广告软件 javascripts 被注入到 aspx 页面
Adware javascripts gets injected into aspx page
我不确定这里的问题类型是否正确。但我不知道为什么会这样。
我有一个用 C# asp.net 制作的简单站点。但是我在我的页面中注入了一些不需要的 javascripts。最初我希望我的系统中有一些 malware/browser 附加组件,并使用 Avast、Adwcleaner 进行扫描。但是 javascript 被注入,而不管它被访问的系统或浏览器。
此代码不会注入 ASP 站点中添加的纯 html 页面。它只出现在 ASPX 页中。 javascript 注入指向一些 cdncache.com、cdncash.com 之类的广告软件站点。
使用的一些 javascript 库是 zabuto_calendar、bootstrap、jquery,但 javascript 也被注入到其他 aspx 页面中。
我不知道去哪里寻找问题。我将源代码模式化到一个新系统并在那里构建,但代码仍然被注入。我还托管了该网站,并在移动设备中使用 chrome 开发工具检查了 android phone,并且在移动浏览器中也注入了代码。
请帮助我。我不擅长 asp.net 和整个 .net 环境,我来自 PHP 背景。
我在截图中附上了页面的源代码
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="AppointmentListaspx.aspx.cs" Inherits="Online_Appointment_System_RGK_19_07_16.AppointmentListaspx" %>
<!DOCTYPE html>
<html lang="en">
<head runat="server">
<title>Appointments</title>
<link href="bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap-theme.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap-theme.min.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/fonts/glyphicons-halflings-regular.ttf" rel="stylesheet" type="text/css"/>
<link href="css/zabuto_calendar.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript">
var eventData = [];
function GetInputs() {
$.ajax({
type: "POST",
url: 'AppointmentListaspx.aspx/getddddd',
data: "",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (msg) {
var getdates = [];
getdates = msg.d;
var getdays1 = [];
getdays1 = getdates.fdate;
var gg = [];
gg = getdays1;
for (var i = 0; i < getdays1.length; i++) {
var tempar = {};
tempar.date = getdays1[i];
tempar.badge = false;
eventData.push(tempar);
}
sucemsg(eventData);
},
error: function (e) {
var v = e.responseText;
var s = v;
}
});
}
</script>
</head>
<body style="margin:0px;background-color:#5E5E75;">
<form id="form1" runat="server">
<div class="row">
<div class="col-md-3"> </div>
<div class="col-md-6" style="margin-top:120px;padding:30px;background-color:#0B1633;">
<div class="col-xs-12">
<div id="date-popover" class="popover top"
style="cursor: pointer; display: block; margin-left: 33%; margin-top: -50px; width:175px;">
<div class="arrow"></div>
<h3 class="popover-title" style="display: none;"></h3>
<div id="date-popover-content" class="popover-content"></div>
</div>
<div id="my-calendar"></div>
</div>
</div>
<div class="col-md-3"> </div>
</div>
</form>
<script type="text/javascript" src="bootstrapd/js/jquery.min.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/zabuto_calendar.js"></script>
<script type="text/javascript" src="js/moment.js"></script>
<script type="text/javascript" src="bootstrap/js/npm.js"></script>
<script type="application/javascript">
$(document).ready(function () {
GetInputs();
});
function sucemsg(x) {
$("#date-popover").popover({ html: true, trigger: "manual" });
$("#date-popover").hide();
$("#date-popover").click(function (e) {
$(this).hide();
});
$("#my-calendar").zabuto_calendar({
data:x,
action: function () {
return myDateFunction(this.id, false,x);
},
action_nav: function () {
return myNavFunction(this.id);
},
ajax: {
url: "show_data.php?action=1",
modal: true
},
});
}
function myDateFunction(id, fromModal,y) {
$("#date-popover").hide();
if (fromModal) {
$("#" + id + "_modal").modal("hide");
}
var date = $("#" + id).data("date");
for(var i=0;i<y.length;i++)
{
if(y[i].date==date)
{
window.location.href="DuplicateViewPatientAppointmentList.aspx?Date="+date;
}
}
var hasEvent = $("#" + id).data("hasEvent");
if (hasEvent && !fromModal) {
return false;
}
return true;
}
function myNavFunction(id) {
$("#date-popover").hide();
var nav = $("#" + id).data("navigation");
var to = $("#" + id).data("to");
console.log('nav ' + nav + ' to: ' + to.month + '/' + to.year);
}
</script>
</body>
</html>
及其对应的.cs文件
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Collections;
using System.Web.Services;
namespace Online_Appointment_System_RGK_19_07_16
{
public partial class AppointmentListaspx : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
ArrayList li1 = new ArrayList();
[WebMethod]
public static Dictionary<DateTime, ArrayList> getDetails()
{
Dictionary<DateTime, ArrayList> hf = new Dictionary<DateTime, ArrayList>();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(5).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
if (s != 0)
{
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select Session.Id from Session INNER JOIN SessionDays on Session.Id=SessionDays.SId where SessionDays.dayofweek='"+s+"' ", con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
SessionId = Convert.ToInt32(dr[0].ToString());
lii.Add(SessionId);
}
}
}
}
}
hf.Add(i, lii);
}
return hf;
}
private void Search()
{
Dictionary<DateTime, ArrayList> hf = new Dictionary<DateTime, ArrayList>();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(5).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
int c;
if (s != 0)
{
c = CheckBlockDate(i.ToString("yyyy/MM/dd"));
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select Session.Id from Session INNER JOIN SessionDays on Session.Id=SessionDays.SId where SessionDays.dayofweek='"+s+"' ", con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
