[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] phishing sites examples "source code"

To: "Andres Riancho" <andres.riancho@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] phishing sites examples "source code"
From: "M.B.Jr." <marcio.barbado@xxxxxxxxx>
Date: Thu, 22 Feb 2007 10:00:47 -0300

On 2/19/07, Juergen Fiedler <juergen@xxxxxxxxxxxxxxxxx> wrote:


you can't readily get to the source
code for the form action because it is done in some sort of server
side scripting (CGI, PHP, ASP, whatever...) that can't readily be
viewed from the client side.



Can't readily be viewed BUT that part is sort of not-the-problem.

Those obvious server-side scripts Juergen mentioned would most probably
consist in a MVC-like design with persistence function code storing
collected data the simple way: in clear text... Since those fine illegal
gentlemen ain't gathering someone's Internet banking passwork in order to
encipher them and protect them from this bloodthirsty world...

Thus, concerning traditional phishing sites, the code itself is not really
an issue.
Code starts being problematic by the moment potential damaging load-time
scripts -- say AJAX techniques -- spread.

That said, I have run into one or two phishers who compromise a site

(or create a throwaway site themselves), upload their scripts in a
tarball, install them - and then leave the tarball around for
posterity to analyze. I kid you not.
Unfortunately, the only good way to get to that source code is by
asking the administrator of a compromised site whether they found
anything that they would be willing to share; going in and poking
around yourself may put you into a legal position that you'd rather
not be in.

HTH,
--j

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFF2brEvKOJTPSBKa0RAr72AKC3NUDFCA2AbvCtZxLerx0KMekzagCfdTo6
eNUf9cXUllk9i5eatnCyGM0=
=9wg4
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Marcio Barbado, Jr.
==============
==============

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] phishing sites examples "source code"
  - From: Andres Riancho
- Re: [Full-disclosure] phishing sites examples "source code"
  - From: Juergen Fiedler

Prev by Date: Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
Next by Date: [Full-disclosure] 802.1q Vlan Packets
Previous by thread: Re: [Full-disclosure] phishing sites examples "source code"
Next by thread: Re: [Full-disclosure] phishing sites examples "source code"
Index(es):
- Date
- Thread