广告软件javascripts被注入aspx页面

时间:2016-11-18 12:49:16

标签: javascript c# asp.net code-injection malware

我不确定这里是否是正确的问题。但我不知道为什么会这样。 我有一个用C#asp.net制作的简单网站。但是我在页面中注入了一些不需要的javascripts。最初我期望在我的系统中使用一些恶意软件/浏览器插件,并使用Avast,Adwcleaner进行扫描。但无论从哪个系统或浏览器访问它,都会注入javascript。 screenshot_from_safari

此代码不会注入ASP站点中添加的纯html页面。它只在ASPX页面中找到。 javascript注入了一些cdncache.com,cdncash.com就像广告软件网站一样。

使用的一些javascript库是zabuto_calendar,bootstrap,jquery,但javascript也会在其他aspx页面中注入。

我不知道在哪里寻找这个问题。我将源代码模式化为一个新系统并在那里构建,但仍然会注入代码。我还托管了该网站并在移动设备上检查了使用chrome dev工具的Android手机,并且在移动浏览器中也注入了代码。

请帮帮我。我不擅长asp.net和整个.net环境,我来自PHP背景。

我已在屏幕截图中附加了该页面的源代码

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="AppointmentListaspx.aspx.cs" Inherits="Online_Appointment_System_RGK_19_07_16.AppointmentListaspx" %>

<!DOCTYPE html>
<html lang="en">
<head runat="server">
<title>Appointments</title>

 <link href="bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css"/>
  <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
   <link href="bootstrap/css/bootstrap-theme.css" rel="stylesheet" type="text/css"/>
    <link href="bootstrap/css/bootstrap-theme.min.css" rel="stylesheet" type="text/css"/>
     <link href="bootstrap/fonts/glyphicons-halflings-regular.ttf" rel="stylesheet" type="text/css"/>

       <link href="css/zabuto_calendar.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript">

var eventData = [];

function GetInputs() {
    $.ajax({
        type: "POST",
        url: 'AppointmentListaspx.aspx/getddddd',
        data: "",
        contentType: "application/json; charset=utf-8",
        dataType: "json",
        success: function (msg) {
            var getdates = [];
            getdates = msg.d;
            var getdays1 = [];
            getdays1 = getdates.fdate;
            var gg = [];
            gg = getdays1;
            for (var i = 0; i < getdays1.length; i++) {
                var tempar = {};
                tempar.date = getdays1[i];
                tempar.badge = false;
                eventData.push(tempar);
            }
            sucemsg(eventData);

        },
        error: function (e) {
            var v = e.responseText;
            var s = v;

        }
    });
}


</script>

</head>
<body style="margin:0px;background-color:#5E5E75;">
<form id="form1" runat="server">

<div class="row">

    <div class="col-md-3">&nbsp;</div>

     <div class="col-md-6" style="margin-top:120px;padding:30px;background-color:#0B1633;">

         <div class="col-xs-12">

        <div id="date-popover" class="popover top"
             style="cursor: pointer; display: block; margin-left: 33%; margin-top: -50px; width:175px;">
            <div class="arrow"></div>
            <h3 class="popover-title" style="display: none;"></h3>

            <div id="date-popover-content" class="popover-content"></div>
        </div>

        <div id="my-calendar"></div>


    </div>


   </div>

     <div class="col-md-3">&nbsp;</div>
</div>
</form>

 <script type="text/javascript" src="bootstrapd/js/jquery.min.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.min.js"></script>

 <script type="text/javascript" src="js/zabuto_calendar.js"></script>

  <script type="text/javascript" src="js/moment.js"></script>

  <script type="text/javascript" src="bootstrap/js/npm.js"></script>

   <script type="application/javascript">

       $(document).ready(function () {

            GetInputs();



       });

        function sucemsg(x) {

         $("#date-popover").popover({ html: true, trigger: "manual" });
           $("#date-popover").hide();
           $("#date-popover").click(function (e) {
               $(this).hide();
           });

           $("#my-calendar").zabuto_calendar({


             data:x,
               action: function () {
                   return myDateFunction(this.id, false,x);
               },
               action_nav: function () {
                   return myNavFunction(this.id);
               },
               ajax: {
                   url: "show_data.php?action=1",
                   modal: true
               },

           });
       }

       function myDateFunction(id, fromModal,y) {
           $("#date-popover").hide();
           if (fromModal) {
               $("#" + id + "_modal").modal("hide");
           }
           var date = $("#" + id).data("date");

           for(var i=0;i<y.length;i++)
           {
               if(y[i].date==date)
               {



 window.location.href="DuplicateViewPatientAppointmentList.aspx?Date="+date;

