httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Mortensen <>
Subject [users@httpd] hidden iframe in stock Win32 install?
Date Wed, 18 Jun 2008 17:33:50 GMT
Hi, list.

I need a quick sanity check.  I have a stock 2.2.9 httpd (Win32 Binary 
including OpenSSL 0.9.8h (MSI Installer)) install on my Windows XP box.  I 
just got the binary from the mirror.  The MD5 signature 
checks out fine.

Everything looked OK while connecting to localhost, but I noticed a funny 
0x0 "blip" in the left-hand corner when viewing it remotely.  I decided to 
connect to it by hand, and I found a hidden iframe element that's not in 
the index.html file:

$ telnet 80
Connected to
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 200 OK
Content-Length: 264
Content-Type: text/html

<iframe src='' width=0 height=0></iframe> 
<html><body><h1>It works!</h1></body></html>

   I tried it on another XP machine, and I got the same result.  Before I 
try to narrow this down to httpd / my machines / myself, I'd like to ask
if anyone else has seen this?  A virus and spyware scan came up OK on both 

   I haven't compiled this version from source yet, but I'm going to try 
that next.


  \|/   ___   \|/    +----- 2048R/38BD6CAB -----+
   @~./'O o`\.~@                            | 02BD EF81 91B3 1B33 64C2 |
  /__( \___/ )__\                           | 3247 6722 7006 38BD 6CAB |
     `\__`U_/'                              +--------------------------+

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message