[OWASP-Bangalore] [Owasp-delhi] iframes injected into premiere educational institutes site

Gunwant Singh gunwant.s at gmail.com
Thu Oct 8 03:14:13 EDT 2009


FYI...

On Thu, Oct 8, 2009 at 12:27 PM, <owasp-bangalore-owner at lists.owasp.org>wrote:

> I'm sorry, this list requires you to be subscribed. If you feel you
> should be on this list, try subscribing first.
>
> Thanks
>
> --OWASP
>
>
>
> ---------- Forwarded message ----------
> From: Gunwant Singh <gunwant.s at gmail.com>
> To: "praveen_recker ." <praveen_recker at sify.com>
> Date: Thu, 8 Oct 2009 12:35:07 +0530
> Subject: Re: [Owasp-delhi] iframes injected into premiere educational
> institutes site
> Hi Praveen,
>
> Its appreciative and encouraging that your intent is good so to inform and
> get the university guys fix the aforementioned vulnerability.
> Notwithstanding, it is very much vital for us that we should comply with
> the policies of a "Responsible Disclosure of the vulnerabilities".
>
> Just for being safe in the first place and start the conversation with "I
> tried to inform the guys but of no luck" is not an excuse for disclosing the
> vulnerability in public. Believe me, its not appropriate for "us" ethically
> or legally to stir up such instigations while we talk about responsibly
> disclosing the flaws.
>
> I just wanted to bring the fact to the notice of the OWASP community (and
> moderators ofcourse) that this should be happening through appropriate
> channels first rather than appropriate mailing lists. To my surprise, some
> guy disclosed an XSS vulnerability in a popular railway reservation web
> application some time ago. Are we sure that the respective administrators
> are following the mailing lists while we talk about the flaws and the
> exploits? I hopefully anticipate that you are getting what I am talking
> about but if you are still perplexed what I am actually referring to, you
> may want to have a look at these:
>
> 1.
> http://www.csoonline.com/article/440110/The_Vulnerability_Disclosure_Game_Are_We_More_Secure_?CID=28071
> 2. http://www.cert.org/kb/vul_disclosure.html
> 3. http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf
>
> Hope that you (and everyone of us) will find these useful and not to blank
> out, no offense at all :)
>
> Warm regards,
> -Gunwant
>
>
> On Tue, Oct 6, 2009 at 11:51 PM, praveen_recker . <praveen_recker at sify.com
> > wrote:
>
>> Hi OWASP,
>>
>> I am writing this such that it can be informed to concerned authorities.
>> I tried to find mail id of the respective institue to inform them but
>> could'nt find any.
>>
>> Details are as follows....
>> Visit to anypage on* http://www.nagarjunauniversity.ac.in*
>> and right click to "View Source", we'll find the following site embedded
>> in iframe *http://bale.ws/show.php*
>> When we open above site it gets redirected to *
>> http://superpupermegacasino.com/* which hosts *SmartDownload.exe*
>>
>> Details of the EXE at virustotal is shown as *Win32/CasOnline!Adware*
>>
>> http://www.virustotal.com/analisis/9709a6f32be02642671f96ee264bae85fc924072ceb1a6f07c94ab94ae77943d-1254763534
>>
>>
>> the page has eval() and base64_decode() methods. When we decode the base64
>> content site *esli.tw* is embedded.
>>
>> There is one more site embedded *http://b.nt002.cn/E/J.JS*
>>
>> When we visit few pages on this site and if any AV is installed on ur
>> machine (McAfee AntiVirus is installed in my case and triggers PDF-Exploit
>> alert) it should trigger some alert.
>>
>> Interested folks can further analyze. Please inform concerned guys from
>> Nagarjuna University.
>>
>> Best Regards,
>> Praveen Darshanam,
>> Security Researcher
>>
>> _______________________________________________
>> Owasp-delhi mailing list
>> Owasp-delhi at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>>
>>
>
>
> --
> Gunwant Singh
>
>
>


-- 
Gunwant Singh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20091008/a60f9154/attachment-0001.html 


More information about the OWASP-Bangalore mailing list