Site runs script

Bug reports and enhancement requests
Post Reply
ZeeG
Posts: 1
Joined: Fri Jun 05, 2009 2:23 am

Site runs script

Post by ZeeG »

Hi, I've come accross a site which runs the following script which turns out is an attack script of some sort. The problem is that this is apparently Javascript which has run despite NoScript being enabled against the page. Running 1.9.3.3.

It's probably better if I don't link the site, but here's the page source:

Code: Select all

<html>
<head>
<title>Relocate</title>
<script language="javascript">
	var url = window.location.href;
	if (url.charAt(url.length - 1) != "/")
		url = url + "/";
	var s = url.indexOf("//") + 2;
	var e = url.indexOf("@");
	if (e > 0) {
		var atpart = url.substring(s, e);
		var newurl = url.substring(0, s) + url.substring(e + 1 , url.length);
		window.location = newurl + "~" + atpart + "/";
	} else {
		window.location= "/index.html";
	}
</script>
<meta http-equiv="refresh" content="4" url="/index.html">
</head>
<body>
<noscript>
Sorry, your browser does not support Java Script.
</noscript>
</body>
</html>
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
Top
Nan M
Ambassador
Posts: 102
Joined: Thu Mar 19, 2009 12:44 pm

Re: Site runs script

Post by Nan M »

It's better to have full context for this kind of question.
You may safely indicate a site by disarming the protocol, for example:

httz://noscript.net
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Top
User avatar
Giorgio Maone
Site Admin
Posts: 9524
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:
Contact Giorgio Maone

Re: Site runs script

Post by Giorgio Maone »

  1. The source code you quoted is pretty innocuous (there's no "attack" whatsoever). It just checks if there's an user name specificied in the URL (like http://someuser@somesite.com) and, if it's found, redirects to http://somesite.com/~someuser/, which is the standard URL for "someuser's home" since the Web was still an Unix-only thing. If the URL contains no username, it redirects to index.html.
  2. After that script, there's a <META> refresh element which automatically redirects to index.html if scripts aren't running. What you're observing as a "running script" it's probably just the behavior of this <META> refresh. No script can run if the site is not whitelisted by NoScript. Period.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
Top
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3370
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:
Contact GµårÐïåñ

Re: Site runs script

Post by GµårÐïåñ »

Agreed, this code is harmless and many shared hosting plans also recommend/use a case based redirect for ASP sites because some server refreshes are not valid for shared hosting. Anyway, its harmless and regardless of harmful or harmless, if its a script and the site is not whitelisted, it WILL NOT run with NS enabled, unless you have enabled domain by default checked in the settings.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
Top
Post Reply

Return to “NoScript Development”