How to prevent this attack?

[aloneattack]

Hi guys,

Could this attack be harmful to this site (link below) ? and how could we prevent it?

EDIT: In this image one 'hacker' inserted some codes in the search form and the site threw out an alert or something. And then he distributed this image (edited - censored the site name - added caption)

http://postimage.org/image/gxgvinvdf/

EDIT: Also they sent following link:
DANGEROUS!!! (maybe virus or trojan inside this file - we don't detect anything, but be careful! - click with your own risk) **link has been cleared**
http://i.imm.io/Bo04.bmp

Help please,
Thanks,
nei

[wan26]

Je ne comprends pas

[aloneattack]

I added some information

[limdis]

We are looking into this aloneattack. For future reference please don't post potentially dangerous links. Either verify them before posting or PM one of us mods first.

[wan26]

It may be that the search field, or any field in the forms that allow user input have not been properly sanitized to protect against javascript injection, i am speculating because the website is not in my native language and i cant check it out. If this is the case then a visitor could even post a comment with html meta tags and redirect every one or any number of things with javascript...

[tremor77]

site has a boat load of javascript all declared in just a few linked .js files... global and common, with so much form processing, search, survey, comments, etc.. the site could be vulnerable to xss and xsrf. Webmaster needs to clean up that mess, validate form entries.. or a good hacker (not the skiddies that just hit it) could do some defacing, or even inject some malicious code into pages.

[wan26]

You could probably dox their username or group, im sure they included it in one of their pop ups, there may be websites and forums they contribute to or irc channels etc, may give extra info about what they are doing. But that may not be needed as the basic things the web'masters' have not considered could easily be googled anyway and should be known lol

i will take a look

Wow, pretty forum, there's also a blog that well, says it all.

[aloneattack]

Thank you for your helps,
So the attack is XSS. That seem to be fixed now!
It might be the missing of validation input forms.

Yeah, a pretty forum and a blog with Anonymous guy.


nei

-- Wed Aug 22, 2012 4:24 am --

We are looking into this aloneattack. For future reference please don't post potentially dangerous links. Either verify them before posting or PM one of us mods first.

yes, thanks

[limdis]

Oh man I would be pissed if I was the OP.


wan26, +1
They are a pretty easy dox target for those that are learning the dox trade. Just precede with caution considering their nature of work. Aloneattack, how is the recovery coming?

[wan26]

thanks i will be extra cautious by ending my curiosity now :] because they probably search that link looking for threads like this and maybe they have a stat counter on their websites recording visits or who knows what. I'd go through tor otherwise.

Also hope it works out for the op too

cod black ops: 'back out back out!' lol