               }
           }

           var hasEvent = $("#" + id).data("hasEvent");
           if (hasEvent && !fromModal) {
               return false;
           }

           return true;
       }

       function myNavFunction(id) {
           $("#date-popover").hide();
           var nav = $("#" + id).data("navigation");
           var to = $("#" + id).data("to");
           console.log('nav ' + nav + ' to: ' + to.month + '/' + to.year);
       }


        </script>


</body>
</html>

及其相应的.cs文件

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Collections;
using System.Web.Services;

namespace Online_Appointment_System_RGK_19_07_16
{
public partial class AppointmentListaspx : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {


    }
    ArrayList li1 = new ArrayList();


    [WebMethod]
    public static Dictionary<DateTime, ArrayList> getDetails()
    {
        Dictionary<DateTime, ArrayList> hf = new Dictionary<DateTime,   ArrayList>();

        int SessionId = 0;

        int Dayofweek = 0;

        DateTime fromDate=DateTime.Now.Date;
        DateTime endate=DateTime.Now.Date.AddDays(5).Date;



        for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
        {
            int s = (int)i.DayOfWeek;

            ArrayList lii = new ArrayList();



            if (s != 0)
            {

                using (SqlConnection con = new  SqlConnection(DBCON.getone()))
                {
                    con.Open();
                    using (SqlCommand cmd = new SqlCommand("Select Session.Id from Session INNER JOIN SessionDays on Session.Id=SessionDays.SId where SessionDays.dayofweek='"+s+"' ", con))
                    {
                        using (SqlDataReader dr = cmd.ExecuteReader())
                        {
                            while (dr.Read())
                            {

                                SessionId = Convert.ToInt32(dr[0].ToString());



                                lii.Add(SessionId);


                            }
                        }
                    }
                }
            }

            hf.Add(i, lii);
        }
        return hf;
    }


    private void Search()
    {


        Dictionary<DateTime, ArrayList> hf = new Dictionary<DateTime, ArrayList>();

        int SessionId = 0;

        int Dayofweek = 0;

        DateTime fromDate=DateTime.Now.Date;
        DateTime endate=DateTime.Now.Date.AddDays(5).Date;



        for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
        {
            int s = (int)i.DayOfWeek;

            ArrayList lii = new ArrayList();

            int c;
            if (s != 0)
            {

                c = CheckBlockDate(i.ToString("yyyy/MM/dd"));
                using (SqlConnection con = new SqlConnection(DBCON.getone()))
                {
                    con.Open();
                    using (SqlCommand cmd = new SqlCommand("Select Session.Id from Session INNER JOIN SessionDays on Session.Id=SessionDays.SId where SessionDays.dayofweek='"+s+"' ", con))
                    {
                        using (SqlDataReader dr = cmd.ExecuteReader())
                        {
                            while (dr.Read())
                            {

                                SessionId = Convert.ToInt32(dr[0].ToString());



                                lii.Add(SessionId);


                            }
                        }
                    }
                }
            }

            hf.Add(i, lii);
        }
    }

    [WebMethod]
    public static Dictionary<string, ArrayList> getddddd()
    {

        Dictionary<string, ArrayList> hf = new Dictionary<string, ArrayList>();
        ArrayList li = new ArrayList();
        int SessionId = 0;

        int Dayofweek = 0;

        DateTime fromDate=DateTime.Now.Date;
        DateTime endate=DateTime.Now.Date.AddDays(6).Date;

        for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
        {
            int s = (int)i.DayOfWeek;

            ArrayList lii = new ArrayList();

            int c;

            if (s != 0)
            {

                c = CheckBlockDate(i.ToString("yyyy-MM-dd"));

                if (c == 0)
                {

                    li.Add(i.ToString("yyyy-MM-dd"));
                }
            }   
        }
        hf.Add("fdate", li);
        return hf;
    }


    public static int CheckBlockDate(string Date)
    {
        int s = 0;

        using (SqlConnection con = new SqlConnection(DBCON.getone()))
        {
            con.Open();
            using (SqlCommand cmd = new SqlCommand("Select * from BlockDay where Date='"+Date+"' and Status='0'",con))
            {
                using (SqlDataReader dr = cmd.ExecuteReader())
                {
                    if (dr.Read())
                    {
                        s = 1;
                    }
                    else
                    {
                        s = 0;
                    }
                }
            }
        }
        return s;
    }
}
}

1 个答案:

答案 0 :(得分:0)

回答我自己的问题。 正如@Keith和@AlexeiFimine在评论中所建议的那样。事实证明我的本地jquery感染了恶意javascript。用CDN链接替换该文件后,我的问题得到了解决。

相关问题
最新问题