RE: eBay Account Phishing with eBay Redirect Feb 15 2005 03:01PM
Israel Torres (ITorres litronic com)
Actually Steven's example is supposed to be:

note the http:// prefix following the RedirectToDomain&DomainUrl=

As of Tuesday Feb 15 7am PST it still works (both examples).

PS Steven, For the "Place or Update Credit Card on File" page, post-login it states for the user to "Sing Out", you may want to change it to "Sign Out".

Israel Torres

-----Original Message-----
From: Josh Tolley [mailto:josh (at) raintreeinc (dot) com [email concealed]]
Sent: Monday, February 14, 2005 11:08 AM
To: Steven
Cc: incidents (at) securityfocus (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: eBay Account Phishing with eBay Redirect

I just tried this with my own URL, and eBay didn't forward me to some
other site. Perhaps they've plugged this already?

Josh Tolley
Raintree Systems, Inc.
760 509 9000

Steven wrote:
> I am not sure if this is better served by incidents or bugtraq, but in
> any event here it is. I frequently get the fake looking e-mails
> phishing for my Paypal, eBay, and banking login/password information.
> Generally the links to the spoofed webpages are just links to a fake
> page with a modified A HREF tag. However, it appears someone has found
> that eBay's actual page has a command to redirect to a specified
> webpage. While this shouldn't be a big risk, it still poses a small one
> and is being actively exploitated.
> The page actually appears to link to eBay and it does, the link below is
> the one I received in my inbox recently.
> http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&D
> Simply:
> http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&D
> Steven
> steven (at) lovebug (dot) org [email concealed]

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus