Mess with the best, die like the rest… 

Facebook

Adverlets being hacked!

Today at 5.00p.m (GMT +8) i’m the first to notice adverlets being hacked by adbaaz.com (see whois). It’s not hard for me where have they hack advertlets.com. They have replace “http://apps.advertlets.com/adl-js/savvy/savvy.lite.animator.js” file into

if( cHeight <= 200 )
{
window.top.location = “http://www.adbaaz.com/?dn=apps.advertlets.com&flrdr=yes&nxte=js&prvtof=8b2VkUqfXDCVzkFKsQ1rPbXbLzl10g%3D%3D”;
}

How did they inject? have you heard AJAX injection?

SOLUTION
Remove temporarily your advertlets plugin until Advertlets make changes to their coding!

UPDATE AT 19:16: It’s not hard to determine who behind this adbaaz.com. I manage to get his other main website http://www.clckm.com/ and guess what! He is lousy programmer. I manage to find hole in his website!

Hack CLCKM

So I wonder, who the real hacker!!

MORE UPDATE AT 19:46 – After digging why everything is happen, I found something embarrassed about Advertlets.com DNS..
Advertlets DNS

Can’t see much? View on top pages.
Advertlets DNS expired

When DNS expired, it’s open port. Is that true? So People with high knowledge will utilize this weakness. Suddenly I realize.

WTF!! Advertlets don’t have enough money or they don’t implement project management carefully. WHAT A FLAW!!

 

8 Responses

  1. are u sure advertlets had been hacked?

    I think domain was expired.
    This domain name expired on Jan 03, 2008

  2. wow, is that true? guess ppl who use advertlets is affected. great discover there!

  3. wow, is that true? guess ppl who use advertlets is affected. great discovery there!

  4. At first I also suspect it was DNS expired, but as my experience, .js file shouldn’t be redirect to other pages. It should maintain to main website. But most of client redirect to adbaaz.com. That means someone quick enough to gain access open port. Hope this technicality could explain everything.

  5. [...] blogs like Krazl even suggested that the site was hacked which was of course not. The ‘parked’ page [...]

  6. Hi,
    At first I thought Web being hijack due to redirect, But further investigation (by referring to latest post – Please see update – below pages) reveal that DNS not renew by Advertlets. Please view http://www.krazl.com/blog/?p=41

    krazl
    http://www.krazl.com

You must be logged in , to post a comment.

Home announcement Adverlets being hacked!
credit