Re: eBay Account Phishing with eBay Redirect

To: Steven <steven@xxxxxxxxxxx>
Subject: Re: eBay Account Phishing with eBay Redirect
From: Josh Tolley <josh@xxxxxxxxxxxxxxx>
Date: Mon, 14 Feb 2005 11:08:09 -0800
Cc: incidents@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <002301c51192$7258d950$9865fea9@island55>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200502061509.j16F9mJC004330@xxxxxxxxxxxx> <e31785dd407dc1880d65c9e7c4fe86c3@xxxxxxxxxxxx> <80d7e409050212090667e350e9@xxxxxxxxxxxxxx> <002301c51192$7258d950$9865fea9@island55>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

I just tried this with my own URL, and eBay didn't forward me to someother site. Perhaps they've plugged this already?


Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
760 509 9000

Steven wrote:

I am not sure if this is better served by incidents or bugtraq, but inany event here it is. I frequently get the fake looking e-mailsphishing for my Paypal, eBay, and banking login/password information.Generally the links to the spoofed webpages are just links to a fakepage with a modified A HREF tag. However, it appears someone has foundthat eBay's actual page has a command to redirect to a specifiedwebpage. While this shouldn't be a big risk, it still poses a small oneand is being actively exploitated.
The page actually appears to link to eBay and it does, the link below isthe one I received in my inbox recently.
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%31%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrferHCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh
Simply:
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=www.website.com
Steven
steven@xxxxxxxxxxx

Follow-Ups:
- Re: eBay Account Phishing with eBay Redirect
  - From: Jonathan Rockway
- Re: eBay Account Phishing with eBay Redirect
  - From: Nick FitzGerald

References:
- eBay Account Phishing with eBay Redirect
  - From: Steven

Prev by Date: [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities
Next by Date: [ GLSA 200502-17 ] Opera: Multiple vulnerabilities
Previous by thread: eBay Account Phishing with eBay Redirect
Next by thread: Re: eBay Account Phishing with eBay Redirect
Index(es):
- Date
- Thread