[ale] Noscript found a couple of scripts I didn't write.
Michael H. Warfield
mhw at WittsEnd.com
Wed Apr 15 14:07:23 EDT 2009
On Wed, 2009-04-15 at 13:36 -0400, Jim Lynch wrote:
> Sean McNealy wrote:
> > The HTML code to load the javascript could have been placed inside
> > your database. Then your PHP code would attach it to your page,
> > displaying as what you thought was content.
> >
> > View source from the browser and see if you can grep through that to
> > see where it's loading from.
> Since I wrote the javascript and the php, rest assured that there is no
> html code in the database. Even if it were there, my php doesn't yank
> html from the db. It's membership data in the db and I just extract
> things like names, addresses, membership status, etc. Then I plop the
> data into tables for display and update.
Possible SQL injection? Have you audited you database to make sure its
integrity is intact? If that database can be updated by your php
scripts, that means it's writable and an SQL injection could commit all
sorts of heneous acts. SQL injection is real popular and all the rage
with the miscreats lately.
Mike
> I keep all the source in a subversion repository. svn status doesn't
> show any changes since the 9th. svn log doesn't show any changes since
> then either, so I don't think anyone has screwed with my programs. I
> didn't put the Dojo source into svn so I suppose someone could have put
> something in there.
>
> Looking at the source doesn't get it. Most of what is displayed is
> generated by js/php and is dynamic so all you see looking at the source
> is a skeleton. The meat is dynamic, hence the AJAX usage.
>
> Thanks,
> Jim.
> >
> > (note: I didn't click those links since I can't risk my work machine.
> > I've no idea what's on those sites.)
> >
> > -Sean
> >
> > On Wed, Apr 15, 2009 at 1:00 PM, Jim Lynch
> > <ale_nospam at fayettedigital.com <mailto:ale_nospam at fayettedigital.com>>
> > wrote:
> >
> > I have developed an ajax app using Dojo and php to support a club I
> > belong to. It's been up and running for a short while but when I went
> > to it today, the FF plugin noscript asked if I wanted to permit
> > imiclk.com <http://imiclk.com> and abmr.com <http://abmr.com> to
> > run scripts on that page.
> >
> > Where the dickens did those scripts come from and how'd they get
> > linked
> > in my page?
> >
> > I did a search of my code and I find no references to them. By what
> > magic did they get involved in my site?
> >
> > Any suggestions as to where I should look or what's going on?
> >
> > Thanks,
> > Jim.
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org <mailto:Ale at ale.org>
> > http://mail.ale.org/mailman/listinfo/ale
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20090415/0ca9be94/attachment.bin
More information about the Ale
mailing list