WebApp Sec mailing list archives

Re: PayPal Phishing Site Exploits Google XSS Vulnerability

From: Paul Laudanski <zx () castlecops com>
Date: Wed, 11 Jan 2006 15:58:01 -0500 (EST)

On Wed, 11 Jan 2006, Stelian Ene wrote:

Paul Laudanski wrote:

There is a new PayPal phishing site that is crafty and cunning in
attempting to hide its true address from the surfer. Unsuspecting users
might fall for this devious trickery. It is thru a Google XSS attack that


That XSS attack was solved some time ago. This is simply using the well
known google.com/url?q=http://YOURURLHERE trick.
I wouldn't call this a security vulnerability, and google is certainly
not the only one affected. It's rather a social engineering scam: the
users clicks on a google link and does not expect to end up someplace
else...


Hi Stelian, thanks for the reply.  The article addresses the Google XSS 
vulnerability by way of Securiteam.  The article is not focusing on the 
Google XSS itself per se, but rather that new phishing scams are 
exploiting this to snare unsuspecting PayPal users.

Unfortunately, these attacks are going further than that by concealing the 
true address location in the browser.  The article and video reveal all of 
this in the hopes that no one will fall prey.  Not to mention there are at 
least two real world scams using all of these techniques and glitches.

Yes there are other sites vulnerable to this kind of XSS, but none of them 
carry the same brand name.

The newest domain I'm seeing involved in this trickery on top of the first 
one from last night is: 210.110.166.167

These phishing scams need to be shut down, whether they use XSS or not.

--
Paul Laudanski, Microsoft MVP Windows-Security
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com


-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

Current thread:

PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski (Jan 11)
- Re: PayPal Phishing Site Exploits Google XSS Vulnerability Stelian Ene (Jan 11)
  - Re: PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski (Jan 11)
- <Possible follow-ups>
- Re: PayPal Phishing Site Exploits Google XSS Vulnerability shwaya (Jan 12)