...

View Full Version : found code inject!! what does it do exactly?



low tech
12-19-2011, 07:08 AM
Hi all


I just found this code which isn't mine lurking on one of my pages ---- any idea what it does exactly?




<script type = "text/javascript">
function OneWay(S) {
var pageName, j, x, y = 2e50;
x = '0.'+ parseInt(S.value, 36); // 36 is the radix
with (Math) { for (j=0; j<10; j++) x = tan(1+x+x*y%1)%1 }
pageName = ((x+1)/2).toString(36).substring(2);
pageName = pageName + '.html';
alert (pageName); // for testing - pageName = "xvmrv5eoae0b.html" when password is "x"
window.location.href = pageName;
}
</script>

LT

Old Pedant
12-19-2011, 08:31 AM
It does what it says it does.

It converts the input string (S) to an HTML page reference.

I don't quite see how it can be too dangerous.

Because it is converting using base 36, that means that all the characters in the result (other than the ".html" that is added separately) must be either digits or letters. Which means that the resultant page name *will* be in the same base URL. That is, it will have to be some place on your site.

If you want to see it "working", just dump out all the intermediate values.


<script type = "text/javascript">
function OneWay(S) {
document.write("OneWay(" + S + ") called<hr/>");
var pageName, j, x, y = 2e50;
x = '0.'+ parseInt(S, 36); // 36 is the radix
document.write("Initial value of x is " + x + "<br/>");
with (Math)
{
for (j=0; j<10; j++)
{
x = tan(1+x+x*y%1)%1;
document.write("Iteration " + j + ", x has value " + x + "<br/>");
}
}
var temp = (x+1)/2;
document.write("(x+1)/2 is " + temp + "<br/>");
temp = temp.toString(36);
document.write("In base 36 notation, that becomes " + temp + "<br/>");
pageName = temp.substring(2);
pageName = pageName + '.html';
document.write("Final pagename is " + pageName + "<hr/>");
}
OneWay("x");
OneWay("abcdef");
</script>

(I changed parseInt(S.value,36) to just parseInt(S,36). Apparently, the code was designed to get the "password" from an <input> field.)

So maybe the "OneWay()" part means that the code is designed to take users with different passwords to different pages, and nobody is supposed to be able to predict what the web page names will be based on the passwords. In other words, a kind of browser-side safe way of using passwords to access otherwise protected pages. It's really not a bad idea. Not as good as having server-side passwords, but...

_Aerospace_Eng_
12-19-2011, 08:32 AM
This should answer what that is although it is weird that it is appearing in your pages.

http://www.codingforums.com/showpost.php?p=929894&postcount=5

Philip M
12-19-2011, 08:37 AM
The code simply generates an obfuscated URL from the given password. You can test it yourself (it is not malign) with OneWay("abc") or whatever in which case the URL is rdy3nannl68t.html

This is virtually impossible to decrypt, and thus offers very good protection for a web page to admit only authorised users.

But how has this code come to be lurking in one of your pages? Without a password being passed to the function it does not do anything.




Quizmaster: He was called King James I in Engalnd. What was he called in Scotland?
Contestant: George.

Old Pedant
12-19-2011, 08:54 AM
Ahhh...did you invent that Philip? It's actually pretty clever. Probably more clever than is needed, even. It's about the best thing I've seen for non-server side password access.

low tech
12-19-2011, 09:12 AM
Hi all

Thanks for the replies

well I have no idea what's it's doing on my pages but so far I have found it on three pages --- the only thing these pages have in common is that they link to the index page but they don't do anything special. For example one page is a student feedback page where I put student's feedback of their ecperience and the pahe doesn't do more than that --- no menus no links nothing other than pics and studets words.

The other two pages are simlar in essence ie a call us page so why its on these pages I have no idea and how it got on them I also have no idea.

I don't understand how it is of use the person who put it there??

LT

Philip M
12-19-2011, 09:14 AM
You need to beef up the security of your webpages! I am guessing that someone has found out your password. :eek: Perhaps they have placed this (in the context useless, but hard-to-understand) code to frighten you! Student prank?

low tech
12-19-2011, 09:35 AM
Hi

The fact that the code is on codingforums makes me feel like its actually my fault ----

after reading teh forum, I could have copied the code to mess around with and somehow inadvertantly pasted it into a real page, forgot to delete it, and the page has been copied to make other pages and it's gone unoticed ever since (the last time these pages were looked at was months ago).


Anyway, I'm happy, but i'll be changing password just in case.

Thanks

LT

Philip M
12-19-2011, 09:36 AM
That sounds like the most probable explanation! ;) Operator error.

low tech
12-19-2011, 09:43 AM
Hi


;)Operator error.

Hahahahha Yep, I'll buy that:o

LT



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum