Updated: July 15th, 2006

Edit: this has now been fixed, but I'm sure many sites are still vulnerable.

Here's the link: click here

Unbelievable! This exploit is claimed to exist on 250+ sites. Here's the quote from the guy who found it:

"Look by yourself – this is how citibank.com cares about phishing and password theft. I reported it 20 hours ago. Nothing happened. Maybe it's time to make it public? It is an active link to working exploit, ready to send YOUR data from citibank.com domain to attacker's server – so dont give your real login and pass please."

Reported on digg.com.

● ● ●
Artem Russakovskii is a San Francisco programmer and blogger. Follow Artem on Twitter (@ArtemR) or subscribe to the RSS feed.

In the meantime, if you found this article useful, feel free to buy me a cup of coffee below.