RE: nasty new url insertion program

From: Bowes, Ronald (EST) (RBowes_at_gov.mb.ca)
Date: 10/05/04

  • Next message: Bryan S. Sampsel: "RE: Layer 2 Switches" 
    To: "'alex@fbi.ie'" <alex@fbi.ie>, security-basics@securityfocus.com
Date: Tue, 5 Oct 2004 08:46:52 -0500

    It is possible that a script on the page is vulnerable to "http response
    splitting". I would suggest googling it, because I don't have any links
    handy, but that would allow somebody to poison the cache of a caching server
    between him and his site with a fake web page.

    I don't quite understand your questions, but it seems to me that that could
    be a possibility.

    Hope that helps!

    Ron Bowes
    Information Protection Centre
    Government Of Manitoba

    -----Original Message-----
    From: Alex Gogan [mailto:alex@fbi.ie]
    Sent: Friday, October 01, 2004 7:21 AM
    To: security-basics@securityfocus.com
    Subject: nasty new url insertion program

    Hi All,

    Just a quick note, a client rang me this morning in a panic saying the
    site we developed and hosted was compromised, what was happening was
    every time he made a change on the CMS system to one of the pages, where
    there was a URL field it would (he was unaware) insert
    "http://younghotgirls.net/2504/" it was only when he was checking the
    pages online did he notice this.

    Needless to say I told him to download the spy ware and antivirus to try
    and catch this but I must admit I find this troubling.

    Has anybody else found or heard of something similar ?? 

    -- 
Alex Gogan
alex@fbi.ie
Future Business Intercommunications
~The Complete Internet Services Company~
http://www.fbi.ie
Communications House
11 Leeson Park Villas, Sallymount Avenue, Ranelagh,
Dublin 6, Ireland
Tel:+353.14988588 | Fax: +353.14988589
Web: www.fbi.ie | Email: alex@fbi.ie
  • Next message: Bryan S. Sampsel: "RE: Layer 2 Switches"