Searching for this pattern in particular code:
<script>\n<!--\n0\n//-->\n</script>
because of issues raised at this thread:
→ http://forum.avast.com/index.php?topic=115497.msg898405#msg898405
I get a firekeeper alert for searching on
: === Triggered rule ===
alert(url_content:“%3CSCRIPT”; nocase; msg:“ tags GET request cross site scripting attempt”; url_re:“/%3Cscript.*%3E/i”; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
This was found in: particular site with /includes/js/overlib_hideform_mini.js
Procedure: + has been called with a string containing hidden JavaScript code, as mentioned by Quttera’s …
This code could well be benign as these are often code hacks to get a better overall performance.
Nevertheless I like to know what the risky part of it all could be and why Quttera flags it…so I delved a bit deeper into this issue…
Malscript detector comes up with this warning for the search result page:
Warning:Code could be used in a non-interactive shell script attack attempt ...This site URL may contain possible malicious scripts hosted or injected!
Solutions: Close this window, Disable JavaScript
Detected Malware: XSS URL Injection Malware
Here → htxp://jsunpack.jeek.org/?report=1a52d5b7498df2897026dc64ed0fea7e24113f0a
our never sufficiently praised avast! Web Shield detects this code as JS:Ifame-PL[Trj]
By the way Netcraft also blocks:
This page has been blocked by the Netcraft Anti-Phishing Extension for the following reason:Suspected XSS Attack
Visit anyway
polonus