OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Full-Disclosure] drive by shooting - got hit by mysearch toolbar

fulldisclosurewateraxe.demon.nl
Date: Sat Sep 11 2004 - 18:58:18 CDT


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All patches installed on w2k server ie6
except :

journal viewer
.net framework
directx9.0b
media player 9

googled for 'how to configure htaccess on apache', firts hit was this
page :

www.thesitewizard.com/apache/index.shtml

i went there and found nothing ... like a page with links to stuff i
didnt really want ..
so i open a new window in IE .. bang ... 'MySearch toolbar' sitting
there in my IE window.
i know i shouldnt be browsing on a server, but i just wanted to look
something up so i could configure the server
now im sure i didnt click on OK anywhere, nothing even popped up when
i went there.
i checked back at the site and now something DID popup .. i was using
a remote terminal server connection,
so maybe i hit spacebar on accident before seeing the window ? i dont
think so , the connection here is quite fast,
i probably would have seen that ... anyway the second visit i did get
a popup asking for an install of something.
i checked the source and i did see a reference to
../include/common.jsp somewhere at the top,
but its late here so im gonna leave it at that and maybe check on it
tomorrow.

just thought i'd give some ppl who might be interested a heads up
 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQUORGpNqa4mRthN9EQI3EQCgi0vP/7xW4vJMKyA+2vL0AM1JHCkAn0HB
J7gy3LFF6FvE+1FYv8FQ3A92
=ImDN
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html