hello,

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • anon
    #1

    hello,



    i've javascript code taken from the html of a wordpress site.

    it looks to be cross-site scripting that decodes itself and
    redirects to another site.

    i've got it because infected html was sent to me.

    i'd like to know that it didn't do more than re-direct me but
    i don't know javascript well enough to decode it

    it looks like its running a simple multiply algorithm against
    each char of a string, then concatenating the result to a result
    string to be executed.

    total char. count in script: approx. 560 chars. the var string
    decoded is approx 290 chars.

    two things, 1. anyone here interested in looking at it and
    saying what it does, and 2. what does the community think of
    posting injection code for this purpose in this group?



    regards,
    Tags: None
    • Randy Webb
      #2
      Re: hello,

      anon said the following on 2/22/2008 11:40 AM:

      <snip>
      two things, 1. anyone here interested in looking at it and
      saying what it does, and
      Sure. Post the code.
      2. what does the community think of posting injection
      code for this purpose in this group?
      Personally, I have never seen anybody complain about it in almost 10
      years of Usenetting (maybe longer, too lazy to look it up).

      Post the code.

      --
      Randy
      Chance Favors The Prepared Mind
      comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
      Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

        Comment

        Previous template Next
        Working...