lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: jftucker at gmail.com (James Tucker) Subject: drive by shooting - got hit by mysearch toolbar The site quoted, did not contain any malicious code when I just checked it. The common.js file quoted contains only the framebreak code: ---------BEGIN--------- // common.js // Copyright 2001-2003 by Christopher Heng. All rights reserved. // $Id: common.js 2.3 2003/04/29 11:49:36 chris Exp $ function framebreaker() { // see http://www.thesitewizard.com/archive/framebreak.shtml // for an explanation of this script and how to use it on your own site if (top.location != location) { top.location.href = document.location.href ; } } ---------END--------- Unless there is some kind of image based exploit on the site I don't see mysearchbar having come from there. I checked the CSS for :before and :after properties too. On Sun, 12 Sep 2004 01:58:18 +0200, fulldisclosure@...eraxe.demon.nl <fulldisclosure@...eraxe.demon.nl> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > All patches installed on w2k server ie6 > except : > > journal viewer > .net framework > directx9.0b > media player 9 > > googled for 'how to configure htaccess on apache', firts hit was this > page : > > www.thesitewizard.com/apache/index.shtml > > i went there and found nothing ... like a page with links to stuff i > didnt really want .. > so i open a new window in IE .. bang ... 'MySearch toolbar' sitting > there in my IE window. > i know i shouldnt be browsing on a server, but i just wanted to look > something up so i could configure the server > now im sure i didnt click on OK anywhere, nothing even popped up when > i went there. > i checked back at the site and now something DID popup .. i was using > a remote terminal server connection, > so maybe i hit spacebar on accident before seeing the window ? i dont > think so , the connection here is quite fast, > i probably would have seen that ... anyway the second visit i did get > a popup asking for an install of something. > i checked the source and i did see a reference to > ../include/common.jsp somewhere at the top, > but its late here so im gonna leave it at that and maybe check on it > tomorrow. > > just thought i'd give some ppl who might be interested a heads up > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0.3 > > iQA/AwUBQUORGpNqa4mRthN9EQI3EQCgi0vP/7xW4vJMKyA+2vL0AM1JHCkAn0HB > J7gy3LFF6FvE+1FYv8FQ3A92 > =ImDN > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists