• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Open ended JavaScripts

 
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

Recently the dedicated web server for our single web application developed in Struts/JSP, Javascripts and AJAX hosted by X web hosting company, was hacked

Enviornment: Windows Server 2003, 512 RAM, Tomcat 6.0.18

Now when we consult the company's responsible personnel.,they said there might be some open ended JS running which hackers used to upload malicious scripts/appication/exe's into the server. I checked the my JS and found NO code which uploads files or anything, the only use of those JS is to validate some inputs fields, have some effects using mootools/JQuery and call AJAX GET request.

Please help me regarding this JS concept, How should I check for possible bad JS, which makes hole in my web app ?

 
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Most hackers will not use a form to inject the data. They will submit forms to the server so if there is no validation on the server than there is the problem. It could be a simple XSS that injects the files. There are also known security holes with unpatched servers and taht could also be a source of it.

Normally if you can get the data that was injected, you can easily do a Google search and find how it is commonly added to the site.

Eric
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Eric Pascarello wrote:There are also known security holes with unpatched servers and taht could also be a source of it.


And this issue supposed to be handled by the Host, but they are not bothered about that.

Eric Pascarello wrote:
Normally if you can get the data that was injected, you can easily do a Google search and find how it is commonly added to the site.


hmm, the "injected data", I just find out some war files running, and next day when we aren't able to connect, we just re imaged the server, lost all the data.
reply
    Bookmark Topic Watch Topic
  • New Topic