SWF hack hits myspace users.

	SecurityReason
News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

	WLB
WLB Database

Send to WLB

About WLB

	RSS
News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

	Corporate
Contact

About us

	Services
SecurePHP


	Note
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive : exploit()securityreason()com

News from: World

» Topic: SWF hack hits myspace users.

» Added by: sp3x

» Date: 22.7.2006

Another worm hit myspace users. This time worm used flash based redirect that exploits users signed into Myspace. If signed user go to a friends page, and then find yourself redirected to a blog post containing a diatribe about how the United States government is behind the 9/11 attacks, then the account of such user has been infected. The hacked account then is used to infect others users.

Small Solution was provided by "Chase" from Chaseandsam

"The solution is rather simple: Go to your home page, and click on edit profile, remove the line below (and only the line below) from your About Me section: (I added some "f's" to the code so it won't work here)

fembed ffallowscriptaccess="fnever" src=
"fhttp://i105.photobucket.com
/albums/mff225/yrkblack/redirecft.swf"
BY SPAIRLKAIFS

It's possible that the line above will be the only line you see - in that case, remove it all, and be sad if you had a custom template installed, because chances are you will have to re-install it. If you see nothing in your About Me section, chances are you have a non-Myspace custom template. You will need to click on the link that says "Safe edit mode" in the top right corner of the edit screen. You should be able to edit your About Me section at that point. If,
for some reason, when you click that button you are taken to a screen that deals with your Myspace groups and says something like, "you have no groups to moderate", then you will need to change the address in the Url box (at the top of your browser). It probably ends with this: fuseaction=groups.safemode, and you will need to change it to read: fuseaction=profile.safemode and then hit enter. From there, you should be able to remove the offending line of code from your account. Best not to do too much viewing of other people's accounts until Myspace fixes this problem. Please comment here if this has helped you or if it doesn't work, and feel free to browse the rest of our site!"

The details about SWF hack and how it works can be found :
Online version :
http://kinematictheory.phpnet.us/

Archived version :
http://securityreason.com/download/10/11

	Alert
BSD libc (strfmon) Multiple vulnerabilities - 2008-03-25 Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected BSD systems.


	Apache
» Apache Tomcat information disclosure

» Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability

» Apache Tomcat information disclosure vulnerability

» Apache Tomcat XSS vulnerability



	PHP
» PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass

» PHP 5.2.6 posix_access() (posix ext) safe_mode bypass

» PHP 5.2.5 and prior : *printf() functions Integer Overflow

» PHP 5.2.5 cURL safe_mode bypass