css?v=1.1
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/img/v5/btLogo1.gif
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/portalbb/page3,7932,7949,0,0,1,0.bb?bread=1_1&codigoMenu=3490&codigoRet=3508
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/pub/atend/toquio/dwn/NetprMaintPT.pdf
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/css/ac/layoutsFonte12.css
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/css/ac/layoutHomeFlex.css?1
Method GET
Parameter X-Content-Type-Options
URL http://www.bb.com.br/docs/home/inst/img/dot.gif
Method GET
Parameter X-Content-Type-Options
Instances 113
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.
If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Other information
This issue still applies to error type pages (401, 403, 500, etc) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.
At "High" threshold this scanner will not alert on client or server error responses.
Reference
http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://www.owasp.org/index.php/List_of_useful_HTTP_headers
CWE Id 16
WASC Id 15
Source ID 3
7 Web Browser XSS Protection Not Enabled
Description
Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server
URL http://www.bb.com.br/portalbb/page4,8305,3912,0,0,1,6.bb?codigoMenu=15217&codigoNoticia=28458
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/home1,7490
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/page3,7932,7952,0,0,1,0.bb?bread=1_4&codigoMenu=3490&codigoRet=3512
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb?dv=1
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/page100,8305,19205,0,0,1,6.bb?codigoMenu=15368&codigoNoticia=28840
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/pbb/pagina-inicial/estilo
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/jsp/eng/index.jsp
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/page3,7932,7949,0,0,1,0.bb?bread=1_1&codigoMenu=3490&codigoRet=3508
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/pbb/pagina-inicial/atendimento
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/page3,7932,7951,0,0,1,0.bb?bread=1_3&codigoMenu=3490&codigoRet=3511
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/home23,10548,10548,0,0,1,5.bb
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method POST
Parameter X-XSS-Protection
URL http://www.bb.com.br/pbb/
Method GET
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method POST
Parameter X-XSS-Protection
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method POST
Parameter X-XSS-Protection
Instances 42
Solution
Ensure that the web browser's XSS filter is enabled, by setting the X-XSS-Protection HTTP response header to '1'.
Other information
The X-XSS-Protection HTTP response header allows the web server to enable or disable the web browser's XSS protection mechanism. The following values would attempt to enable it:
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=http://www.example.com/xss
The following values would disable it:
X-XSS-Protection: 0
The X-XSS-Protection HTTP response header is currently supported on Internet Explorer, Chrome and Safari (WebKit).
Note that this alert is only raised if the response body could potentially contain an XSS payload (with a text-based content type, with a non-zero length).
Reference
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
https://blog.veracode.com/2014/03/guidelines-for-setting-security-headers/
CWE Id 933
WASC Id 14
Source ID 3
8 Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL http://www.bb.com.br/portalbb/page3,7932,7949,0,0,1,0.bb?bread=1_1&codigoMenu=3490&codigoRet=3508
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page4,8305,8388,0,0,1,6.bb?codigoMenu=15245&codigoNoticia=28842
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page3,7932,7948,22,0,1,8.bb?bread=1&codigoMenu=3490&codigoNoticia=4246&codigoRet=3494
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method POST
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/home16,500355,500355,21,0,1,1.bb
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page3,7932,7951,0,0,1,0.bb?bread=1_3&codigoMenu=3490&codigoRet=3511
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method POST
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method POST
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/hs001003,500490,500491,1,0,1,1,80.bb
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page3,7932,7950,0,0,1,0.bb?bread=1_2&codigoMenu=3490&codigoRet=3510
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page3,7932,7953,0,0,1,0.bb?bread=1_5&codigoMenu=3490&codigoRet=3513
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb?dv=1
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page4,8305,3912,0,0,1,6.bb?codigoMenu=15217&codigoNoticia=28458
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page3,7932,7952,0,0,1,0.bb?bread=1_4&codigoMenu=3490&codigoRet=3512
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page100,8305,19205,0,0,1,6.bb?codigoMenu=15368&codigoNoticia=28840
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/home29,8305,8305,0,0,1,6.bb
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
URL http://www.bb.com.br/portalbb/home16,500355,500355,21,0,1,1.bb?dv=1
Method GET
Parameter http://www57.bb.com.br/eni/APPS/arquivos/id.js
Evidence <script type="text/javascript" src="http://www57.bb.com.br/eni/APPS/arquivos/id.js"></script>
Instances 21
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
CWE Id 829
WASC Id 15
Source ID 3
9 Great Redirection detected (potential disclosure of sensitive information)
Description
The server has responded with a redirect that seems to provide a large response.
This could indicate that although the server sent a redirect, it also responded with
content (which could contain sensitive details, PII, etc.)
URL http://www.bb.com.br/mpo
Method GET
URL http://www.bb.com.br/bbjovem
Method GET
URL http://www.bb.com.br/empreendedor
Method GET
URL http://www.bb.com.br/seguranca
Method GET
URL http://www.bb.com.br/acoes
Method GET
URL http://www.bb.com.br/acessoainformacao
Method GET
URL http://www.bb.com.br/aguabrasil
Method GET
URL http://www.bb.com.br/patrocinios
Method GET
Instances 8
Solution
Asegúrese que no se divulga ninguna información sensible mediante respuestas re-direccionadas. Respuestas re-direccionadas deberían tener muy poco contenido.
Other information
Ubicación de longitud encabezado URI: 95 [http://www.bb.com.br/portalbb/page47,108,7514,8,0,1,2.bb?codigoMenu=113&codigoRet=15940&bread=7].
Tamaño predecido de respuesta: 395.
Longitud de cuerpo de respuesta: 719.
Reference
[cadena vacía]
CWE Id 201
WASC Id 13
Source ID 3
10 The content security policy (CSP) header has not been established
Description Content security policy (CSP) is an added layer of security that helps detect and mitigate
certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
These attacks are used for everything from data theft to site defacement or malware distribution. CSP provides a set of standard HTTP headers that allow website owners to declare approved content sources that browsers should allow to load on their page - cover types are JavaScript, CSS, HTML frames, fonts, images, and embeddable objects such as applets of Java, ActiveX, audio and video files.
