Here's another instance in a rash of reported vulnerabilities in member registration pages being spammed. Never heard of Podomatic before but it appears the spammers sure have and some nitwit registered as a member called Valium to do his spamming.
The link to the member's site is:
http://www.podomatic.com/profile/member/valiumThe javascript redirect code appears to be this shit embedded in the memberpage:
<script>Just goes to show you that if you don't secure your sites some spammer will abuse it but people just don't listen.
var mbht872 = 'on=';
var bikmr354 = 'qiqyi199';
var zlh171 ='ment';
var k97='.lo';
var ydxglyjedai737='ti';
var bmmp211='docu';
var mzcra833='http://drsearch.net/search.php?aff=15313&q=';
var ertmj632='valium';
var qiqyi199 = 'ca';
var lflx482='"';
if(bikmr354 = 'qiqyi199')eval(bmmp211+zlh171+k97+qiqyi199+ydxglyjedai737+mbht872+lflx482+mzcra833+ertmj632+lflx482);
</script>
3 comments:
Thanks for pointing this out, I've closed the hole.
--b
Maybe it's more than people don't care than they don't listen. Not everyone is obsessed with making the internet a perfect place... some people deal with issues in the real world.
Well, that's a nice theory as spoken by someone that sounds like a spammer, but the post above yours was from someone at Podomatic that fixed the issue.
You just keep being delusion as web spam is getting the boot.
Post a Comment