I came across the following exploit due to a warning from my AV software. It originated from an adserver delivering banner ads on one of my sites.
I have retrieved the content with Wget and copied to pastebin.
http://pastebin.com/m6fa38fac
[Warning: Link may contain malware - Do not visit from vulnerable PC.]
Please note that you have to scroll horizontally on pastebin as the code is all on one line.
Can anyone find out what the exploit actually does?
Thank you.
Not quite, as it includes (the equivalent of):
var mtime= new Date(document.lastModified).toUTCString().split( )[4].split( : );
it then uses the minutes and seconds of the last-modified time of the document containing it as a key to decode the array. If you can t still retrieve that javascript:alert(document.lastModified) time we d have to brute-force it.
ETA: ah, actually it only uses the first digit of the minutes, and from the way it uses it we can guess it s supposed to be 1. That s leaves only sixty possibilities, and a quick loop reveals that meaningful javascript only comes out for 16 seconds.
I ve put the decoded script here; it will probably also ping your anti-virus. Summary: it runs exploits against the Java, Flash and Acrobat plugins, running a payload from googleservice.net which is (surprise surprise) a Russian attack site.
This ussualy works to print de-obfuscated code
eval = alert;
in firefox with firebug, i solved it like this:
var lpsy16=lpsy;
eval = console.log; // This line was added
eval(lpsy+parseInt(gouy[0]));
Output is here: --deleted due to zoidberg s comment--
How to get a selected text inside a iframe. I my page i m having a iframe which is editable true. So how can i get the selected text in that iframe.
I would like to click a link in my page using javascript. I would like to Fire event handlers on the link without navigating. How can this be done? This has to work both in firefox and Internet ...
Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...
Is there a reliable way to access the client machine s clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google Docs do this? Do they use ...
I have a large javascript which I didn t write but I need to use it and I m slowely going trough it trying to figure out what does it do and how, I m using alert to print out what it does but now I ...
Is it possible for someone to give me a few pointers on how to display a multidimensional array in the form of a bar graph? The array is multidimensional, with three elements in each part - and the ...
Is it possible to reload a form after file-input change? I have a form where the user can chose an image for upload. I also have a php script which displays that image resized. I only wonder if it ...
I ve made a little forum and I want parse the date on newest posts like twitter, you know "posted 40 minutes ago ","posted 1 hour ago"... What s the best way ? Thanx.