URL http://www.bb.com.br/portalbb/home23,110,110,11,0,1,3.bb
Method GET
URL http://www.bb.com.br/portalbb/home16,500355,500355,21,0,1,1.bb?dv=1
Method GET
URL http://www.bb.com.br/pbb/
Method GET
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method GET
URL http://www.bb.com.br/pbb/pagina-inicial/cooperativas
Method GET
URL http://www.bb.com.br/pbb/pagina-inicial/empresarial
Method GET
URL http://www.bb.com.br/portalbb/home16,500355,500355,21,0,1,1.bb
Method GET
URL http://www.bb.com.br/portalbb/home23,111,111,13,0,1,3.bb
Method GET
URL http://www.bb.com.br/pbb/pagina-inicial/corporate
Method GET
URL http://www.bb.com.br/pbb/pagina-inicial/empresas
Method GET
URL http://www.bb.com.br/portalbb/page3,7932,7953,0,0,1,0.bb?bread=1_5&codigoMenu=3490&codigoRet=3513
Method GET
URL http://www.bb.com.br/portalbb/home29,8623,8623,1,0,1,1.bb
Method GET
URL http://www.bb.com.br/portalbb/page3,7932,7948,22,0,1,8.bb?bread=1&codigoMenu=3490&codigoNoticia=4246&codigoRet=3494
Method GET
URL http://www.bb.com.br/portalbb/page22,101,2292,0,0,1,1.bb?codigoMenu=225&codigoNoticia=31640
Method GET
URL http://www.bb.com.br/docs/pub/emp/empl/dwn/ManualComelet.pdf
Method GET
URL http://www.bb.com.br/portalbb/home29,112,112,15,0,1,3.bb
Method GET
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method POST
URL http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Method GET
URL http://www.bb.com.br/
Method GET
URL http://www.bb.com.br/portalbb/home29,113,113,14,0,1,3.bb
Method GET
Instances 50
Solution
Asegúrese que su servidor web, servidor de aplicación, equilibrador de carga, etc. está configurado para establecer el encabezado de estricta política de seguridad, para alcanzar soporte de navegador óptimo: "Política de Seguridad de Contenido" para Chrome 25+, Firefox 23+ y Safari 7+, "Política de Seguridad de Contenido X" para Firefox 4.0+ e Internet Explorer 10+, y "X-Webkit-CSP" para Chrome 14+ y Safari 6+.
Reference
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy https://www.owasp.org/index.php/Content_Security_Policy http://www.w3.org/TR/CSP/ http://w3c.github.io/webappsec/specs/ Content-Security-Policy/CSP-Specification.dev.html http://www.html5rocks.com/en/tutorials/security/content-security-policy/ http://caniuse.com/#feat=contentsecuritypolicy http://content-security-policy.com/
CWE Id 16
WASC Id 15
Source ID 3
11 Hash Divulgation - MD4 / MD5
Description
A hash has been disclosed by the web server - MD4 / MD5
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-144x144.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-57x57.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-114x114.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/favicon-32x32.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-72x72.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/docs/pub/atend/toquio/dwn/NetprMaintPT.pdf
Method GET
Evidence A253144FF8221247918F5D43147DEBB2
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-152x152.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-180x180.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-60x60.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/docs/pub/atend/toquio/dwn/NetprMaintPT.pdf
Method GET
Evidence 4705796A0ACA3D4EB70EF22908773587
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-120x120.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-76x76.png
Method GET
Evidence b356098659224bee23df80a1098ddb2a
Instances 12
Solution
Asegúrese que los hashes que son usados para proteger credenciales u otros recursos no están infiltrados por el servidor web o la base de datos. Típicamente no hay ningún requisito para contraseñas de hashes para ser accesibles para el navegador web.
Other information
b356098659224bee23df80a1098ddb2a
Reference
https://www.Owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure http://projects.webappsec.org/w/page/13246936/Information%20Leakage
http://openwall.info/wiki/john/sample-hashes
CWE Id 200
WASC Id 13
Source ID
12 Storable and cacheable content
Description
The response contents are storable by cacheable components such as proxy servers,
and could be obtained directly from the cache, rather than from the
origin server by caching services, in response to similar requests from other users.
If the response data is sensitive, personal or specific to a user, this could result
in the disclosure of sensitive information. In some cases, this could even result in a user gaining complete
control of another user's session, depending on the configuration of caching components in use in their environments.
This is primarily a problem where shared cache servers '' '' '' '' such as caches '' '' proxy '' '' are configured
in the local network. This configuration is typically found in educational or corporate environments
URL http://www.bb.com.br/portalbb/img.ImgWriter?codigo=29759&origem=CCI
Method GET
Evidence Wed, 22 May 2019 17:14:24 GMT
URL http://www.bb.com.br/docs/img/btMaisPublicos.png
Method GET
URL http://www.bb.com.br/portalbb/img.ImgWriter?codigo=29756&origem=CCI
Method GET
Evidence Wed, 22 May 2019 17:14:24 GMT
URL http://www.bb.com.br/docs/img/v5/imgCantoMenuDir.png
Method GET
URL http://www.bb.com.br/docs/img/v5/dot.gif
Method GET
URL http://www.bb.com.br/docs/img/v5/btToken.png
Method GET
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/favicon-32x32.png
Method GET
URL http://www.bb.com.br/docs/img/v5/imgAumentaFonte.png
Method GET
URL http://www.bb.com.br/docs/img/v5/dhtmlMcBordaBottom.png
Method GET
URL http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839
Method GET
URL http://www.bb.com.br/docs/css/ac/layoutHome1.css?1
Method GET
URL http://www.bb.com.br/portalbb/jsp/eng/index.jsp
Method GET
URL http://www.bb.com.br/docs/img/btLogo1.gif
Method GET
URL http://www.bb.com.br/docs/pub/atend/toquio/dwn/tela2red2.gif
Method GET
URL http://www.bb.com.br/docs/img/v5/imgDiminuiFonte.png
Method GET
URL http://www.bb.com.br/portalbb/hs001003,500490,500491,1,0,1,1,80.bb
Method GET
URL http://www.bb.com.br/docs/css/ac/cssSP22.css
Method GET
URL http://www.bb.com.br/docs/pub/inst/img/tela6red.gif
Method GET
URL http://www.bb.com.br/pbb/app/docs/comum/images/structure/header/icon/apple-icon-152x152.png
Method GET
URL http://www.bb.com.br/pbb/app/docs/s001/stylesheets/style.css?v=201804051
Method GET
Instances 117
Solution
Validar que la respuesta no contenga información sensible, personal o específica de un usuario. SI lo hace, considerar el uso de los siguientes encabezados de respuesta HTTP, para limitar, o prevenir el contenido siendo almacenado y recuperados del caché por otro usuario:
Control-Caché: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Expires: 0
Esta configuración dirige ambos HTTP 1.0 y HTTP 1.1 servidores de caché compatibles a no almacenar la respuesta, y a no recuperar la respuesta (sin validación) del caché, en respuesta a una petición similar.
Reference
https://Tools.ietf.org/html/rfc7234
https://tools.ietf.org/html/rfc7231
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (sustituido por rfc7234)
CWE Id 524
WASC Id 13
Source ID 3
13 Non-storable content
Description
The response contents are not storable from cache contents such as proxy servers. If the answer does not contain sensitive, personal, or specific information of a user, it could benefit from being stored and cached, to improve performance.
RL http://www.bb.com.br/acoes
Method GET
Evidence 302
URL http://www.bb.com.br/patrocinios
Method GET
Evidence 302
URL http://www.bb.com.br/pbb/pagina-inicial/estilo
Method GET
Evidence no-store
URL http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Method GET
Evidence no-store
URL http://www.bb.com.br/aguabrasil
Method GET
Evidence 302
URL http://www.bb.com.br/pbb/pagina-inicial/empresas
Method GET
Evidence no-store
URL http://www.bb.com.br/pbb/pagina-inicial/corporate
Method GET
Evidence no-store
URL http://www.bb.com.br/pbb
Method GET
Evidence 302
URL http://www.bb.com.br/bbjovem
Method GET
Evidence 302
URL http://www.bb.com.br/mpo
Method GET
Evidence 302
URL http://www.bb.com.br/empreendedor
Method GET
Evidence 302
URL http://www.bb.com.br/pbb/pagina-inicial/atendimento
Method GET
Evidence no-store
URL http://www.bb.com.br/acessoainformacao
Method GET
Evidence 302
URL http://www.bb.com.br/seguranca
Method GET
Evidence 302
URL http://www.bb.com.br/pbb/pagina-inicial/cooperativas
Method GET
Evidence no-store
URL http://www.bb.com.br/pbb/pagina-inicial/empresarial
Method GET
Evidence no-store
URL http://www.bb.com.br/pbb/pagina-inicial/private
Method GET
Evidence no-store
URL http://www.bb.com.br/pbb/pagina-inicial/voce
Method GET
Evidence no-store
Instances 18
Solution
The content could be marked as storable by ensuring that the following conditions are met:
The request method must be understood by the cache and defined as cacheable ('' '' GET '' '', '' "HEAD '' '', and '' '' POST '' '' are currently defined as cacheable)
The response status code must be understood by the cache (one of the 1XX, 2XX, 3XX, 4XX or 5XX types of responses are generally understood)
The cache directive '' '' no-store '' '' should not appear in the request or response header fields
For caching using "shared" caches as "proxy" caches, the "private" response directive should not appear in the response
For caching by "'' shared '' '' caches as '' '' 'proxy' '' 'caches, the header field' '' 'Authorization' '' should not appear in the request, except that the response explicitly allow it (using one of the "must-revalidate" '' ',' '' '' 'public' '' 'or' '' 's-maxage' '' 'control-control directives-cache)
In addition to the conditions above, at least one of the following conditions must also be met by the response:
Must contain a header field "Expires"
Must contain a "max-age" response directive
For shared caches' '' '' '' '' such as caches' '' 'proxy' '' ', must contain a response directive' '' '' 's-maxage' '' '
Must contain a '' '' Cache control extention '' '' that allows it to be cached
It must have a status code that is defined as cacheable by default (200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501).
Reference
https://Tools.ietf.org/html/rfc7234
https://tools.ietf.org/html/rfc7231
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (sustituido por rfc7234)
CWE Id 524
WASC Id 13
Source ID 3
14 information Disclosure - Suspicious Comments
Description
The response appears to contain suspicious comments which may help an attacker
URL http://www.bb.com.br/portalbb/home16,500355,500355,21,0,1,1.bb?dv=1
Method GET
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method GET
URL http://www.bb.com.br/portalbb/home16,500355,500355,21,0,1,1.bb
Method GET
URL http://www.bb.com.br/docs/sitesp/sustentabilidade/hotsite_Internet.html
Method GET
URL http://www.bb.com.br/portalbb/page3,7932,7950,0,0,1,0.bb?bread=1_2&codigoMenu=3490&codigoRet=3510
Method GET
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method POST
URL http://www.bb.com.br/portalbb/page3,7932,3678,22,0,1,8.bb
Method GET
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method GET
URL http://www.bb.com.br/portalbb/home1,8305,8305,0,0,1,6.bb
Method POST
URL http://www.bb.com.br/portalbb/hs001003,500490,500491,1,0,1,1,80.bb
Method GET
URL http://www.bb.com.br/portalbb/home1,7490
Method GET
URL http://www.bb.com.br/portalbb/page100,8305,4911,0,0,1,6.bb?codigoMenu=15244&codigoNoticia=28839
Method GET
URL http://www.bb.com.br/portalbb/page100,8305,19205,0,0,1,6.bb?codigoMenu=15368&codigoNoticia=28840
Method GET
URL http://www.bb.com.br/portalbb/page3,7932,7952,0,0,1,0.bb?bread=1_4&codigoMenu=3490&codigoRet=3512
Method GET
URL http://www.bb.com.br/portalbb/page3,7932,7951,0,0,1,0.bb?bread=1_3&codigoMenu=3490&codigoRet=3511
Method GET
URL http://www.bb.com.br/portalbb/http:/www.bb.com.br/pbb/pagina-inicial/atendimento
Method GET
URL http://www.bb.com.br/portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Method POST
URL http://www.bb.com.br/portalbb/page4,8305,8388,0,0,1,6.bb?codigoMenu=15245&codigoNoticia=28842
Method GET
URL http://www.bb.com.br/portalbb/page4,8305,3912,0,0,1,6.bb?codigoMenu=15217&codigoNoticia=28458
Method GET
