Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Open ended JavaScripts

 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

Recently the dedicated web server for our single web application developed in Struts/JSP, Javascripts and AJAX hosted by X web hosting company, was hacked

Enviornment: Windows Server 2003, 512 RAM, Tomcat 6.0.18

Now when we consult the company's responsible personnel.,they said there might be some open ended JS running which hackers used to upload malicious scripts/appication/exe's into the server. I checked the my JS and found NO code which uploads files or anything, the only use of those JS is to validate some inputs fields, have some effects using mootools/JQuery and call AJAX GET request.

Please help me regarding this JS concept, How should I check for possible bad JS, which makes hole in my web app ?

 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Most hackers will not use a form to inject the data. They will submit forms to the server so if there is no validation on the server than there is the problem. It could be a simple XSS that injects the files. There are also known security holes with unpatched servers and taht could also be a source of it.

Normally if you can get the data that was injected, you can easily do a Google search and find how it is commonly added to the site.

Eric
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Eric Pascarello wrote:There are also known security holes with unpatched servers and taht could also be a source of it.

And this issue supposed to be handled by the Host, but they are not bothered about that.
Eric Pascarello wrote:
Normally if you can get the data that was injected, you can easily do a Google search and find how it is commonly added to the site.

hmm, the "injected data", I just find out some war files running, and next day when we aren't able to connect, we just re imaged the server, lost all the data.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic