[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] defacements for the installation of malcode

To: phish_n_bots@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] defacements for the installation of malcode
From: Vympel <vympel@xxxxxxxxxx>
Date: Fri, 16 Feb 2007 20:19:53 -0300

Hi, this is a old known "issue" many defacers put in mirrors some type 
of a trojan or some xss trick to stolen hotmail cookie. If someone like 
a "POC" just take a look in Iskorpitx defacements 
(http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_defacer,iskorpitx/)
 
you will found some of this virus ;-)
Also default hotmail/msn site is vulnerable a xss ;-)
Fix: Just disable java runtime machine and never open a link with some 
char codes
Best Regards
Vympel
Zone-H Admin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Phishmarket #2 (IFrame Spoofing/XSS on Austrian bank sites)
Next by Date: Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?
Previous by thread: Re: [Full-disclosure] defacements for the installation of malcode
Next by thread: [Full-disclosure] MLabs Is Up
Index(es):
- Date
- Thread