URL http://www.bb.com.br/portalbb/page3,7932,7949,0,0,1,0.bb?bread=1_1&codigoMenu=3490&codigoRet=3508
Method GET
Instances 24
Solution
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Other information
<script type="text/javascript">
//var urlDominio = top.location.href;
//var urlDominio = (window.location != window.parent.location) ? document.referrer: document.location +"";
var isIFrame = false;
if (window!=window.top) {
isIFrame = true
}else{
isIFrame = false;
}
//if(urlDominio.indexOf("bancodobrasilseguridade") != -1){
if(isIFrame){
$(function(){
$('a').each(function() {
if($(this).attr('href') === undefined){
}else{
var urlRec = $(this).attr('href');
if(
urlRec.indexOf("javascript") == -1 &&
urlRec.indexOf("?codigoMenu=40031") == -1 &&
urlRec != "" &&
urlRec != "#"
){
if($(this).attr('href') != null && $(this).attr('href') != ''){
var newHref = $(this).attr('href');
$(this).attr("realHref", newHref);
//$(this).attr('href', "http://www.bancodobrasilseguridade.com.br");
$(this).attr('href', "http://");
}else{
$(this).attr('href', "http://");
//$(this).attr('href', "https://www.bancodobrasilseguridade.com.br");
var newHref = $(this).attr('href');
$(this).attr("realHref", newHref);
}
$(this).click(function(){
url = $(this).attr("realHref");
//parent.document.getElementById("urlId").innerHtml = $(this).attr("realHref");
if(
url.indexOf("/appbb/portal/") == -1 &&
url.indexOf("javascript:abreVDHTML(") == -1 &&
url.indexOf("javascript:escondeCampos(") == -1 &&
url.indexOf("javascript:history.back(") == -1 &&
url.indexOf("bancodobrasil.") == -1 &&
url.indexOf("bancobrasil.") == -1 &&
url.indexOf("/docs/") == -1 &&
url.indexOf("/portalbb/") == -1 &&
url.indexOf("prevMonth()") == -1 &&
url.indexOf("nextMonth()") == -1 &&
url.indexOf("mudaFontediv(") == -1 &&
url.indexOf("posicaoRodape(") == -1 &&
url.indexOf("bb.com.br") == -1 &&
url.indexOf("setActiveStyleSheet(") == -1 &&
url.indexOf("selectDate(") == -1 &&
url.indexOf("determinaNichos(") == -1 &&
url.indexOf("bancodobrasilseguridade") == -1 &&
url.indexOf("/page") == -1 &&
url.indexOf("/home") == -1 &&
url.indexOf("page") == -1 &&
url.indexOf("MudaGrafico(") == -1 &&
url != "#" &&
url.indexOf("TrocaAba(") == -1
&& url.indexOf("prnweswire") == -1 && url.indexOf("investimentos-e") == -1 && url.indexOf("bbprevidencia") == -1 && url.
indexOf("licitações-e") == -1 && url.indexOf("agronegocios-e") == -1 && url.indexOf("climatempo") == -1 && url.indexOf("cma")
== -1 && url.indexOf("fbb") == -1 && url.indexOf("simuladorimobiliario") == -1 && url.indexOf("bbsegurosaude") == -1 && url.indexOf
("brasilveiculos") == -1 && url.indexOf("aliancadobrasil") == -1 && url.indexOf("www.visa.com.br") == -1 && url.indexOf("mastecard") == -1
&& url.indexOf("mz-ir") == -1 && url.indexOf("sitenet.serasa") == -1 && url.indexOf("brasilprev") == -1 && url.indexOf("promocaoourocardecielo") == -1 && url.indexOf
("www.mediagroup.com.br/testes/bb_page_flip/port/") == -1 && url.indexOf("www.eufacoacontecer.com.br") == -1 && url.indexOf("http://www.migre.me")
== -1 && url.indexOf("http://www.twixar.com") == -1 &&
url.indexOf("https://livepass.showare.com.br/") == -1 && url.indexOf("http://www.comprapremiadaourocard.com.br/") == -1 && url.indexOf
("http://www.br.com.br/wps/portal/portalconteudo/produtos/cart") == -1 &&
url.indexOf("https://www.licitacoes-e.com.br/aop/index.jsp") == -1 && url.indexOf
("https://b2c.bbtur.com.br/") == -1 && url.indexOf("http://www.iti.gov.br/") == -1 && url.indexOf
("http://www.blogaguabrasil.com.br/") == -1 && url.indexOf("http://www.prepax.com.br/cbssprepax/bb")
== -1 && url.indexOf("home") == -1 && url.indexOf("http://b2c.bbtur.com.br/") == -1 && url.indexOf
("http://www.bancodobrasilseguridade.com.br/") == -1 && url.indexOf("brasilcap") == -1 && url.indexOf
("bancodobrasilseguridade") == -1 && url.indexOf("wittel") == -1 && url.indexOf("Comprapremiada") == -1 &&
url.indexOf("Prepax") == -1 && url.indexOf("BBCOVERS") == -1 && url.indexOf("admin bb205anos") == -1 && url
.indexOf("executantecompe") == -1 && url.indexOf("executante") == -1 && url.indexOf
("compeexecutante") == -1 && url.indexOf("compexecutante") == -1 && url.indexOf("bbjovem")
== -1 && url.indexOf("momentohistoricoourocard") == -1 && url.indexOf("bbcovers") == -1 && url.indexOf("Lei 4.595,
de 31 de dezembro de 1964") == -1 && url.indexOf("Lei 7.357, de 02 de setembro de 1985") == -1 && url.indexOf
("Lei 7.783, de 28 de junho de 1989") == -1 && url.indexOf("Lei 10.214, de 27 de março de 2001")
== -1 && url.indexOf("http://www.bcb.gov.br/") == -1 && url.indexOf("http://www.planalto.gov.br/") ==
-1 && url.indexOf("http://www.fgc.org.br/") == -1 && url.indexOf("http://www.febraban.org.br/") == -1 &&
url.indexOf("bbseguranca") == -1 && url.indexOf("google-analytics") == -1 && url.indexOf("https://www.facebook.com/BBnosEsportes")
== -1 && url.indexOf("https://twitter.com/bbnosesportes") == -1 &&
url.indexOf("https://instagram.com/bbnosesportes") == -1 && url.indexOf("https://www.youtube.com/watch?v=I5jp-2NqYos")
== -1 && url.indexOf("http://www.pontoslivelo.com.br") == -1 && url.indexOf
("http://www.bbdigital.com.br/") == -1 && url.indexOf("http://www.bbcode.com.br/")
== -1 && url.indexOf("https://mobi.bb.com.br/lj") == -1 && url.
indexOf("https://www.youtube.com/watch?v=0k1mhDsifPw") == -1
&& url.indexOf("http://www.bbdigital.com.br") == -1 && url.indexOf("https://www.facebook.com/bancodobrasil")
== -1 && url.indexOf("https://twitter.com/bancodobrasil") == -1 && url.indexOf
("https://www.youtube.com/user/bancodobrasil") == -1 && url.indexOf("https://instagram.com/bancodobrasil")
== -1 && url.indexOf("https://www.bbprevidencia.com.br/linkExterno/empresalimpa") == -1 &&
url.indexOf("https://www.pensefuturo.com.br") == -1 && url.indexOf("https://www.previc.gov.br/") == -1 &&
url.indexOf("https://www.bbprevidencia.com.br/acessorestrito") == -1 && url.indexOf
("http://bbsimplifica.com.br/franquia") == -1 && url.indexOf("http://bbsimplifica.com.br/empreendedor-individual")
== -1 && url.indexOf("http://www.pontoslivelo.com.br/livelo/alivelo") == -1 && url.indexOf
("https://www.avianca.com.br/") == -1 && url.indexOf("https://www.pontosmultiplus.com.br/promo/diadoconsumidor")
== -1 && url.indexOf("http://www.smiles.com.br/bancos/bb60") == -1 && url.indexOf
("http://bbsimplifica.com.br/") == -1 && url.indexOf("http://www.bbsimplifica.com.br/") == -1 && url.indexOf
("http://www.bbestilodigital.com.br/") == -1 && url.indexOf("http://www.bbseguridaderi.com.br/pt")
== -1 && url.indexOf("http://www.bbseguridaderi.com.br") == -1 && url.indexOf("http://www.bbseguridaderi.com.br/en")
== -1 && url.indexOf("https://www.youtube.com/watch?v=x18LA3O_WY4&feature=youtu.be") == -1
&& url.indexOf("http://www.ethicsdeloitte.com.br/bbseguridade") == -1 && url.indexOf("https://www.youtube.com/watch?v=qjK_KddmhDg")
== -1 && url.indexOf("https://www.youtube.com/watch?v=7lhPOByYE44") == -1
&& url.indexOf("https://www.youtube.com/watch?v=U_rvYpunNKk") == -1 && url.indexOf("https://www.youtube.com/watch?v=nNupfhvcVPY")
== -1 && url.indexOf("https://youtu.be/tl0YL0DQNJc") == -1 && url.indexOf
("https://www.youtube.com/watch?v=dKRsPjHlYrg") == -1 && url.indexOf("https://www.youtube.com/watch?v=treGUO4qThQ")
== -1 && url.indexOf("https://www.youtube.com/watch?v=N4vi2i98c4g") == -1 && url.indexOf
("http://promocoesleclub.com.br/bb/") == -1 && url.indexOf("http://www.flytap.com/ptpt/victoria/promocoes")
== -1 && url.indexOf("http://www.smiles.com.br/bancos/bonusbb") == -1 && url.indexOf
("https://www.youtube.com/watch?v=wunN2LQ1dXY&feature=youtu.be") == -1 && url.indexOf("http://www.bbseguros.com.br")
== -1 && url.indexOf("https://www.linkedin.com/company-beta/162626/") == -1 &&
url.indexOf("https://www.linkedin.com/company-beta/162626/") == -1 && url.indexOf
("https://www.youtube.com/watch?v=wunN2LQ1dXY&featur") == -1 && url.indexOf
("https://www.bbseguros.com.br/seguradora/para-
voce/seguro-aut") == -1 && url.indexOf("https://www.bbseguros.com.br/seguradora/
servicos/sinistro/si") == -1 && url.indexOf("https://www.bbseguros.com.br/seguradora/atendimento/atendime") == -1 &&
url.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/si")
== -1 && url.indexOf("https://www.bbseguros.com.br/seguradora/para-voce/seguro-mot") == -1 && url.indexOf
("https://www.bbseguros.com.br/seguradora/atendimento/atendime") == -1 &&
url.indexOf("https://www.bbseguros.com.br/seguradora/para-voce/seguro-mot") == -1 && url.indexOf
("https://www.bbseguros.com.br/seguradora/servicos/sinistro/si") == -1 &&
url.indexOf("https://www.bbseguros.com.br/seguradora/para-voce/seguro-mot") == -1 && url.indexOf
("http://www3.bbseguroauto.com.br/services/DocumentManagement/") == -1 &&
url.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/de") == -1 && url.indexOf
("https://www.bbseguros.com.br/seguradora/servicos/sinistro/de") == -1 &&
url.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/de") == -1 && url.indexOf
("http://www3.bbseguroauto.com.br/issuu/CondicoesGeraisProduto") == -1 &&
url.indexOf("https://sitenet37.serasa.com.br/am3cartaobb/parceiro/4A34E8C") == -1 && url.indexOf
("http://www.circuitobancodobrasil.com.br") == -1 && url.indexOf
("https://www.ourocardeshow.com.br/") == -1 && url.indexOf
("https://www.youtube.com/watch?v=qbB-Hj0aj_E") == -1 && url.indexOf
("http://www.smiles.com.br/") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=98&pk_kwd=MRV") ==
-1 && url.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=75&pk_kwd=MRV") == -1
&& url.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=89&pk_kwd=MRV")
== -1 && url.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=112&pk_kwd=MR")
== -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=77&pk_kwd=MRV") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=86&pk_kwd=MRV") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=90&pk_kwd=MRV") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=108&pk_kwd=MR") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=82&pk_kwd=MRV") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=87&pk_kwd=MRV") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=76&pk_kwd=MRV") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=85&pk_kwd=MRV") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=119&pk_kwd=MR") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=91&pk_kwd=MRV") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=106&pk_kwd=MR") == -1 && url.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=72&pk_kwd=MRV") == -1 && url.indexOf
("https://www.youtube.com/watch?
