Re: Spoofed URI's or fake websites ?
Samuel Krieg wrote:[color=blue]
> I'm receiving some spam with links like
> [url]http://www.somewebsite.tld/image.htm[/url] ( filename may differ like
> join.htm or shop.htm ). The uri redirects to another viagra website.
> But the somewebsite.tld looks like a normal site (I'm pretty sure it is).
> Some examples :
> I need to understand how it works.. Is the hosting server beeing
> abused ? Any ideas/solutions ?[/color]
Odds are good they are being abused. Looking at tvoftheabsurd's main page they've got a PHP wordpress 2.2 login page. Wordpress has been known to have exploits in the past.
Ahh, yes. here's one for WP 2.2:
Oh, and another that allows arbitrary file upload:
That latter one is probably how the redirect page got uploaded.
apnalounge.com also makes extensive use of PHP and seems to have a lot of "cobbled together" code. Nothing jumps out at me, but I'd again not be surprised to find out some part is exploitable.
> Thank you.