Iframe exploit

Logan_ · Mar 12, 2008

sometimes the pages load a 1x1 IFRAME at http://gbatemp.net/pro.html, tring to run a flash exploit, and change the DNS lookup for a set of hostnames on some routers

http://pastebin.com/m371e42e7 copy of HTML page as of 8:39 3/11/2008 EST

jeklnoo · Mar 12, 2008

ur forum software was haxed! and so soon after upgrading too. lame.

fischju · Mar 12, 2008

OH NO.

*disables flash*

thejakal · Mar 12, 2008

yes, this is quite an annoying problem. is it really a hack? either way, someone needs to take care of it...

camx · Mar 12, 2008

I ARE ASCARED

754boy · Mar 12, 2008

Was just about to report this lol. Its VERY annoying

asuri · Mar 12, 2008

because of the piracy protection rumor

jeklnoo · Mar 12, 2008

offtopic84 said:
OH NO.

*disables flash*

It's not using flash. If your browser uses javascript, and you have one of the affected routers/dsl models, you're in trouble.

QUOTE(thejakal @ Mar 12 2008, 02:23 AM) yes, this is quite an annoying problem. is it really a hack? either way, someone needs to take care of it...

yes it's definately a hack. what is unknown is if it's due to a hole in the forum software, or it was placed there by other means (eg by gbatemp admin to make some money)

Costello · Mar 12, 2008

QUOTE said:
or it was placed there by other means (eg by gbatemp admin to make some money)

hehe

science · Mar 12, 2008

I'm confused as to whats happening...?

CockroachMan · Mar 12, 2008

So.. now Costello has all our credit card numbers?

lol.. seriously.. what happened?

AndreXL · Mar 12, 2008

It's because of the new game "DS #2114: Bunnyz (Europe)!!!"
It just came out and all heck broke loose!

fischju · Mar 12, 2008

jeklnoo said:
offtopic84 said:

OH NO.

*disables flash*

It's not using flash. If your browser uses javascript, and you have one of the affected routers/dsl models, you're in trouble.

QUOTE(thejakal @ Mar 12 2008, 02:23 AM) yes, this is quite an annoying problem. is it really a hack? either way, someone needs to take care of it...

Click to expand...

yes it's definately a hack. what is unknown is if it's due to a hole in the forum software, or it was placed there by other means (eg by gbatemp admin to make some money)

OH NOES

*disables javascript*

aZnXrAvEr · Mar 12, 2008

I think I have a router that can be exploited by that "hack."

When I went on gbatemp.net last night, it kept causing my internet to disconnect and I had to wait a minute before I could use it again. It also gave me a new ip address... I have a UK ip address now because when I go to google.com, it redirects me to google.co.uk... When I click "Go to Google.com", there is an "VHCS Error" or something.

Drkchaos · Mar 15, 2008

aZnXrAvEr said:
I think I have a router that can be exploited by that "hack."

When I went on gbatemp.net last night, it kept causing my internet to disconnect and I had to wait a minute before I could use it again. It also gave me a new ip address... I have a UK ip address now because when I go to google.com, it redirects me to google.co.uk... When I click "Go to Google.com", there is an "VHCS Error" or something.

Same thing happened to me...

Any way to fix this? I can't even log into Gmail now...

aZnXrAvEr · Mar 15, 2008

Yea, this is serious... What did you do Costello?

Google.com and Gmail.com don't work for me anymore...

AndreXL · Mar 15, 2008

Ok. Seems that this iframe hack thing started it all.... Hope everything is ok now. :|

Costello · Mar 15, 2008

today's attack was totally unrelated, fortunately.
We're getting there, little by little

Extreme Coder · Mar 15, 2008

Costello said:
today's attack was totally unrelated, fortunately.
We're getting there, little by little

Today's attack was wierd, There was something about Israel, Iran and Turkish hackers

aZnXrAvEr · Mar 17, 2008

Okay, i have finally fixed my router problem from that iframe exploit! I did some searching and found this page that talks about the exploit that was used in the iframe:
http://www.dslreports.com/forum/r19983085-...y-Vulnerability

The iframe loaded a page that had an exploit for the 2wire gateway/routers.
The first thing that it did was change the password to 'admin'.

The next thing it did was set a bunch of sites (google.com, citibank.co.uk, colmena.com.co, banesconline.com, natwest.co.uk) to redirect to 85.207.10.68. I don't know what that ip is, but it didn't load anything... which is why google.com didn't work for me.

And lastly, there's a code that restarts your router or something...

Anyway, I got the original ip addresses for each of those sites and set them back to normal in my router. Now I can access them again! If you need your router to be fixed, check out the page I made here: http://fix2wire.freehostplace.com

Iframe exploit

Active Member

Well-Known Member

Rehabilitated Jaywalker

Well-Known Member

Well-Known Member

:D

Well-Known Member

Well-Known Member

Headmaster

science rules

Scribbling around GBATemp's kitchen.

Well-Known Member

Rehabilitated Jaywalker

Well-Known Member

New Member

Well-Known Member

Well-Known Member

Headmaster

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum