Jump to content
xisto Community
Sign in to follow this  
drk002

Attack Through Javascript. Javascripts on a webpage is enough to attack.

Recommended Posts

Malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser. It will bypass security measures such as a firewall because it runs through the user's browser.So if you are suspecting any malicious ting while " simply browsing", just close the browser or go to another website. If the symptom stops, be sure that the site was attempting(or successfully done) an attack.

Share this post


Link to post
Share on other sites

But now many browser such Internet Explorer 6 SP2 OR Firefox can we set not to enabled javascripts function.Also the syntax like WScript.CreateObject("Wscript.Shell") to create object that can manipulate system isnt supported by web browser. That syntax is the base part for vbs/js virus to take an action. So there is a little chans that infected by javascript/vbscript.Thing that we must take care is when some site is want to install software/ActiveX. If that site we didnt trust or the site has bad reputation, then dont install the software. It may contain a virus!. <_<

Edited by masterio (see edit history)

Share this post


Link to post
Share on other sites

good advice :D One thing i learnt on work experience was the windows scripting shell and i'd say that all home users should disable it completely, or atleast zip the actually program that runs the scripts.

WScript.CreateObject("Wscript.Shell")


If you disable the scripting engine then scripts such as this cant run even if your browser lets them. The only real reason for wscript to be enabled on any computer is if its part of a large-ish network because wscript can help to manage multiple computers very quickly but for home users its not really needed.

if anyone wants to disable wscript there is a download from symantec that will do it for you

http://forums.xisto.com/no_longer_exists/

It also further explains what ive said and the risks of wscript. :D

Share this post


Link to post
Share on other sites

As time goes , hackers find their own way of getting their spyware and adware into other computers. I never experienced any such attack through my browsers yet. Anywway, thaks for the info ..

Share this post


Link to post
Share on other sites

As time goes , hackers find their own way of getting their spyware and adware into other computers. I never experienced any such attack through my browsers yet.
Anywway, thaks for the info ..


I use IE explorer 7, apparently its safer than Mozilla

Share this post


Link to post
Share on other sites

you know jvscript isn't that powerful as a matter of fact jvscript is very limited the most damage you can do with jvscript is problably just delete or add some files you can't really hijack a pc with jvscript now if you use java or flash action script then you have the power to hijack and totaly hack somones pc

Share this post


Link to post
Share on other sites

I use IE explorer 7, apparently its safer than Mozilla


Just give the hackers some time to find exploitable stuff in it and it'll be the same sh*t as IE6... just a matter of time I guess.

The CreateObject sutff probably won't work, but soon there will be something else to exploit and get your pc some trouble :blink: The good thing is that Mozilla updates FireFox Browser as soon as they find some critical problem in it. Now, for coincidence there is a Firefox update I have to do here, I clicked 'Later' because I'm doing some important stuff here xD

I dunno if IE does it too, this whole update thing, but if if does not, I think it should :wacko:

Share this post


Link to post
Share on other sites

I can't imagine javascript doing much damage to a computer. If you're really paranoid, you can turn off javascript, which won't really affect your browsing experience.

Share this post


Link to post
Share on other sites

if you use firefox noscript is a good security measure, it only lets the javascript you want through, once it's saved you don't have to do it again for that site, so after a week of browsing most sites you can just block or allow the ones you want to and then only do it on rare occasions,did that make any sense?

Share this post


Link to post
Share on other sites

yes java script can be used to run attacking malicious scripts in your browser that can create havoc to your computer.To escape from this use the latest browsers like IE 7 or Opera and even Firefox 2 to warn you of websites that have these malicious scripts in it.

Share this post


Link to post
Share on other sites

you know jvscript isn't that powerful as a matter of fact jvscript is very limited the most damage you can do with jvscript is problably just delete or add some files you can't really hijack a pc with jvscript now if you use java or flash action script then you have the power to hijack and totaly hack somones pc

You think deleting / adding files is not dangerous? Remember that there are a lot of files on your pc which are vitaly needed to keep your computer running well, if you can delete these files a reinstall is probably the only way to go... adding files can be very dangerous too...

Anyway the best thing to do is just not visit these websites which you don't trust, dont click links on MSN which people send to you without asking them what it is (and if you dont trust the guy who send you the link you shouldnt even think about clicking it)

Share this post


Link to post
Share on other sites

javascript is not really dangerous. I think it depends on the browser that you use. IE supports many javascript functions. While it is good to have additional function in javascript, it can be dangerous for the user when hacker finds a way to do malicious thing.Just choose your browser wisely.

Share this post


Link to post
Share on other sites

A firefox addon called "NoScript" can let you choose what sites to block by default, and what sites to allow. I use that and I find that it's really useful, especially when I'm paranoid on a site. Although javascript doesn't do much harm to browsers or computers...

Share this post


Link to post
Share on other sites

But it can hurt you emotionally until throwing up...Have you ever found about the GNAA last measure unified X code? Hope not... So freaking sick...Let's say it's a compilation of all the sick stuff you find on internet (goat**, tub****, tub***) and more sick evil eew stuff...When you watch it you get "eyeraped" (my friend said so), also, the little bonus factor is that when you watch it there is a embedded soundclip that loops really loud of a man screaming "HEY EVERYBODY, I AM WATCHING GAY PORNO" so everyone around you notices this and goes watch what the hell you are doing and they find you ahead that ton of images.SICK images. All popping up on your web browser and lots of tabs and more stuff and the windows move around, making it difficult. All that stuff increases highty your adrenaline. BTW, see how javascript can do magic?I forgot to mention that it opens your e-mail client a lot of times like your web browser windows and it induces you to send an e-mail to the GNAA so you join them...Perfect prank, JS seems to do a lot of stuff. :SAnother fact is that GNAA is: Gay *BLEEP* American Association.This is enough to say that the website is totally unsafe... Watch out for those stupid guys. Please!xD

Share this post


Link to post
Share on other sites

A pure javascript hack can't add or delete files (except for that sites cookie). On the other hand, javascript can be used to steal your username and password. If a cite allows users to post links, and doesn't properly sanitize user input, a hacker (or script kiddie) could insert a "cookie stealer" by using javascript entities.

Also, IE supports VBscript, which is like javascript in the fact it's run client side, yet is more like visual basic in form and function, and thereby more powerfull.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.