v=wunN2LQ1dXY&feature=youtu.be") == -1 && url.indexOf("https://youtu.be/y8NAt27VPds")
== -1 && url.indexOf("https://youtu.be/wunN2LQ1dXY") == -1 && url.indexOf
"http://www.promocaotorcidabrasil.com.br") ==
-1 && url.indexOf("http://www.vitrineourocard.com.br/")
== -1 && url.indexOf("https://www.cartaoelo.com.br/eloofertas/")
== -1 && url.indexOf("https://www.visa.com.br") == -1 && url.indexOf
("https://www.mastercard.com.br") == -1 && url.indexOf("https://youtu.be/kqWs8fBgA0c")
== -1 && url.indexOf("https://www.youtube.com/watch?v=O21ktz0Dfs4&t=0s&index=2&lis") == -1 && url.indexOf
("http://blog.bbprevidencia.com.br/") == -1 && url.indexOf("http://www.pensefuturo.com.br/")
== -1 && url.indexOf("http://agrobot.labbs.com.br/") == -1 && url.indexOf
("https://www.youtube.com/bancodobrasil/supermae") == -1 && url.indexOf
("https://recompensasdigitais.com.br/") == -1 && url.indexOf
("https://www.bbseguros.com.br/seguradora/servicos/rede-benefi") == -1 &&
url.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/")
== -1 && url.indexOf("https://www.bbseguros.com.br/seguradora/atendimento/duvidas-")
== -1 && url.indexOf
("https://www.bbseguros.com.br/seguradora/quem-somos/noticias/") == -1
){
cont = url.length;
for(var i=0;i<=cont;i++) {
if(url.substring(i,i+1).indexOf("&") != -1){
url = url.replace("&","@");
}
}
//alert("vai ser popup \n :"+$(this).attr("realHref"));
PopUpLinks('/portalbb/jsp/home/inst/inc/popUpLinksExt.jsp?idioma=1&end='+url,'popUp','566','482',0);
url = "";
return false;
}else{
//if($(this).attr("realHref") != 'https://www.bancodobrasilseguridade.com.br'){
//alert("Vou acessar >>> \n "+$(this).attr("realHref"));
if($(this).attr("realHref") != ''){
document.location = $(this).attr("realHref");
return false;
}else{
return false;
}
}
});
}
}//fim undef...
});
});
}
//Personlizações para resoluções abaixo de 1024.
if(getDimencoesJanela().largura <= 1024){
pesona1024();
}
</script>
<script type="text/javascript" language="JavaScript">
function init2(){
if (window == window.top) {
var links = document.getElementsByTagName("a");
var idioma = "1";
var uri = location.href;
var temTermo = false;
for(var i=0;i<links.length;i++) {
if (links[i].href != ""){
url = links[i].href;
if(
links[i].href.indexOf("/appbb/portal/") == -1 &&
links[i].href.indexOf("javascript:abreVDHTML(") == -1 &&
links[i].href.indexOf("javascript:escondeCampos(") == -1 &&
links[i].href.indexOf("javascript:history.back(") == -1 &&
links[i].href.indexOf("bancodobrasil.") == -1 &&
links[i].href.indexOf("bancobrasil.") == -1 &&
links[i].href.indexOf("/docs/") == -1 &&
links[i].href.indexOf("/portalbb/") == -1 &&
links[i].href.indexOf("prevMonth()") == -1 &&
links[i].href.indexOf("nextMonth()") == -1 &&
links[i].href.indexOf("mudaFontediv(") == -1 &&
links[i].href.indexOf("posicaoRodape(") == -1 &&
links[i].className.indexOf("aMenuNome_12") == -1 &&
links[i].href.indexOf("bb.com.br") == -1 &&
links[i].href.indexOf("setActiveStyleSheet(") == -1 &&
links[i].href.indexOf("selectDate(") == -1 &&
links[i].href.indexOf("determinaNichos(") == -1 &&
links[i].href.indexOf("/page") == -1 &&
links[i].href.indexOf("page") == -1 &&
links[i].href.indexOf("/home") == -1 &&
links[i].href != null &&
links[i].href.indexOf("MudaGrafico(") == -1 &&
links[i].href.indexOf("TrocaAba(") == -1
&& links[i].href.indexOf("prnweswire") == -1 && links[i].
href.indexOf("investimentos-e") ==
-1 && links[i].href.indexOf("bbprevidencia") == -1 &&
links[i].href.indexOf("licitações-e")
== -1 && links[i].href.indexOf("agronegocios-e") == -1
&& links[i].href.indexOf("climatempo")
== -1 && links[i].href.indexOf("cma") == -1 && links[i]
.href.indexOf("fbb") == -1 && links[i]
.href.indexOf("simuladorimobiliario") == -1 && links[i]
.href.indexOf("bbsegurosaude") == -1 &&
links[i].href.indexOf("brasilveiculos") == -1 && links[i]
.href.indexOf("aliancadobrasil") ==
-1 && links[i].href.indexOf("www.visa.com.br") == -1 &&
links[i].href.indexOf("mastecard")
== -1 && links[i].href.indexOf("mz-ir") == -1 && links[i]
.href.indexOf("sitenet.serasa") ==
-1 && links[i].href.indexOf("brasilprev") == -1 && links[i]
.href.indexOf("promocaoourocardecielo")
== -1 && links[i].href.indexOf
("www.mediagroup.com.br/testes/bb_page_flip/port/") == -1 && links[i]
.href.indexOf("www.eufacoacontecer.com.br") ==
-1 && links[i].href.indexOf("http://www.migre.me") ==
-1 && links[i].href.indexOf("http://www.twixar.com") ==
-1 && links[i].href.indexO
f("https://livepass.showare.com.br/") ==
-1 && links[i].href.indexOf
("http://www.comprapremiadaourocard.com.br/") ==
-1 && links[i]
.href.indexOf
("http://www.br.com.br/wps/portal/portalconteudo/produtos/cart") ==
-1 && links[i].href.indexOf
("https://www.licitacoes-e.com.br/aop/index.jsp") ==
-1 && links[i].href.indexOf
("https://b2c.bbtur.com.br/") == -1 && links[i].href.
indexOf("http://www.iti.gov.br/") == -1 && links[i].href.indexOf
("http://www.blogaguabrasil.com.br/") == -1 && links[i].href.indexOf
("http://www.prepax.com.br/cbssprepax/bb") == -1 && links[i].href.indexOf("home") ==
-1 && links[i].href.indexOf("http://b2c.bbtur.com.br/") == -1 && links[i].href.indexOf
("http://www.bancodobrasilseguridade.com.br/") == -1 && links[i].href.indexOf("brasilcap")
== -1 && links[i].href.indexOf("bancodobrasilseguridade") == -1 && links[i].
href.indexOf("wittel") == -1 && links[i].href.indexOf("Comprapremiada") == -1 && links[i].
href.indexOf("Prepax") == -1 && links[i].href.indexOf("BBCOVERS") == -1 &&
links[i].href.indexOf("admin bb205anos") == -1 && links[i]
.href.indexOf("executantecompe") == -1 && links[i].href.indexOf("executante")
== -1 && links[i].href.indexOf("compeexecutante") == -1 && links[i]
.href.indexOf("compexecutante") == -1 && links[i].href.indexOf("bbjovem")
== -1 && links[i].href.indexOf("momentohistoricoourocard") ==
-1 && links[i].href.indexOf("bbcovers") ==
-1 && links[i].href.indexOf("Lei 4.595, de 31 de dezembro de 1964") ==
-1 && links[i].href.indexOf
("Lei 7.357, de 02 de setembro de 1985") == -1 && links[i].
