Well that can be done here: http://jsunpack.jeek.org/?report=b226d4d4301a7821a45bb94edd48735caab9b728
(visit with script blocking active and in a VM)
The location line in the header above has redirected the request to: htxp://ads.cigarweekly.com/www/admin/index.php
(conditional redirect)
Content after the < /html> tag should be considered suspicious. line 93 has been cleansed?
This should not be online: htxp://ads.cigarweekly.com/www/admin/index.php because of PHP exploit via iFrame…
Vulnerabilities for the PHP version used: http://www.cvedetails.com/version/136532/PHP-PHP-5.3.17.html
see: http://www.cvedetails.com/cve/CVE-2013-1635/
PHP does not validate the configration directive soap.wsdl_cache_dir
before writing SOAP wsdl cache files to the filesystem. Thus an
attacker is able to write remote wsdl files to arbitrary locations
(CVE-2013-1635).
PHP allows the use of external entities while parsing SOAP wsdl
files which allows an attacker to read arbitrary files. If a web
application unserializes user-supplied data and tries to execute
any method of it, an attacker can send serialized SoapClient
object initialized in non-wsdl mode which will make PHP to parse
automatically remote XML-document specified in the location option
parameter (CVE-2013-1643).
User should update to 5.3.22 version which
is not vulnerable to these issues.
polonus