Uncategorized

XSS on oswd.org (Open source Web design) used by spammers

http://www.oswd.org/ (Open Source design) is a popular web site used for sharing templates and web designs. They have a strong and active community and we actually used that in the past when looking for templates.

However, we started to notice lately a lot of spammers using the oswd.org site for hosting their content. Instead of having links to a viagra or a cialis web site, they were linking directly to random oswd profiles. For example:

http://www.oswd.org/user/profile/id/52781 or
http://www.oswd.org/user/profile/id/52780 or
http://www.oswd.org/user/profile/id/52792

*There are hundreds of profiles within the 526-528 range being used for that. If you search on twitter for “user profile” “oswd” you will find a bunch as well.


As we dug deeper, we found out the reason: Every designer can specify their site and a link to their portfolio. However their input form has a XSS flaw, that allowed the attackers to specify iframes within the link:

So, instead of adding the link, the attackers used ya.ru followed the iframe. Any user that visited these pages would load the spam (or malware) automatically from there.

We already contacted oswd.org and hopefully they will fix it soon and remove the spammers.

If your site is hacked (or with malware) and you need help, send us an email at contact@sucuri.net or visit our site: http://sucuri.net. We can get your sites clean up right away.

Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.

2 comments

Comments are closed.

You May Also Like