Invision Board being exploited


On May 21st we reported a vulnerability in Invision Power Board. To be honest I didnt know much about it, or about the amount of sites using it. Well, now I know at least a BIG one that was using it as a forum for its customers. We are still contacting the website owner, so I wont mention it here. But the case is that it was vulnerable and was exploited.

Now, when you visit it, it will try to push a .wmf exploit to you.
PLEASE, DO NOT CLICK ON THE FOLLOWING LINKS!

The iframes on that page were reditecting to HTTP : // traffweb1.biz/dl/adv771.php and HTTP : // 2-extreme.biz/traff.php?adv=54 . SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Friday, 2nd June 2006 2:23AM