Script injection virus / Cross-Site Scripting
I had a page on a simple website for a pirate restaurant this week, and I'm looking for some advice. The hacker managed to get an iframe tag on the homepage of the site and the content of the iframe was pretty nasty turn a few computers in stops, at least temporarily.
My hosting company, HMS, takes the position that the tag went up in the page index.html, through a possibility of script, not no matter what hole in the security of their server. So, I try to understand where they got.
a few facts:
- site is HTML only. Not dynamic.
- It is has a mail.asp on the server page, but it was not used or linked to any page. (and oddly enough, the site is on a linix server, so I think that a contribute user has slept with who at one point)
- the site uses opentable.com, which is an online booking system which uses an iframe. (I'm asking them to assess whether or not their script could be a problem.
- the only infected page, index.html, haven't had no call to external scripts inside - no call to any outside no files at all, not even a CSS file. It contained only internal DW javascripts like MM_swapImage html tags and a few images.
- The site is enabled for Contribute. (I'm trying in vain to remove this, but that's another story)
If anyone can help me understand how a site like this could be compromised, I'd appreciate it.
by passing the ball, your Web site hosting provider isn't very good. any decent host is have external firewall protection and insist that make their servers scans of minimum annual intrusion. your html page should not cause their servers for bricks, especially if it's a virtual or shared solution.
Tags: Dreamweaver
Similar Questions
-
How to disable Adobe cross-site scripting.
disable Adobe cross-site scripting. I have a vista running on a laptop
http://forums.Adobe.com/index.jspa
Try the Forums Adobe above, relating to your question.
Or Vista programs Forum:
It's updated operating system Vista, upgraded installation and activate Forum.
http://social.answers.Microsoft.com/forums/en-us/vistaprograms/threads
They will help you with your question in Forum Vista programs at the above address.
See you soon.
Mick Murphy - Microsoft partner
-
Hello
We have implemented a portal that is connected to the Internet by using SharePoint 2010. We used a vulnerability scanner, called Rapid7 (https://www.rapid7.com).
He noted that the portal is vulnerable to the based on DOM cross-site-scripting (XSS). The affected file is a SharePoint integrated in the Layouts folder: MS. USER INTERFACE. Pub.Ribbon.js
The detailed message is as below:
/ _layouts/SP. USER INTERFACE. Pub.Ribbon.js line 94: exit dangerous customer call showUnapprovedXmlHttp.send () with the concatenation of 94:String argLine contaminated with the concatenation of 94:String valueLine controlled by the user with the concatenation of 94:String valueLine controlled by the user with the concatenation of 94:String valueLine of controlled use with the concatenation of 94:String controlled by the user valueLine with 94:Result valueLine controlled by the user of taint where are stored the calling function on ordered valueLine 94 : "document. URL.split... "... Split toLowerCase ' is controlled by the user
References:
Source Reference CERT CA-2000-02 OWASP-2010 A2 OWASP-2013 A3 URL http://en.Wikipedia.org/wiki/Cross_site_scripting URL http://www.webappsec.org/projects/articles/071105.shtml Please advise on how to solve the problem of Security reported.
Thank you
Randy
Hello Randy,
Thanks for posting your question on the Forum of the Microsoft community.
The question will be better suited to the audience of it professionals on the MSDN forums.
I would recommend posting your query in the MSDN Forums.
MSDN forum
http://social.msdn.Microsoft.com/forums/SharePoint/en-us/home?Forum=sharepointgeneralpreviousThank you
-
Hello
I was wondering if someone else has noted an increase in false positives on the 2 following competitions:
-Microsoft Internet Explorer toStaticHTML String Cross - Site Scripting Vulnerability related to treatment
-Microsoft Office Excel Ghost Record analysis of arbitrary Code execution vulnerability
Obvisouly I see these events because the signature has been introduced recently.
But I wonder if these alarms I get are authentic (and I have a big problem), or if the signature must be "set" by Cisco to be a little less sensitive?
Anyone who has experienced something similar or can enlighten?
Thank you
SEB.
Hello Seb,
As a result of this thread, we have identified a false positive in signature 30419 and corrected the signature. The signature change is currently under review and is likely to do the update of signature which releases next week.
Please let me know if I can help with anything whatsoever in addition under this thread. If your question has been answered, please mark the thread as such so that it is useful to other users. Also, feel free to note this thread to take account of your experience.
Thank you
Blayne Dreier
Cisco TAC team climbing
* Please see our Podcasts *.
TAC security show: http://www.cisco.com/go/tacsecuritypodcast
TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series
-
Vulnerable Webhelp for XSS cross site scripting checking. Reason - document.location.href
Online help, created by the team through a security vulnerability checking now. It was found that integration of webhelp with the application, document.location.href is a vulnerable point according to the XSS cross site scripting. Please your thoughts and all the methods that you have that can contain this situation. Its emergency, please help.
You can update your copy with the help > update or web page: http://www.adobe.com/downloads/updates/
-
DNS server and mail cross-site fell down.
After restarting the Windows Server2008, the DNS server and mail cross-site not may start automatically. So I want to start these two are manual. There is no information in the log file or no code error on this issue. How can I solve this problem? Anyone knowing the solution please answer me. Waiting for your valuable suggestions.
http://www.Microsoft.com/windowsserver2008/en/us/forums-blogs.aspx
Repost in the above Forums Windows Server 2008.
These are the Vista Forums.
See you soon.
Mick Murphy - Microsoft partner
-
I just looked up a lyric of song on a lyrics site and a pop blown up on my iMac with a warning and a number of 1800 to call...
So I immediately you quit safari and cleared the history and then ran malware bytes and no malware according to malware bytes.
Should I do something else to search for malware or viruses?
I'm probably being paranoid, but I appreciate any help offered.
Thank you!
It is probably not malicious software on the computer, but you should always look for other odd behavior or unexplained slowness.
(138707)
-
When I shop HSn or QVC, I receive a notice of cross-programming that the site is slowed down because of this feature? I deleted once and then caught a virus and she came back. I did not save the answer, can anyone help me again. Thank you...
Hello
This section of the forum can help you
Concerning
GT4U
-
How to hide script data are posted on the sites of URL?
Installed IE9 Beta. Cross site scripting data are displayed on web pages. It can be removed?
Problem solved. Compatibility btn clicked and "script data" is not displayed
P.S. displayed only given script on the homepage.
-
Two scripts of connection in DW8
Hello
I suffered on one of my areas of a nasty outbreak of sql injection on a site created in DWMX2004 a few years ago. I tightened security variable form and url by updating behaviors of DW8.02 ones, but this seems to be insufficient. My next idea was to create two login accounts sql server different, one for the public pages that has only very limited privileges (can select but not insert/update / delete except if specifically required) and one for the content management system, that can do everything.
The problem is that Dreamweaver will not allow me to have two database connections defined in a site. This means that half of my pages cannot be modified because the path to the connection file is not valid. I can have two files of connections (each one used by half of the site) and keep redefining the connection of master database because I move between files, but it's not ideal. Also, I can define two sites (one with each connection) to the same folder and keep switching between them, but it's also a pain.
Does anyone know of a better way to do it?
Any ideas gratefully received.
TPOK, I thought about it. YOU have two active connections, but DW8 does not recognize an "old" when you added the second connection until you have closed and then reopened Dreamweaver. So it's good.
Weird!
-
Signature, 41846/1 matches on the Site of Adobe
Hi, today I noticed that a new signature, 41846/1 started matching on different IPs belonging to
Adobe Systems Inc.. ThePlanet.com Internet Services, Inc. or.
Here I post some events detected by the IP addresses:
Gravity
Date
Time
The name of the GIS.
The ID of the GIS.
Attacker IP
Victim IP
Vicitm Port
Threat assessment
Level of risk
High 15/02/2012
08:56:26
Generic Cross-Site Scripting Attack
41846/1
1.2.3.4 66.235.132.152
80 60
95
High 15/02/2012
08:56:27
Generic Cross-Site Scripting Attack
41846/1
1.2.3.4
66.235.134.160
80
60
95
High 15/02/2012
08:56:27
Generic Cross-Site Scripting Attack
41846/1
1.2.3.4
66.235.139.121
80
60
95
High 15/02/2012
09:00:38
Generic Cross-Site Scripting Attack
41846/1
1.2.3.4
66.235.132.152
80
60
95
High 15/02/2012
09:00:38
Generic Cross-Site Scripting Attack
41846/1
1.2.3.4
66.235.134.160
80
60
95
The IP of the attacker "1.2.3.4. would be the IP of the proxy.
By analyzing the proxy logs, I saw that a lot of different computers on my network are trying to reach the sites of Adobe to download a new version or an update, that is:
GET http://swupmf.adobe.com/manifest/50/win/AdobeUpdater.upd HTTP/1.1
GET http://armmf.adobe.com/arm-manifests/win/Reader9Manifest.msi HTTP/1.1
GET http://armdl.adobe.com/pub/adobe/reader/win/9.x/9.5.0/es_ES/AdbeRdr950_es_ES.exe HTTP/1.1
So my first question is why the attempt to reach the Adobe site match an IPS signature linked to an attempt to Cross Site Scripting.
As I have reasearched, 41846/1A signature was published in order to attend the CVE-2012-0017: ' Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 gold and SP1 allows remote attackers to inject arbitrary script or HTML via JavaScript sequences in a web URL, alias 'XSS in inplview.aspx vulnerability.' "
Then, my second question is how the Adobe site is related to CVE-2012-0017
Thank you.
