# Iframe exploit



## Logan_ (Mar 12, 2008)

sometimes the pages load a 1x1 IFRAME at http://gbatemp.net/pro.html, tring to run a flash exploit, and change the DNS lookup for a set of hostnames on some routers

http://pastebin.com/m371e42e7 copy of HTML page as of 8:39 3/11/2008 EST


----------



## jeklnoo (Mar 12, 2008)

ur forum software was haxed! and so soon after upgrading too. lame.


----------



## fischju (Mar 12, 2008)

OH NO.


*disables flash*


----------



## thejakal (Mar 12, 2008)

yes, this is quite an annoying problem. is it really a hack? either way, someone needs to take care of it...


----------



## camx (Mar 12, 2008)

I ARE ASCARED


----------



## 754boy (Mar 12, 2008)

Was just about to report this lol. Its VERY annoying


----------



## asuri (Mar 12, 2008)

because of the piracy protection rumor


----------



## jeklnoo (Mar 12, 2008)

offtopic84 said:
			
		

> OH NO.
> 
> 
> *disables flash*
> ...



yes it's definately a hack. what is unknown is if it's due to a hole in the forum software, or it was placed there by other means (eg by gbatemp admin to make some money)


----------



## Costello (Mar 12, 2008)

QUOTE said:
			
		

> or it was placed there by other means (eg by gbatemp admin to make some money)








 hehe


----------



## science (Mar 12, 2008)

I'm confused as to whats happening...?


----------



## CockroachMan (Mar 12, 2008)

So.. now Costello has all our credit card numbers? 
	

	
	
		
		

		
		
	


	




lol.. seriously.. what happened?


----------



## AndreXL (Mar 12, 2008)

It's because of the new game "DS #2114: Bunnyz (Europe)!!!"
It just came out and all heck broke loose!


----------



## fischju (Mar 12, 2008)

jeklnoo said:
			
		

> offtopic84 said:
> 
> 
> 
> ...




OH NOES

*disables javascript*


----------



## aZnXrAvEr (Mar 12, 2008)

I think I have a router that can be exploited by that "hack."

When I went on gbatemp.net last night, it kept causing my internet to disconnect and I had to wait a minute before I could use it again. It also gave me a new ip address... I have a UK ip address now because when I go to google.com, it redirects me to google.co.uk... When I click "Go to Google.com", there is an "VHCS Error" or something.


----------



## Drkchaos (Mar 15, 2008)

aZnXrAvEr said:
			
		

> I think I have a router that can be exploited by that "hack."
> 
> When I went on gbatemp.net last night, it kept causing my internet to disconnect and I had to wait a minute before I could use it again. It also gave me a new ip address... I have a UK ip address now because when I go to google.com, it redirects me to google.co.uk... When I click "Go to Google.com", there is an "VHCS Error" or something.



Same thing happened to me...

Any way to fix this? I can't even log into Gmail now...


----------



## aZnXrAvEr (Mar 15, 2008)

Yea, this is serious... What did you do Costello?  
	

	
	
		
		

		
		
	


	




Google.com and Gmail.com don't work for me anymore...


----------



## AndreXL (Mar 15, 2008)

Ok. Seems that this iframe hack thing started it all.... Hope everything is ok now. :|


----------



## Costello (Mar 15, 2008)

today's attack was totally unrelated, fortunately.
We're getting there, little by little


----------



## Extreme Coder (Mar 15, 2008)

Costello said:
			
		

> today's attack was totally unrelated, fortunately.
> We're getting there, little by little


Today's attack was wierd, There was something about Israel, Iran and Turkish hackers


----------



## aZnXrAvEr (Mar 17, 2008)

Okay, i have finally fixed my router problem from that iframe exploit! I did some searching and found this page that talks about the exploit that was used in the iframe:
http://www.dslreports.com/forum/r19983085-...y-Vulnerability

The iframe loaded a page that had an exploit for the 2wire gateway/routers. 
The first thing that it did was change the password to 'admin'. 

The next thing it did was set a bunch of sites (google.com, citibank.co.uk, colmena.com.co, banesconline.com, natwest.co.uk) to redirect to 85.207.10.68. I don't know what that ip is, but it didn't load anything... which is why google.com didn't work for me. 

And lastly, there's a code that restarts your router or something...

Anyway, I got the original ip addresses for each of those sites and set them back to normal in my router. Now I can access them again! If you need your router to be fixed, check out the page I made here: http://fix2wire.freehostplace.com


----------



## Logan_ (Mar 12, 2008)

sometimes the pages load a 1x1 IFRAME at http://gbatemp.net/pro.html, tring to run a flash exploit, and change the DNS lookup for a set of hostnames on some routers

http://pastebin.com/m371e42e7 copy of HTML page as of 8:39 3/11/2008 EST


----------



## superrob (Mar 20, 2008)

Hmm stil.. Why was the code even here?


----------



## xJonny (Mar 21, 2008)

superrob said:
			
		

> Hmm stil.. Why was the code even here?


----------