href.indexOf("Lei 7.783, de 28 de junho de 1989") == -1 && links[i]
.href.indexOf("Lei 10.214, de 27 de março de 2001") == -1 && links[i]
.href.indexOf("http://www.bcb.gov.br/") == -1 && links[i].href.indexOf
("http://www.planalto.gov.br/") == -1 && links[i].href.indexOf
("http://www.fgc.org.br/") == -1 && links[i].href.indexOf
("http://www.febraban.org.br/") == -1 && links[i].href.indexOf
("bbseguranca") == -1 && links[i].href.indexOf("google-analytics")
== -1 && links[i].href.indexOf("https://www.facebook.com/BBnosEsportes")
== -1 && links[i].href.indexOf("https://twitter.com/bbnosesportes")
== -1 && links[i].href.indexOf("https://instagram.com/bbnosesportes")
== -1 && links[i].href.indexOf
("https://www.youtube.com/watch?v=I5jp-2NqYos") == -1 && links[i]
href.indexOf("http://www.pontoslivelo.com.br") == -1 && links[i].href.indexOf
("http://www.bbdigital.com.br/") == -1 && links[i].href.indexOf
("http://www.bbcode.com.br/") == -1 && links[i].href.indexOf(
"https://mobi.bb.com.br/lj") == -1 && links[i].href.indexOf(
"https://www.youtube.com/watch?v=0k1mhDsifPw") == -1 && links
[i].href.indexOf("http://www.bbdigital.com.br") == -1 && links
[i].href.indexOf("https://www.facebook.com/bancodobrasil") ==
-1 && links[i].href.indexOf("https://twitter.com/bancodobrasil")
== -1 && links[i].href.indexOf("https://www.youtube.com/user/bancodobrasil"
) == -1 && links[i].href.indexOf("https://instagram.com/bancodobrasil"
) == -1 && links[i].href.indexOf
("https://www.bbprevidencia.com.br/linkExterno/empresalimpa")
== -1 && links[i].href.indexOf("https://www.pensefuturo.com.br") ==
-1 &&
links[i].href.indexOf("https://www.previc.gov.br/") == -1 && links[i]
.href.indexOf("https://www.bbprevidencia.com.br/acessorestrito") == -1
&& links[i].href.indexOf("http://bbsimplifica.com.br/franquia") == -1
&& links[i].href.indexO
f("http://bbsimplifica.com.br/empreendedor-individual")
== -1 && links[i].href.indexOf
("http://www.pontoslivelo.com.br/livelo/alivelo")
== -1 && links[i].href.indexOf
("https://www.avianca.com.br/") == -1 && links[i].
href.indexOf("https://www.pontosmultiplus.com.br/promo/diadoconsumidor") ==
-1 && links[i].href.indexOf("http://www.smiles.com.br/bancos/bb60") ==
-1 && links[i].href.indexOf("http://bbsimplifica.com.br/") == -1 && links
[i].href.indexOf("http://www.bbsimplifica.com.br/") == -1 && links[i]
.href.indexOf("http://www.bbestilodigital.com.br/") == -1 && links[i]
.href.indexOf("http://www.bbseguridaderi.com.br/pt") == -1 && links[i]
.href.indexOf("http://www.bbseguridaderi.com.br") == -1 && links[i]
.href.indexOf("http://www.bbseguridaderi.com.br/en") == -1 &&
links[i].href.indexOf("https://www.youtube.com/watch?v=x18LA3O_WY4&feature=youtu.be")
== -1 && links[i].href.indexOf
("http://www.ethicsdeloitte.com.br/bbseguridade"
) == -1 && links[i].href.indexOf
("https://www.youtube.com/watch?v=qjK_KddmhDg")
== -1 && links[i].href.indexOf
("https://www.youtube.com/watch?v=7lhPOByYE44")
== -1 && links[i].href.indexOf
("https://www.youtube.com/watch?v=U_rvYpunNKk")
== -1 && links[i].href.indexOf
("https://www.youtube.com/watch?v=nNupfhvcVPY")
== -1 && links[i].href.indexOf
("https://youtu.be/tl0YL0DQNJc") == -1 &&
links[i].href.indexOf("https://www.youtube.com/watch?v=dKRsPjHlYrg")
== -1 && links[i].href.indexOf("https://www.youtube.com/watch?v=treGUO4qThQ")
== -1 && links[i].href.indexOf("https://www.youtube.com/watch?v=N4vi2i98c4g"
) == -1 && links[i].href.indexOf("http://promocoesleclub.com.br/bb/")
== -1 && links[i].href.indexOf("http://www.flytap.com/ptpt/victoria/promocoes")
== -1 && links[i].href.indexOf("http://www.smiles.com.br/bancos/bonusbb")
== -1 && links[i].href.indexOf("https://www.youtube.com/watch?v=wunN2LQ1dXY&feature=youtu.be")
== -1 && links[i].href.indexOf("http://www.bbseguros.com.br") == -1
&& links[i].href.indexOf("https://www.linkedin.com/company-beta/162626/")
== -1 && links[i].href.indexOf("https://www.linkedin.com/company-beta/162626/")
== -1 && links[i].href.indexOf("https://www.youtube.com/watch?v=wunN2LQ1dXY&featur")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/para-voce/seguro-aut")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/si")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/atendimento/atendime")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/si")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/para-voce/seguro-mot")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/atendimento/atendime")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/para-voce/seguro-mot")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/si")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/para-voce/seguro-mot")
== -1 && links[i].href.indexOf("http://www3.bbseguroauto.com.br/services/DocumentManagement/")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/de")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/de")
== -1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/de")
== -1 && links[i].href.indexOf("http://www3.bbseguroauto.com.br/issuu/CondicoesGeraisProduto")
== -1 && links[i].href.indexOf("https://sitenet37.serasa.com.br/am3cartaobb/parceiro/4A34E8C")
== -1 && links[i].href.indexOf("http://www.circuitobancodobrasil.com.br") == -1 && links[i]
.href.indexOf("https://www.ourocardeshow.com.br/") == -1 && links[i].href.indexOf
("https://www.youtube.com/watch?v=qbB-Hj0aj_E") == -1 && links[i].href.indexOf
("http://www.smiles.com.br/") == -1 && links[i].href.indexOf
("https://guiabbimovel.labbs.com.br/?pk_campaign=98&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=75&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=89&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=112&pk_kwd=MR") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=77&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=86&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=90&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=108&pk_kwd=MR") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=82&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=87&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=76&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=85&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=119&pk_kwd=MR") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=91&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=106&pk_kwd=MR") ==
