Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JavaScript injection


  • Please log in to reply
1 reply to this topic

#1 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:21 PM

Posted 19 October 2016 - 07:17 PM

Check this one out, i read an article on how this was done the other day (How they are trying to use domain names that appear to be genuine) and low and behold we got an email.

Check the java script as well and see how they use that to inject. If i find the article i will post here.

http://urlquery.net/report.php?id=1476922199803

What i found interesting was this

if (window.location.hostname.split('.').pop().search(/edu|gov|mil/) < 0) {

Edited by JohnnyJammer, 19 October 2016 - 07:20 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,889 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 21 October 2016 - 06:47 AM

This type of vector has been around for a while.


 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users