Full Disclosure mailing list archives
Re: drive by shooting - got hit by mysearch toolbar
From: James Tucker <jftucker () gmail com>
Date: Sun, 12 Sep 2004 01:59:39 +0100
The site quoted, did not contain any malicious code when I just checked it. The common.js file quoted contains only the framebreak code: ---------BEGIN--------- // common.js // Copyright 2001-2003 by Christopher Heng. All rights reserved. // $Id: common.js 2.3 2003/04/29 11:49:36 chris Exp $ function framebreaker() { // see http://www.thesitewizard.com/archive/framebreak.shtml // for an explanation of this script and how to use it on your own site if (top.location != location) { top.location.href = document.location.href ; } } ---------END--------- Unless there is some kind of image based exploit on the site I don't see mysearchbar having come from there. I checked the CSS for :before and :after properties too. On Sun, 12 Sep 2004 01:58:18 +0200, fulldisclosure () wateraxe demon nl <fulldisclosure () wateraxe demon nl> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All patches installed on w2k server ie6 except : journal viewer .net framework directx9.0b media player 9 googled for 'how to configure htaccess on apache', firts hit was this page : www.thesitewizard.com/apache/index.shtml i went there and found nothing ... like a page with links to stuff i didnt really want .. so i open a new window in IE .. bang ... 'MySearch toolbar' sitting there in my IE window. i know i shouldnt be browsing on a server, but i just wanted to look something up so i could configure the server now im sure i didnt click on OK anywhere, nothing even popped up when i went there. i checked back at the site and now something DID popup .. i was using a remote terminal server connection, so maybe i hit spacebar on accident before seeing the window ? i dont think so , the connection here is quite fast, i probably would have seen that ... anyway the second visit i did get a popup asking for an install of something. i checked the source and i did see a reference to ../include/common.jsp somewhere at the top, but its late here so im gonna leave it at that and maybe check on it tomorrow. just thought i'd give some ppl who might be interested a heads up -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQUORGpNqa4mRthN9EQI3EQCgi0vP/7xW4vJMKyA+2vL0AM1JHCkAn0HB J7gy3LFF6FvE+1FYv8FQ3A92 =ImDN -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New security tools and papers released shadown (Sep 01)
- <Possible follow-ups>
- Re: New security tools and papers released raize (Sep 01)
- drive by shooting - got hit by mysearch toolbar fulldisclosure (Sep 11)
- Re: drive by shooting - got hit by mysearch toolbar James Tucker (Sep 11)
- Re: drive by shooting - got hit by mysearch toolbar Gregh (Sep 11)
- Re: drive by shooting - got hit by mysearch toolbar Andrei Galca-Vasiliu (Sep 12)
- Re: drive by shooting - got hit by mysearch toolbar Über GuidoZ (Sep 12)
- drive by shooting - got hit by mysearch toolbar fulldisclosure (Sep 11)