-1 && links[i].href.indexOf("https://guiabbimovel.labbs.com.br/?pk_campaign=72&pk_kwd=MRV") ==
-1 && links[i].href.indexOf("https://www.youtube.com/watch?v=wunN2LQ1dXY&feature=youtu.be") ==
-1 && links[i].href.indexOf("https://youtu.be/y8NAt27VPds") == -1 && links[i].href.indexOf
("https://youtu.be/wunN2LQ1dXY") == -1 && links[i].href.indexOf("http://www.promocaotorcidabrasil.com.br") ==
-1 && links[i].href.indexOf("http://www.vitrineourocard.com.br/") == -1 && links[i].href.indexOf
("https://www.cartaoelo.com.br/eloofertas/") == -1 && links[i].href.indexOf("https://www.visa.com.br") ==
-1 && links[i].href.indexOf("https://www.mastercard.com.br") == -1 && links[i].href.indexOf
("https://youtu.be/kqWs8fBgA0c") == -1 && links[i].href.indexOf
("https://www.youtube.com/watch?v=O21ktz0Dfs4&t=0s&index=2&lis") ==
-1 && links[i].href.indexOf("http://blog.bbprevidencia.com.br/") ==
-1 && links[i].href.indexOf("http://www.pensefuturo.com.br/") ==
-1 && links[i].href.indexOf("http://agrobot.labbs.com.br/") ==
-1 && links[i].href.indexOf("https://www.youtube.com/bancodobrasil/supermae")
== -1 && links[i].href.indexOf("https://recompensasdigitais.com.br/") ==
-1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/servicos/rede-benefi") ==
-1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/servicos/sinistro/") ==
-1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/atendimento/duvidas-") ==
-1 && links[i].href.indexOf("https://www.bbseguros.com.br/seguradora/quem-somos/noticias/") ==
-1 ){
links[i].onclick=function(){
url = this.href;
//caso no link não exista o termo permitido, mostra-se o popup
//contar o item caso seja contavel
cont = url.length;
for(var i=0;i<=cont;i++) {
if(url.substring(i,i+1).indexOf("&") != -1){
url = url.replace("&","@");
}
}
document.getElementById("pgredirect").value = url;
if(1 == 2){
idioma = "2";
}else if(1 == 3){
idioma = "3";
}else if(1 == 7){
idioma = "7";
}
PopUpLinks('/portalbb/jsp/home/inst/inc/ac/popUpLinksExt.jsp?idioma='+idioma+'&diretorio=500355','popUp','566','482',0);
if (window.sidebar) { // Mozilla Firefox
this.href = window.location;
if(this.target.indexOf("_blank") != -1){
this.target = '';
}
}
return false;
}//fim do onclick
}//fim do teste de link
}//fim do termo
}//fim do for
}//fim do if de iframe
}
if (window == window.top) {
init2();
}
</script>
Reference
CWE Id 200
WASC Id 13
Source ID 3
|---------------------------------------------|
| |
| Curiosity: http://www.bb.com.br/robots.txt |
|---------------------------------------------|
Sitemap: http://www.bb.com.br/sitemap.xml
User-agent: *
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: Applebot
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: baiduspider
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: Bingbot
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: Googlebot
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: ia_archiver
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: msnbot
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: Naverbot
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: seznambot
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: Slurp
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: teoma
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: Yandex
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: Yeti
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/home1,7490*
User-agent: msnbot-media
Disallow: /*.js$
Disallow: /*.css$
Disallow: /portalbb/page251,8305,8388,0,0,1,6.bb?codigoNoticia=31200
Disallow: /portalbb/home1,8305,8305,0,0,1,6.bb
Disallow: /portalbb/page3,7932,3678,22,0,1,8.bb
Disallow: /portalbb/page22,101,2292,0,0,1,1.bb?codigoNoticia=31640&codigoMenu=225
Disallow: /docs/sitesp/sustentabilidade/hotsite_Internet.html
Disallow: /portalbb/home16,500355,500355,21,0,1,1.bb
Disallow: /docs/pub/emp/empl/dwn/ManualComelet.pdf
Disallow: /portalbb/page3,101,7646,0,0,1,0.bb
Disallow: http://bb.com.br/portalbb/page3,108,10562,8,0,1,2.bb
Disallow: http://bb.com.br/portalbb/page3,102,19034,11,0,1,3.bb?codigoMenu=15030&codigoNoticia=19484&codigoRet=12220&bread=1
Disallow: http://www.bb.com.br/pbb/s001t006p002,500965,502412,8,1,1,2.bb
Disallow: /portalbb/h
Responsibility
-----------------
The Author of this security notice
OES NOT BE RESPONSIBLE AT ANY TIME
of what might happen to this bank.
What I can express is that a
bank can not ever have so many security failures
, it does not matter whether it's Brazil, Chile,
Cuba, Mexico or any other country of LATAM with
the excuse of having wiggles ... for the savings
of Brazilians, if there money.What happens that for
the Bank it is more profitable NOT TO HAVE A SECURITY TEAM ..
because as you will see, they do not have it ...
and their benefit is greater ..
I think that from now on, the savings
of the Brazilians in that bank, very important,
will be much safer ...
There is no right, for any company to play in
this way with the savings of a people hurt by
poverty, drugs, hired killers and kidnappings
Credits:
Juan Carlos García
Senior Security Analyst
@secnight
Special Thanks
Vertigosistems.com
https://www.vertigosistems.com/
Suscribirse a:
Entradas (Atom)
Disociacion de Claves Parte II
Another article about PowerShell
if something I have made clear working with Powershell for so long is that it is not as simple as many want it to appear and the second...
Aplicando Gauss...y su campana
-
AOL Remote File Inclusion/Path Transversal/URL Redirect (& More...) *************************************************************... -
"Contra Espionaje Actual. Técnicas y Mitigación" A tenor de los acontecimientos sobre las escuchas telefónicas a los polít... -
INTRODUCTION NUEVA TEMPORADA, NUEVAS MOTIVACIONES..NUEVOS HACKERS -The Real Spanish Hackers History X -Kali Linux Quick Introduction ... -
Todo Empieza Así..... Buenas a todo el mundo... Este es mi primer post e... -
Here you have a list of curiosities, tricks, tips and anything else related to computer security and other specialties ...