PC executable embedded in javascript?

Thread: PC executable embedded in javascript?

Search this list only Search all lists
PC executable embedded in javascript?
	2006-09-08 21:38:40

Hello, Pretty quiet on the IBrowse front these days. Here's something to wake up all your web page gurus: The link, http://www.pianocanada.ca/memberPASSWORDpage.htm has this code with about a 4 kilobyte section of binary data assigned to the variable "page" within the javascript section. This variable's data also includes "%" delimited hex characters embedded within the string (that in itself is suspect in my estimtion). The HTML generator of course is... (drum roll) ...Microsoft Front Page Publisher. Am I correct that this bit of binary code is really a PC executable? Here's the html code (I've broken up the lines for readability), minus the binary variable data for "page" for which I've substituted the phrase '...[long line of code here!!!]'. <html> <head> <title>;Please input password</title>; <script language='JavaScript'> function dopass() {page='...[long line of code here!!!]' ;res=5328;sum=32493;sqrxor=121037; err='Invalid password! Please Try again.' ;pass=inpass.pwd.value;lp=pass.length; if(!lp) {alert(err);return; } for(i=0; i<lp; i++) {d=pass.charCodeAt(i); res=res^(d*d); if(i%2 == 0) sum+=d; else sum+=(d<;<8); } res+=sum; if(res!=sqrxor) {alert(err); return; } s='';page=unescape(page); for(i=0; i<page.length; i++) s+=String.fromCharCode((page.charCodeAt(i))^(pass.charCodeAt(i%lp))); document.write(s); } </script> </head> <body> <center> <form name=inpass action='javaScript:dopass();'> <br>Please Input Password:<br> <input type=password name=pwd> <input type=submit value=' OK '> <;/form> </center> <script>document.inpass.pwd.focus()</script> </body> </html> Regards -- Ernest Unrau Morden, Manitoba CANADA E-mail: saskwatchmts.net __._,_.___ Messages in this topic (1) Reply (via web post) \| Start a new topic . __,_._,___
PC executable embedded in javascript?
	2006-09-08 23:13:08

It does not really look like executable binary code because all of it is either hex numbers or alphanumerics and control characters. Usually looking at a binary in something like a hex reader or Turbotext shows a file that has have a bunch of higher ascii number characters in them. Weird shapes, hearts, etc and a mixture of upper and lowercase characters Everything in this is uppercase, wether it is alpha numberic or hex or control characters. It may be an attempt to represent hex in an ascii type file. for example %00 is ascii 0, %0A is ascii 1, etc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bonnie Dalzell, MA mail:5100 Hydes Rd ---- Hydes MD USA 21082-----EMAIL:bdalzellqis.net freelance anatomist, vertebrate paleontologist, writer, illustrator, dog breeder, computer nerd & iconoclast... Borzoi info at www.borzois.com. Editor Net.Pet Online Animal Magazine - http://www.netpetmagazine.com HOME http://www.qis.net/~borzoi/ BUSINESS http://www.batw.com __._,_.___ Messages in this topic (2) Reply (via web post) \| Start a new topic . __,_._,___
PC executable embedded in javascript?
	2006-09-09 15:16:30

Hi Ernest, On 08-Sep-06 22:38:40, Ernest Unrau wrote: > http://www.pianocanada.ca/memberPASSWORDpage.htm > > has this code with about a 4 kilobyte section of binary data assigned to > the variable "page" within the javascript section. This variable's data > also includes "%" delimited hex characters embedded within the string > (that in itself is suspect in my estimtion). The HTML generator of course > is... (drum roll) ...Microsoft Front Page Publisher. > >; Am I correct that this bit of binary code is really a PC executable? No. It'll just be encoded/encrypted HTML code. Clicking the button will decode the HTML and display it via JavaScript. However, the latter part won't work in IBrowse due to it using document.writeln to write into the document after the original document has already been parsed/displayed. That said, it's somewhat bad practice to use binary characters in webpage content. It's possible that IBrowse may not be able to decrypt the page either, since it will remap certain characters while reading the page in (e.g. escape codes, to prevent MUI escape exploits). -- Oliver Roberts - mailto:oliveribrowse-dev.net - ICQ: 34640231 [ PGP public key available on request ] Team AMIGA __._,_.___ Messages in this topic (4) Reply (via web post) \| Start a new topic . __,_._,___

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )