It's not a secret anymore!*
The moose likes HTML, CSS and JavaScript and the fly likes Open ended JavaScripts Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Open ended JavaScripts" Watch "Open ended JavaScripts" New topic
Author

Open ended JavaScripts

Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Hi all,

Recently the dedicated web server for our single web application developed in Struts/JSP, Javascripts and AJAX hosted by X web hosting company, was hacked

Enviornment: Windows Server 2003, 512 RAM, Tomcat 6.0.18

Now when we consult the company's responsible personnel.,they said there might be some open ended JS running which hackers used to upload malicious scripts/appication/exe's into the server. I checked the my JS and found NO code which uploads files or anything, the only use of those JS is to validate some inputs fields, have some effects using mootools/JQuery and call AJAX GET request.

Please help me regarding this JS concept, How should I check for possible bad JS, which makes hole in my web app ?


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
Most hackers will not use a form to inject the data. They will submit forms to the server so if there is no validation on the server than there is the problem. It could be a simple XSS that injects the files. There are also known security holes with unpatched servers and taht could also be a source of it.

Normally if you can get the data that was injected, you can easily do a Google search and find how it is commonly added to the site.

Eric
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Eric Pascarello wrote:There are also known security holes with unpatched servers and taht could also be a source of it.

And this issue supposed to be handled by the Host, but they are not bothered about that.
Eric Pascarello wrote:
Normally if you can get the data that was injected, you can easily do a Google search and find how it is commonly added to the site.

hmm, the "injected data", I just find out some war files running, and next day when we aren't able to connect, we just re imaged the server, lost all the data.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Open ended JavaScripts