[Full-disclosure] phishing sites examples "source code"

M.B.Jr. marcio.barbado at gmail.com
Thu Feb 22 13:00:47 GMT 2007 

On 2/19/07, Juergen Fiedler <juergen at fiedlerfamily.net> wrote:
>
> you can't readily get to the source
> code for the form action because it is done in some sort of server
> side scripting (CGI, PHP, ASP, whatever...) that can't readily be
> viewed from the client side.


Can't readily be viewed BUT that part is sort of not-the-problem.

Those obvious server-side scripts Juergen mentioned would most probably
consist in a MVC-like design with persistence function code storing
collected data the simple way: in clear text... Since those fine illegal
gentlemen ain't gathering someone's Internet banking passwork in order to
encipher them and protect them from this bloodthirsty world...

Thus, concerning traditional phishing sites, the code itself is not really
an issue.
Code starts being problematic by the moment potential damaging load-time
scripts -- say AJAX techniques -- spread.

That said, I have run into one or two phishers who compromise a site
> (or create a throwaway site themselves), upload their scripts in a
> tarball, install them - and then leave the tarball around for
> posterity to analyze. I kid you not.
> Unfortunately, the only good way to get to that source code is by
> asking the administrator of a compromised site whether they found
> anything that they would be willing to share; going in and poking
> around yourself may put you into a legal position that you'd rather
> not be in.
>
> HTH,
> --j
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFF2brEvKOJTPSBKa0RAr72AKC3NUDFCA2AbvCtZxLerx0KMekzagCfdTo6
> eNUf9cXUllk9i5eatnCyGM0=
> =9wg4
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Marcio Barbado, Jr.
==============
==============
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070222/fd6a93f4/attachment.html

Full-Disclosure is hosted and sponsored by Secunia.