Security Incidents mailing list archives

Re: EBay Fraud Attempt

From: "Waitman C. Gobble, II" <waitman () emkdesign com>
Date: 08 Dec 2002 22:34:21 -0800

The form posts to 

http://www.cutandpastescripts.com/cgi-bin/formprocessing/forms.pl

It has the following hidden fields, with the following values

activenumber            428283597791
username                xacxac
MfcISAPICommand         SingInWelcome
siteid                  0
co_partnerId            2
UsingSSL                0
ru                      
pp
pa1
pa2
pa3
i1                      -1
pageType                -1

and the following field names, that are entered by the user on the form

name
address
City
State
Zip
Phone
cc
expire
Cvv2
Bank Name
Bank #
checking_account_number
Routing_number
ssn
mmn
dob
dl#
userid
pass (password)
submit (value=Sign In)
keepMeSignInOption (checkbox, checked value=1)

Most of the images on the page are links from the ebay site. 

Except for the following:

http://www.ebayupdates.com/ebayccrevised_files/spacer.gif, which is
120x1 pixels.

http://www.ebayupdates.com/cvv2.jpg, which is 301x245 pixels.

-- 
Waitman C. Gobble, II <waitman () emkdesign com>
EMK Design

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

EBay Fraud Attempt Logan F.D. Greenlee (Dec 08)
- Re: EBay Fraud Attempt jlewis (Dec 09)
  - Re: EBay Fraud Attempt Chris A. Mattingly (Dec 11)
  - Re: EBay Fraud Attempt Kee Hinckley (Dec 11)
- Re: EBay Fraud Attempt Waitman C. Gobble, II (Dec 09)
- <Possible follow-ups>
- Re: EBay Fraud Attempt Stephen Friedl (Dec 09)
  - Re: EBay Fraud Attempt Stephen J. Friedl (Dec 11)
- Fwd: EBay Fraud Attempt Dave Laird (Dec 09)
  - RE: EBay Fraud Attempt Carlo Costanzo (Dec 11)
    - Re: EBay Fraud Attempt Dave Laird (Dec 11)
    - Re: EBay Fraud Attempt Mark (Dec 11)
- RE: EBay Fraud Attempt george . wasgatt (Dec 11)
- RE: EBay Fraud Attempt OBrien, Brennan (Dec 11)
- RE: EBay Fraud Attempt Chris Gordon (Dec 11)