system
1
Virustotal scan for Avast forum I did out of curiosity showed Quttera flagging it as supicious site, so I decided to check it out.
https://quttera.com/detailed_report/forum.avast.com
Decode and that is what you get:
String.prototype.php_strtr=function(sFrom,sTo){return this.replace(new RegExp('['+ sFrom+']','g'),function(sMatch){return sTo.charAt(sFrom.indexOf(sMatch));});}String.prototype.php_strtolower=function(){return typeof(smf_iso_case_folding)!="undefined"&&smf_iso_case_folding==true?this.php_strtr('ABCDEFGHIJKLMNOPQRSTUVWXYZ�����������������������������������','abcdefghijklmnopqrstuvwxyz�����������������������������������'):this.php_strtr('ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz');}
Potentially suspicious obfuscated PHP threat? Do not think so, really!
There is some error in the code however:
forum.avast.com/Themes/default/scripts/
info: [decodingLevel=0] found JavaScript
error: undefined variable scripturl
error: ./pre.js:249: InternalError: too much recursion (that is why Quttera flagged this in the first place, but not specific enough -remark by me, pol).
This makes me assured this is secure, same origin rule applied at A-Grade and just for flagged script as well:
https://sritest.io/#report/259abeb8-1772-4349-ae64-2434aac0cf3e
polonus (volunteer website security analyst and website error-hunter)
Asyn
3
Yep, nothing to worry about.
As Asyn states, probably not a big thing, just a code hick-up issue, as we meet so many everyday.
For that flagged
eval(aOnloadEvents[i]); etc. etc.
you should remember eval is the last resort,
with error pre.js:249: InternalError: too much recursion, causing an endless recursion to occur.
Consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fforum.avast.com%2FThemes%2Fdefault%2Fscripts%2Fscript.js%3Ffin20
polonus
