Beware Of The “onerror” Attribute On IMG HTML Tags

Yesterday, we stumbled on to a link posted on the JVF Blog taking us out to a seemingly innocuous link found on my.nbc.com. What was odd was that when you clicked on the link, it would take you out to my.nbc.com, but after a few moments it would redirect you out to a site selling adult videos.

complock
We scoured the source on my.nbc.com and found that there were no apparent “script” tags or “META” tags present to force the delayed redirect. However, after doing a little more digging we found the following tag smack dab in the middle of the page:

imgonerrorexample
As always, something that was added to help aid a web master in alerting themselves or others of an error and gracefully exiting has been exploited. At least it keeps all of us on our toes!

Please beware of folks attempting to hijack your sites with leaving Blog comments, profile updates, etc with this method. If there is any way for you to have more control over your site to “strip tags” on all comments, I’d do so just to make sure you’re safe.

Good luck!

  • libertyatlast2010

    Oh, thanks a lot for that information. That can also be the reason why the site I have closed was being redirected to an adult page. I thought it was a spy ware infection and did not really checked on the codes. For sure, I will be more careful now and absolutely know what to do next just in case the same thing happens.

  • Garrett,
    now a days people using various methods to fishing the information and to sell their product by keeping gun on others shoulder.

    i have also found various miscellaneous script in my blog previously and i have also got warning message from search engine. Here are few steps i have followed to improve the security of the website:
    – Change password immediately
    – Contact web hosting service provider and discuss the scene
    – Ignore storing password of ftp software (i found some spyware who automatically connect through your ftp software and insert injection into code)
    – scan whole system for such spyware and removed it
    – check for possible sql injection vulnerability

    i am sure this will help you to improve your website security

  • thanks for sharing such useful information.. that’s very risky and we have to beware for this kind of activity. I am using Akimest tool for comment moderation so anybody can try to leave this kind of spamy comment it’ll go in to spam comments..