[OWASP-Bangalore] OWASP-Bangalore Digest, Vol 23, Issue 2
abhaybhargav at gmail.com
Wed Oct 7 23:04:00 EDT 2009
This is not very surprising. I have found several XSS vulnerabilities with
some very reputed universities and B-schools across the country (I shall not
name them). I have sent several mails to them and reported the issue, but it
is obviously not of high priority for them. I believe that, in some cases,
they dont know how to fix the problem also.
Nine-ball and Gumblar worms. You might want to report this problem in such a
On Wed, Oct 7, 2009 at 9:44 PM, Sajin Jose <sajinkokkad at gmail.com> wrote:
> Unbelievable !! Just wondering why no one there at the university didn't
> notice this and rectify this..
> Also, I would really appreciate if some could one explain how the malicious
> site did this on a seemingly reputed university's site.. Any inputs?
> On Wed, Oct 7, 2009 at 9:30 PM, <owasp-bangalore-request at lists.owasp.org>wrote:
>> Send OWASP-Bangalore mailing list submissions to
>> owasp-bangalore at lists.owasp.org
>> To subscribe or unsubscribe via the World Wide Web, visit
>> or, via email, send a message with subject or body 'help' to
>> owasp-bangalore-request at lists.owasp.org
>> You can reach the person managing the list at
>> owasp-bangalore-owner at lists.owasp.org
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of OWASP-Bangalore digest..."
>> Today's Topics:
>> 1. iframes injected into premiere educational institutes site
>> (praveen_recker .)
>> Message: 1
>> Date: Tue, 6 Oct 2009 23:51:14 +0530
>> From: "praveen_recker ." <praveen_recker at sify.com>
>> Subject: [OWASP-Bangalore] iframes injected into premiere educational
>> institutes site
>> To: owasp-bangalore at lists.owasp.org, owasp-delhi at lists.owasp.org
>> <3542efac0910061121p71a17debx4f530e8523dc1022 at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>> Hi OWASP,
>> I am writing this such that it can be informed to concerned authorities.
>> I tried to find mail id of the respective institue to inform them but
>> could'nt find any.
>> Details are as follows....
>> Visit to anypage on* http://www.nagarjunauniversity.ac.in*
>> and right click to "View Source", we'll find the following site embedded
>> iframe *http://bale.ws/show.php*
>> When we open above site it gets redirected to *
>> http://superpupermegacasino.com/* which hosts *SmartDownload.exe*
>> Details of the EXE at virustotal is shown as *Win32/CasOnline!Adware*
>> the page has eval() and base64_decode() methods. When we decode the base64
>> content site *esli.tw* is embedded.
>> There is one more site embedded *http://b.nt002.cn/E/J.JS*
>> When we visit few pages on this site and if any AV is installed on ur
>> machine (McAfee AntiVirus is installed in my case and triggers PDF-Exploit
>> alert) it should trigger some alert.
>> Interested folks can further analyze. Please inform concerned guys from
>> Nagarjuna University.
>> Best Regards,
>> Praveen Darshanam,
>> Security Researcher
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> End of OWASP-Bangalore Digest, Vol 23, Issue 2
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
Linkedin - http://www.linkedin.com/in/abhaybhargav
My Security Blog - http://citadelnotes.blogspot.com
Blog feeds - http://feeds2.feedburner.com/AbhayBhargavOnInformationSecurity
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Bangalore