Last Comment Bug 759950 - Blocklist malicious "abusable.net" add-on
: Blocklist malicious "abusable.net" add-on
Status: RESOLVED FIXED
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
:
: Jorge Villalobos [:jorgev]
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-30 17:00 PDT by Jorge Villalobos [:jorgev]
Modified: 2016-03-07 15:30 PST (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Jorge Villalobos [:jorgev] 2012-05-30 17:00:19 PDT
What I did?
Downloaded add-on from http://abusable.net/x/video.php?56473456456

What happened?
DL URLs: 
FF - http://abusable.net/x/video.php?id=1

Analysis:

Loads JS from the add-on
Calls out to the following URLs (both return the same data)
http://juyh12.me/j.php
http://kmjh78.asia/j.php

juyh12.me/j.php and kmjh78.asia/j.php:
injects http://juyh12.me/js_f.php?v=tg0002
a library of functions to:
grab a user's Facebook or Tagged session details
solve captchas via http://mp56a.com/fn/cs/api/s_c.php?u
send log data to http://juyh12.me/ss.php?r
post to Facebook and Tagged

js_f.php:
same code as j.php


What should have happened?


It shouldn't steal your Facebook session information and post as a user
without their consent.
Comment 1 Jorge Villalobos [:jorgev] 2012-05-30 17:10:09 PDT
Id: pfzPXmnzQRXX6@2iABkVe.com
Comment 2 Jorge Villalobos [:jorgev] 2012-05-30 17:10:38 PDT
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i99

Note You need to log in before you can comment on or make changes to this bug.