Boagworld Forum

Boagworld is not just a web design podcast, it is also a thriving online community. Whether you build, design or run websites there are always people here to help. Whatever your question there is sure to be somebody with the answer.

Exploit in jQuery file?

JamieStantonJamieStanton
in Talking tech
We have recently had an incident where seemingly malicious code was injected into the JS files on one of our sites, we suspect via an exploit in jQuery 1.4.2 but are still investigating. Has anyone else encountered this? If so, is it limited to a particular version? What can we do to avoid something like this in future? 

Comments

  • LeesyLeesy
    What makes you think it's JQuery?  JavaScript is sandboxed so it shouldn't have been able to place files on your filesystem.
  • williamvdodsonwilliamvdodson
    Agree with Leesy. Neither JS nor jQuery have write access to your file system (thank God). Just a hunch, but I would look at either your CMS for an exploit or a weak FTP password as the culprit here.
  • alunralunr
    Yep, unlikely to be JS based.  JS is client side.  Look at the entry points server-side.  Forms, .htaccess files etc
  • gothickgothick
    Do you mean the file on the server actually changed? If so, this is astoundingly unlikely to be anything to do with jQuery, or any client-side Javascript of any kind. You'd need to be running a process on the server to alter the file, and client-side Javascript simply can't do that.
  • JamieStantonJamieStanton
    What happened was a line of JS was added to the end of each JS file in our /js folder that appeared to be up to something. 

    We just upgraded the CMS (ExpressionEngine) to the latest version, and the FTP password was garnered from strongpasswordgenerator.com, and was changed when we moved to a dedicated server last month.  

    Perhaps this happened before EE was upgraded? That's a possibility. But even then, you can't access the JS files directly via EE. 



  • gothickgothick
    It's going to be an ExpressionEngine or other server-side vulnerability. Though EE is very good, vulnerabilities are discovered every now and again. Plus, if you're using third-party EE plugins, each of those might have additional problems. (Do you do any image resizing/thumbnailing? The most widespread vulnerability I can think of recently that hit a lot of PHP CMSes came from the Tim Thumb image resizing library, though that's now almost certainly been fixed in the latest versions of things that use it.)

    How old was the version of EE you upgraded from? Might be worth checking the change log details for versions from there onwards to see if known security problems were fixed. And is your core server software (PHP, Apache, etc) up to date, too?

    I'd suggest asking about this on the EE forums -- people more familiar with EE will be able to give you some better places to look. Good luck!
Sign In or Register to comment.