Malicious JavaScript Code,
Jan 27, 2006
AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.
Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.
I don't know much about this; can someone suggest a good web site to
start learning a bit more about these threats. I have googled, but I am
not quire sure of the best search terms, and since there is so much
information out there, a site that experienced people endorse would be a
lot of help.
In particular, it seems as if JavaScript dowloading a trojran without
the user clicking an attachment is a big problem.
View 28 Replies
ADVERTISEMENT
Mar 5, 2010
So today I have discovered some malicious JavaScript code inserted into a bunch of my pages on a webserver. Access to these pages through FTP is granted to 3 people, myself, my boss, and a contract programmer. Unfortunately, the FTP server wasn't set to log, so I can't tell for sure if it was the programmer, but my assumption and suspicion is that it was him.
This code was inserted at the bottom of multiple pages. I can't make heads or tails of it, but it cannot be good, whatever it is. When I view the page that it was on, I noticed the web browser connecting to [url]. Browsing to this page takes you to some foreign hosting site. Googling superseasilver.ru only provides a page that has this address listed in a blacklist.
Code below:
View 9 Replies
View Related
Feb 10, 2011
I have a website that allows users to enter complex mathematical formulas into a text field and evaluates them.
I am currently using eval() because it not only can handle all the standard mathematical functions, but also gives them access to the Math object. That way the users can use functions such as Math.max() and everything else.
I realize, though, that using eval is evil, I assume because a malicious user might throw in some more damaging javascript that would be run without checking it. (That's why eval is evil, right?)
Is there a way that I can allow my users to construct complex mathematical formulas and use the Math object (or an equivalent) without potentially opening my site up to harm?
View 3 Replies
View Related
Nov 11, 2009
Besides malicious intent, why would someone disable javascript for general web browsing?
View 24 Replies
View Related
Sep 23, 2011
Can a plugin stop some malicious scripts to be executed?
Say, i have my plugin installed in my browser. Can this plugin go through the html contet of the site and stop the execution of activeX, action scripts, flash, pdf anything like that?
View 2 Replies
View Related
Jan 7, 2006
I would like to know how to write javascript such that, a part of it isnt considered as script, & rather as HTML. Code:
Ok, the layer div can be written using document.write. But, Google ad itself is a javascript isnt it. How can it be written into this? How does this work?
View 3 Replies
View Related
Sep 27, 2010
This article was just published on [URL].. As I read it this is about a new twist to an old issue. (see excerpts below) 1 - I thought JavaScript was in a "sandbox" and prevented inappropriate access to the local machine. Is this no longer true?
2 - More to the point: Can or are any modifications to JavaScript be done by the JavaScript development team... who ever that is (Oracle?)... to fix what ever JavaScript vulnerabilities are being exploited?
3 - Are there other defenses for the client machine other than those mentioned in the excerpt below? (Turn off JavaScript in their browsers, etc.) 4 - If there is no vigorous response to this by the JavaScript development team how can we continue to create apps with JavaScript as such will encourage people to simply turn off java script in their browsers and that will encourage other web developers to simply not use JavaScript on their sites.
5 - Is Oracle the "owner" or "keeper" of javascript? I looked on the Oracle Forums and saw no forum for javascript. If not Oracle who is addressing issues like these?
Article Excerpts: More recently still, the spammers started embedding the JavaScript inside the HTML file (rather than as a simple file attachment), to spread the horrible Zeus banking Trojan.
"So yes, a seemingly innocent HTML email attachment can do plenty of damage, and while quite stealthy, definitely not harmless," concludes Barracuda Labs' researcher, Dave Michmerhuizen. The only defenses against this sort of attack are either for it to be filtered at the gateway so it never reaches the user, or for the user to disable JavaScript in their browser. Security software on the PC might catch the exploit.End Excerpt.
