Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / December 2007

Tip: Looking for answers? Try searching our database.

Javascript with %%%%%%?

Thread view: 
Enable EMail AlertsStart New Thread
azwarking - 21 Dec 2007 07:49 GMT
Hi,

I had this guy post some spam to my site and now I'm on a mission to
find out who it is.  He's got a site that redirects you elsewhere, in
that site I hit stop on the browser so I could see it.  It contained
this script:

SCRIPT type='text/javascript'>
var ibnfbpy="%3c%73c%72%69pt%20"+""+"%74%79"+"p%65%3d%27%74ex"+"%74%2f
%6a%61%76%61s%63%72%69%70%74%27%3e%0a%77i%6ed%6f%77%2e%6c%6f%63a
%74%69%6fn%2e%68%72ef%3d%22%68t%74%70%"+"3a%2f%2f"+"%78%61%6e%61x
%37%37%37"+"%70%69%6c%6c%73%2e%63o%6d%2f%71%2eph%"+"70%3f%61%66f%3d
%31%26%71%3d%70%"+"68%65%6e%74"+"%65%72m%69ne%22%3b%0a%3c
%2f"+"%73%63%72%69p%74%3e";
document.writeln(unescape(ibnfbpy));
</SCRIPT

Is it just a redirecting script or something else?
Reply to this Message
Owen Jacobson - 21 Dec 2007 08:43 GMT
> Hi,
>
[quoted text clipped - 14 lines]
>
> Is it just a redirecting script or something else?

Wrong group; comp.lang.javascript is -thataway-> and has nothing to do
with Java.  Followup-to set.

Those patterns are URL-escaped byte values representing some text,
followed by a short snippet of code to tell the javascript engine to
print the un-escaped version of the string on the page.  The byte
values are probably ascii text; they're stored as pairs of hex digits,
with one byte per %AB sequence.  Decoding it yourself should be fairly
trivial.

-o
Reply to this Message
Sabine Dinis Blochberger - 21 Dec 2007 09:28 GMT
> Hi,
>
[quoted text clipped - 14 lines]
>
> Is it just a redirecting script or something else?

Please ask in comp.lang.javascript
Signature

Sabine Dinis Blochberger

Op3racional
www.op3racional.eu

Reply to this Message
Daniel Pitts - 21 Dec 2007 18:58 GMT
> Hi,
>
[quoted text clipped - 14 lines]
>
> Is it just a redirecting script or something else?

While others have correctly pointed you to the proper newsgroup, I
happened to find the answer you need :-)

Yes, the encoded the redirect into a obfuscated text.

It redirects to some spam site.

Signature

Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>

Reply to this Message
azwarking - 21 Dec 2007 20:03 GMT
On Dec 21, 11:58 am, Daniel Pitts
<newsgroup.spamfil...@virtualinfinity.net> wrote:
> > Hi,
>
[quoted text clipped - 24 lines]
> --
> Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>

Thanks Daniel!  LOL... big smile...
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.