Hi all,
Recently the dedicated web server for our single web application developed in Struts/JSP, Javascripts and AJAX hosted by X web hosting company, was
hacked
Enviornment: Windows Server 2003, 512 RAM,
Tomcat 6.0.18
Now when we consult the company's responsible personnel.,they said there might be some open ended JS running which hackers used to upload malicious scripts/appication/exe's into the server. I checked the my JS and found NO code which uploads files or anything, the only use of those JS is to validate some inputs fields, have some effects using mootools/JQuery and call AJAX GET request.
Please help me regarding this JS concept, How should I check for possible bad JS, which makes hole in my web app ?