| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Feb 2005 07:01:40 -0800 From: "Israel Torres" <ITorres@...ronic.com> To: "Josh Tolley" <josh@...ntreeinc.com>, "Steven" <steven@...ebug.org> Cc: <incidents@...urityfocus.com>, <bugtraq@...urityfocus.com> Subject: RE: eBay Account Phishing with eBay Redirect Actually Steven's example is supposed to be: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http://www.website.com note the http:// prefix following the RedirectToDomain&DomainUrl= As of Tuesday Feb 15 7am PST it still works (both examples). PS Steven, For the "Place or Update Credit Card on File" page, post-login it states for the user to "Sing Out", you may want to change it to "Sign Out". Israel Torres -----Original Message----- From: Josh Tolley [mailto:josh@...ntreeinc.com] Sent: Monday, February 14, 2005 11:08 AM To: Steven Cc: incidents@...urityfocus.com; bugtraq@...urityfocus.com Subject: Re: eBay Account Phishing with eBay Redirect I just tried this with my own URL, and eBay didn't forward me to some other site. Perhaps they've plugged this already? Josh Tolley Raintree Systems, Inc. http://www.raintreeinc.com 760 509 9000 Steven wrote: > I am not sure if this is better served by incidents or bugtraq, but in > any event here it is. I frequently get the fake looking e-mails > phishing for my Paypal, eBay, and banking login/password information. > Generally the links to the spoofed webpages are just links to a fake > page with a modified A HREF tag. However, it appears someone has found > that eBay's actual page has a command to redirect to a specified > webpage. While this shouldn't be a big risk, it still poses a small one > and is being actively exploitated. > > The page actually appears to link to eBay and it does, the link below is > the one I received in my inbox recently. > > http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%31%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrferHCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh > > > Simply: > > http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=www.website.com > > > > Steven > steven@...ebug.org > >
Powered by blists - more mailing lists