After noticing that the page loads first then redirects to the Lulzsec Twitter, then after after disabling javascript the redirect stopped... I was certain it was some sort of Javascript injection.<p>Then after looking at some comments from the the following HN story (http://news.ycombinator.com/item?id=2778422) I saw that someone had posted the link to the injection script on pastebin here: http://pastebin.com/pWQtngDc<p>After reading through, I am still a little unclear on how it all works.<p>I may be a little thick, but I would love to have someone explain how the injection worked!<p>Thanks,<p>Wesley
<script type="text/javascript">parent.location.href= "<a href="http://www.new-times.co.uk/sun/;</script>" rel="nofollow">http://www.new-times.co.uk/sun/;</script></a>;<p>That is the only important part of what you posted. It just changes the location of the main page.<p>As to how they managed to get it there, no one knows. I'd imagine there is some unescaped input somewhere in the web page that let them do it. A lot of the Lulzsec releases seemed to start with SQL injection and go from there.