| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Feb 2005 11:08:09 -0800 From: Josh Tolley <josh@...ntreeinc.com> To: Steven <steven@...ebug.org> Cc: incidents@...urityfocus.com, bugtraq@...urityfocus.com Subject: Re: eBay Account Phishing with eBay Redirect I just tried this with my own URL, and eBay didn't forward me to some other site. Perhaps they've plugged this already? Josh Tolley Raintree Systems, Inc. http://www.raintreeinc.com 760 509 9000 Steven wrote: > I am not sure if this is better served by incidents or bugtraq, but in > any event here it is. I frequently get the fake looking e-mails > phishing for my Paypal, eBay, and banking login/password information. > Generally the links to the spoofed webpages are just links to a fake > page with a modified A HREF tag. However, it appears someone has found > that eBay's actual page has a command to redirect to a specified > webpage. While this shouldn't be a big risk, it still poses a small one > and is being actively exploitated. > > The page actually appears to link to eBay and it does, the link below is > the one I received in my inbox recently. > > http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%31%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrferHCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh > > > Simply: > > http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=www.website.com > > > > Steven > steven@...ebug.org > >
Powered by blists - more mailing lists