lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003401c4985b$35ff5bb0$0500a8c0@pc01>
From: fulldisclosure at wateraxe.demon.nl (fulldisclosure@...eraxe.demon.nl)
Subject: drive by shooting - got hit by mysearch toolbar

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All patches installed on w2k server ie6
except :

journal viewer
.net framework
directx9.0b
media player 9

googled for 'how to configure htaccess on apache', firts hit was this
page :

www.thesitewizard.com/apache/index.shtml

i went there and found nothing ... like a page with links to stuff i
didnt really want ..
so i open a new window in IE .. bang ... 'MySearch toolbar' sitting
there in my IE window. 
i know i shouldnt be browsing on a server, but i just wanted to look
something up so i could configure the server 
now im sure i didnt click on OK anywhere, nothing even popped up when
i went there.
i checked back at the site and now something DID popup .. i was using
a remote terminal server connection,
so maybe i hit spacebar on accident before seeing the window ? i dont
think so , the connection here is quite fast,
i probably would have seen that ... anyway the second visit i did get
a popup asking for an install of something.
i checked the source and i did see a reference to
../include/common.jsp somewhere at the top,
but its late here so im gonna leave it at that and maybe check on it
tomorrow.

just thought i'd give some ppl who might be interested a heads up 
 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQUORGpNqa4mRthN9EQI3EQCgi0vP/7xW4vJMKyA+2vL0AM1JHCkAn0HB
J7gy3LFF6FvE+1FYv8FQ3A92
=ImDN
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