[Owasp-delhi] iframes injected into premiere educational institutes site
Gunwant Singh
gunwant.s at gmail.com
Thu Oct 8 03:05:07 EDT 2009
Hi Praveen,
Its appreciative and encouraging that your intent is good so to inform and
get the university guys fix the aforementioned vulnerability.
Notwithstanding, it is very much vital for us that we should comply with
the policies of a "Responsible Disclosure of the vulnerabilities".
Just for being safe in the first place and start the conversation with "I
tried to inform the guys but of no luck" is not an excuse for disclosing the
vulnerability in public. Believe me, its not appropriate for "us" ethically
or legally to stir up such instigations while we talk about responsibly
disclosing the flaws.
I just wanted to bring the fact to the notice of the OWASP community (and
moderators ofcourse) that this should be happening through appropriate
channels first rather than appropriate mailing lists. To my surprise, some
guy disclosed an XSS vulnerability in a popular railway reservation web
application some time ago. Are we sure that the respective administrators
are following the mailing lists while we talk about the flaws and the
exploits? I hopefully anticipate that you are getting what I am talking
about but if you are still perplexed what I am actually referring to, you
may want to have a look at these:
1.
http://www.csoonline.com/article/440110/The_Vulnerability_Disclosure_Game_Are_We_More_Secure_?CID=28071
2. http://www.cert.org/kb/vul_disclosure.html
3. http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf
Hope that you (and everyone of us) will find these useful and not to blank
out, no offense at all :)
Warm regards,
-Gunwant
On Tue, Oct 6, 2009 at 11:51 PM, praveen_recker .
<praveen_recker at sify.com>wrote:
> Hi OWASP,
>
> I am writing this such that it can be informed to concerned authorities.
> I tried to find mail id of the respective institue to inform them but
> could'nt find any.
>
> Details are as follows....
> Visit to anypage on* http://www.nagarjunauniversity.ac.in*
> and right click to "View Source", we'll find the following site embedded in
> iframe *http://bale.ws/show.php*
> When we open above site it gets redirected to *
> http://superpupermegacasino.com/* which hosts *SmartDownload.exe*
>
> Details of the EXE at virustotal is shown as *Win32/CasOnline!Adware*
>
> http://www.virustotal.com/analisis/9709a6f32be02642671f96ee264bae85fc924072ceb1a6f07c94ab94ae77943d-1254763534
>
>
> the page has eval() and base64_decode() methods. When we decode the base64
> content site *esli.tw* is embedded.
>
> There is one more site embedded *http://b.nt002.cn/E/J.JS*
>
> When we visit few pages on this site and if any AV is installed on ur
> machine (McAfee AntiVirus is installed in my case and triggers PDF-Exploit
> alert) it should trigger some alert.
>
> Interested folks can further analyze. Please inform concerned guys from
> Nagarjuna University.
>
> Best Regards,
> Praveen Darshanam,
> Security Researcher
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
--
Gunwant Singh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20091008/635cf0d9/attachment.html
More information about the Owasp-delhi
mailing list