Best regards, Dana
Hi Dana,
You and I must have been posted at the same time. We noticed that a problem with this signature on one of our s sensor this morning after that S625 has been applied. Addresses "pirate" are all internal and addresses 'target' are all over the Board, some internal and externals. I had to disable this because it fires so often, 128 times during the last one hour. I hope that people from Cisco can take a look at this and soon to release an update.
-
Original title: cross stitching
I get a warning at the bottom of the page that warns of a volleyball how the hell this labelmontanacowgirl,
Do you mean the scripts? If so, please see the following:
-
through the notice at the bottom of my screen script in almost all sites?
What would be my settings and how do I change cause it's a novelty
never happened before, especially when only in like yahoo, yahoo mail, etc...
Hi Himtnman,
What web browser do you use?
If you're unsing Internet Explorer, try the following steps to solve the problem.
Filter Cross - Site Scripting (XSS) of Internet Explorer can prevent a Web site to add the code of script to another Web site. XSS filter watches how websites interact, and when it recognizes a potential attack, it will automatically block script code running. When this happens, you will see a message in the information bar rental, you know that the Web page has been changed to help protect your privacy and security.
I suggest you try the steps to disable the XSS filter:
(a) click Start and type Internet Explorer in Start Search.
(b) press enter.
(c) press the Alt key on the keyboard after opening Internet Explorer.
(d) click on Tools and then click on Internet Options.
(e) click on the Security tab.
(f) click on custom level.
(g) scroll to the bottom of the list.
(h) click disable under ""Activate the filter XSS. " "
(i) click on ok to close the Properties window.
(j) restart Internet Explorer and check to see if the problem is resolved.
Hope this information helps. If you need additional help or information on Windows, I'll be happy to help you. We, at tender Microsoft to excellence.
-
Integrating Wordpress in need of Muse dynamic height with cross domain content-based
Given that Muse does currently not support articles and Wordpress integration I decided to use an iFrame.
My goal is to have the height of the iframe dynamic change based on the content of my Wordpress blog. I understand that this is a common problem with frames that are hosted on different domains.
I'm running by having more to compensate with a bunch of deadspace to leave enough room. You can also get the horrible scrolling to the search bar.
I tried using cross-site scripting, JQuery, and postMessage but can't find out how to put the right code in Muse and Wordpress for them to communicate in either sense.
Please, any help on this would be greatly appreciated.
Apparently, you try to insert the iframe to another area and because of the "Same origin" security policy, you are not authorized to access the document property of the iframe object. This will not happen if the inserted iframe is on the same domain.
Check it for more on this, http://javascript.info/tutorial/same-origin-security-policy
- Abhishek Maurya
-
fill with links on websites that have nothing to do with this Web site
Words are underlined and provide links to Web sites that have nothing to do with the site I'm. So I get a pop up video advertising that started the same time these links that presented themselves. How can I stop this?
You can have an unwanted extension that injects these ads sites. Try this:
Disable all non-essential or unrecognized extensions on page modules. Either:
- CTRL + SHIFT + a
- "3-bar" menu button (or tools) > Add-ons
In the left column, click Extensions. Then, when in doubt, turn off.
Typically, a link will appear above at least an extension disabled to restart Firefox. You can complete your work on the tab and click one of the links in the last step.
Which empty ads?
Note: If no delete button for an extension, you can usually uninstall via Control Panel, uninstall a program. I suggest clicking on the column heading "installed during the" group by date to see if all the grouped items dragged to your computer during a recent free software install.
Maybe you are looking for
-
How to restore default file after execution of Troublshooting.Reset Firefox for V24.0?
I ran Information.Reset Firefox troubleshooting and it created the file w8vtuqo8.default on my desktop. But I have now no Favorites to my original from many Web sites. How to use this file to restore Firefox to its original state?
-
Social aspect of fitness-shaped Apple Watch?
I need a ranking/social aspect to my physical condition and my Apple Watch. I even plan to return to FitBit to the contest!
-
How to uninstall windows powershell to upgrade to windows Vista Home Basic
Im trying to upgrade to windows vista Basic, but he always tells me first uninstall windows powershell, but add/remove programs says that I don't have something like this installed. get back to me at * address email is removed from the privacy *. Tha
-
You will need to turn on computer OnMy (NAP).
How can I turn on my computer network access Protection and how do I do this?
-
Impossible to get ipad, iphones to print using wireless on Photosmart estation e510
I have a photosmart estation e-510 and I'm trying to get my assortment ipads, iphones to print wireless using this printer. I downloaded the iprint applications, and I have the function working on the printer wireless. Apple products will not recogni