View 2 Replies
View Related
Jan 28, 2010
The javascripts files in my website are constantly getting injected with malicious codes which redirects my website
View 2 Replies
View Related
Jul 23, 2005
I am working on a piece of code for an academic experiment and it
puzzled me for days, any help?
I use javascript to sort a table in a html page. bascially, a user can
click on any attributes and the javascript code will rank the contents
of the table based on that attribute. This is done.
Now I want to record the click information into an access database.
basically, wheneve the user click an attribute, I want to use asp code
to insert the click information (userid, attribute_clicked) into an
access database.
My current solution is use window.open in javascript and in the open
function, I insert the url of the asp. something like this:
var nW = window.open('', 'newwnd', 'width=0,height=0,left=0,top=0');
nW.location.href = "desc.asp?subjectid="+ subjectid + "&item=" +
attributeinfo;
nW = null;
However, the problem is there is always a popup windows appears when
the code was executed.
What i want to know is if there is anyway to let the asp code running
in the background invisibly by user?
View 2 Replies
View Related
Nov 6, 2006
I have copied from a site a javascript code for my web site to create a
pop up. This works fine on older versions of browser but not the most
recent. Whilst I have been searching for some new code to replace the
old code I have also learnt that the javascript will not always work
as it may not be enabled.
Therefore does anyone have some code that I could copy that will work
fine on all browser and if the javascript is not enabled.
View 4 Replies
View Related
Jun 16, 2010
I am looking at doing a asp.net web-page in VB code with java-script as well. I want to pull the information from the database(SQL server or Access) and then feed that information to my java-script code. Is that the way to do it or can you do Access or SQL in java-script pretty easy?
View 2 Replies
View Related
Jul 23, 2005
First part I'm banging my head against the wall on is about the amounts
of the Amount fields along the right to automatically equal the PETTY
CASH SUB-TOTAL field. So, the amount in this PETTY CASH SUB-TOTAL
field comes up automatically. Also, I need to have the amount in the
TOTAL AMOUNT field come up automatically as being the sum of the PETTY
CASH SUB-TOTAL and the PER DIEM SUB-TOTAL fields. Please see the
following as an HTML document to see what I'm talking about......
View 3 Replies
View Related
Oct 26, 2005
I need to add some javascript code block dynamically to a web page.
I looked into the various postings at various groups but none seems to
be solving my problem.
Among the approaches suggested first one is to create a script element
and set its properties (src etc) and then adding this script element to
the head element.
This works good for a dynamically including the files. But, in my case
I do not have any files but generating the content dynamically which
should be available to other javascript functions in the page. The
script that I need to add dynmically is given Code:
View 4 Replies
View Related
Jul 11, 2006
Any one knows how to encrypt javascript code... other way than escape()
and unescape() [not is encrypt but a way to protect source code ????
View 3 Replies
View Related
Dec 9, 2006
if speed, size is not a matter, i just want to protect the code as much
as possible, any library or tools do you think is the best solution
right now?
i know there is not a perfect solution, but as good as it can be is
okay...
p.s. need to be cross brower.
View 7 Replies
View Related
Jul 20, 2005
Is there any documentation or reference for the Mozilla web browsers.
Some of my older Netscape code doesnt work and the IE code still doesnt work ..
View 2 Replies
View Related
Jul 20, 2005
Is an index page. I have javascripts to open up submenus. But tehre are
quiter a lot of them, all simialr. Is there a way to unify all that
javascript into a single function?
View 3 Replies
View Related
Oct 2, 2005
Should I code for users without javascript? I don't know of anybody who doesn't have javascript turned on, but I have seen stats that say users without javascript run as high as 10%. I went to music.yahoo.com, I saw that they didn't code for no-javascript users, leading me to believe the no-javascript is a highly rare group.
View 12 Replies
View Related
Jul 23, 2005
Can anyone give me the code or point me in the direction of a simple
javascript certificate maker so that users can input there name and
date so as to use on my site?
View 7 Replies
View Related
Jul 23, 2005
I've been trying to do this for days without success. Is there a way to open a popup window from within the php code? Example:
if (some_condition) {
open a popup page and load a file in it
break;
}
View 2 Replies
View Related
Mar 3, 2006
As we all know, JavaScript is client side and php is server side, (the php
code is 'allowed' to do stuff on the server that JavaScript cannot).
The problem with php is that it timeout after a while, (and the user also
has no clue as to what is going on for a long time).
I need to run a script on the server that could take a very long time.
So what I was thinking is mixing both JavaScript and PHP
Something like,
<script>
var endvalue = 1000; /* some number that the server can calculate
quickly */
var i = 0
while (i<=endvalue)
{
/**
call a php file that will do some work
somefunction.php?someNumber=i
*/
}
</script>
That way the server does the work, while the client keeps it going.
Ideally I would also get a return value/string from the php script.
View 9 Replies
View Related
Jun 7, 2007
Can any one tell me different functions or properties of javascript
which are gives different outputs on different browsers ?
View 3 Replies
View Related
Feb 21, 2007
I have seen quite a few code generators over time where you are presented with a form, you fill in the various fields in the forum, and then click a Generate Code button, and the results show up in a textarea.
The code is then copied from the textarea and pasted into notepad or directly into an HTML document.
So, you may have some code that you want to generate that looks like this:
In this particular case there is 1 .js files that go to the root of the site that requires no editing.
Then there is 1 .css file that may require changes depending on user preferences. Things like margin, width, height, border and so on.
Then there is a section that goes into the Head of the document that requires no changes.
Then there is something like this would go inside a division"
<a href="address to a page" target="an iframe name"><img src="path to thumbnails/thumbnail name" border="1"></a>
Note that the above code has variable that would change based on user preferences. The way the code is presently structured it is not done as an array, however, this would substantially shorten the code depending on how many thumbnails are in it.
And finally there is another iframe section that would go inside a couple of a division. It relates to a second iframe.
Before I go any further with this, I just wanted to know if it's possible to do with javascript or is it best to do in another language.
The variables don't have to be kept in a database. What I am thinking is that the user would simply open up the HTML page, enter the data, generate the code, copy/paste and test, without closing the page. If there is a problem, he/she would simply go back in and change a variable or 2 and re-generate the code.
View 6 Replies
View Related
Mar 1, 2007
I have some code, using all the DOM documentation in the developer.mozilla.org website. For some reason it's only working in the newest Firefox 2 versions, and not 1.5.0.x
I'm having a hard time finding any documentation of what's not supported.
Can you guys help me? Here are the functions I'm calling:
getRangeAt();
range.collapsed
document.createElement("div");
range.cloneContents();
element.appendChild(clone);
document.getElementById("divid");
do you think it's createElement div? Maybe I can't create a div element?
View 1 Replies
View Related
Oct 13, 2005
I'm trying to load an ASP recordset into a javascript array via an ASP array. The way I've been attempting to do it is by having ASP "Response.Write()" the javascript code that builds the javascript array. It ALMOST works :rolleyes:
The problem I'm having is that the ASP writes the different javascript lines as one long line (ie. no carriage returns). Therefore, the javascript lines are not recognized. When I take the source code and manually separate the lines produced...then when I run the modified source, it works fine. Code:
View 1 Replies
View Related
Apr 20, 2003
Q: I have a pretty big html page - about 1,500 lines of code, 1,000 of which is javascript. (It's also referencing other javascript code, perhaps another 2,000 lines or so).
When I boot up the page in a fresh browser, it invariably crashes; the page just hangs. But, after killing the browser, and opening it up in a new one, the page seems to run fine. Is there some sort of javascript code limit that a web page / browser can handle...? Anyone know if there's a way to get around this? [Did I misread the problem? I'm pretty sure my code is fine.] Code:
View 22 Replies
View Related