SessionId = Convert.ToInt32(dr[0].ToString());
lii.Add(SessionId);
}
}
}
}
}
hf.Add(i, lii);
}
}
[WebMethod]
public static Dictionary<string, ArrayList> getddddd()
{
Dictionary<string, ArrayList> hf = new Dictionary<string, ArrayList>();
ArrayList li = new ArrayList();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(6).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
int c;
if (s != 0)
{
c = CheckBlockDate(i.ToString("yyyy-MM-dd"));
if (c == 0)
{
li.Add(i.ToString("yyyy-MM-dd"));
}
}
}
hf.Add("fdate", li);
return hf;
}
public static int CheckBlockDate(string Date)
{
int s = 0;
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select * from BlockDay where Date='"+Date+"' and Status='0'",con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
if (dr.Read())
{
s = 1;
}
else
{
s = 0;
}
}
}
}
return s;
}
}
}
回答我自己的问题。
正如@Keith 和@AlexeiFimine 在评论中所建议的那样。原来我的本地 jquery 感染了恶意软件 javascript。用 CDN link 替换该文件后,我的问题得到解决。
我不确定这里的问题类型是否正确。但我不知道为什么会这样。
我有一个用 C# asp.net 制作的简单站点。但是我在我的页面中注入了一些不需要的 javascripts。最初我希望我的系统中有一些 malware/browser 附加组件,并使用 Avast、Adwcleaner 进行扫描。但是 javascript 被注入,而不管它被访问的系统或浏览器。
此代码不会注入 ASP 站点中添加的纯 html 页面。它只出现在 ASPX 页中。 javascript 注入指向一些 cdncache.com、cdncash.com 之类的广告软件站点。
使用的一些 javascript 库是 zabuto_calendar、bootstrap、jquery,但 javascript 也被注入到其他 aspx 页面中。
我不知道去哪里寻找问题。我将源代码模式化到一个新系统并在那里构建,但代码仍然被注入。我还托管了该网站,并在移动设备中使用 chrome 开发工具检查了 android phone,并且在移动浏览器中也注入了代码。
请帮助我。我不擅长 asp.net 和整个 .net 环境,我来自 PHP 背景。
我在截图中附上了页面的源代码
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="AppointmentListaspx.aspx.cs" Inherits="Online_Appointment_System_RGK_19_07_16.AppointmentListaspx" %>
<!DOCTYPE html>
<html lang="en">
<head runat="server">
<title>Appointments</title>
<link href="bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap-theme.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap-theme.min.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/fonts/glyphicons-halflings-regular.ttf" rel="stylesheet" type="text/css"/>
<link href="css/zabuto_calendar.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript">
var eventData = [];
function GetInputs() {
$.ajax({
type: "POST",
url: 'AppointmentListaspx.aspx/getddddd',
data: "",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (msg) {
var getdates = [];
getdates = msg.d;
var getdays1 = [];
getdays1 = getdates.fdate;
var gg = [];
gg = getdays1;
for (var i = 0; i < getdays1.length; i++) {
var tempar = {};
tempar.date = getdays1[i];
tempar.badge = false;
eventData.push(tempar);
}
sucemsg(eventData);
},
error: function (e) {
var v = e.responseText;
var s = v;
}
});
}
</script>
</head>
<body style="margin:0px;background-color:#5E5E75;">
<form id="form1" runat="server">
<div class="row">
<div class="col-md-3"> </div>
<div class="col-md-6" style="margin-top:120px;padding:30px;background-color:#0B1633;">
<div class="col-xs-12">
<div id="date-popover" class="popover top"
style="cursor: pointer; display: block; margin-left: 33%; margin-top: -50px; width:175px;">
<div class="arrow"></div>
<h3 class="popover-title" style="display: none;"></h3>
<div id="date-popover-content" class="popover-content"></div>
</div>
<div id="my-calendar"></div>
</div>
</div>
<div class="col-md-3"> </div>
</div>
</form>
<script type="text/javascript" src="bootstrapd/js/jquery.min.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/zabuto_calendar.js"></script>
<script type="text/javascript" src="js/moment.js"></script>
<script type="text/javascript" src="bootstrap/js/npm.js"></script>
<script type="application/javascript">
$(document).ready(function () {
GetInputs();
});
function sucemsg(x) {
$("#date-popover").popover({ html: true, trigger: "manual" });
$("#date-popover").hide();
$("#date-popover").click(function (e) {
$(this).hide();
});
$("#my-calendar").zabuto_calendar({
data:x,
action: function () {
return myDateFunction(this.id, false,x);
},
action_nav: function () {
return myNavFunction(this.id);
},
ajax: {
url: "show_data.php?action=1",
modal: true
},
});
}
function myDateFunction(id, fromModal,y) {
$("#date-popover").hide();
if (fromModal) {
$("#" + id + "_modal").modal("hide");
}
var date = $("#" + id).data("date");
for(var i=0;i<y.length;i++)
{
if(y[i].date==date)
{
window.location.href="DuplicateViewPatientAppointmentList.aspx?Date="+date;
}
}
var hasEvent = $("#" + id).data("hasEvent");
if (hasEvent && !fromModal) {
return false;
}
return true;
}
function myNavFunction(id) {
$("#date-popover").hide();
var nav = $("#" + id).data("navigation");
var to = $("#" + id).data("to");
console.log('nav ' + nav + ' to: ' + to.month + '/' + to.year);
}
</script>
</body>
</html>
及其对应的.cs文件
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Collections;
using System.Web.Services;
namespace Online_Appointment_System_RGK_19_07_16
{
public partial class AppointmentListaspx : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
ArrayList li1 = new ArrayList();
[WebMethod]
public static Dictionary<DateTime, ArrayList> getDetails()
{
Dictionary<DateTime, ArrayList> hf = new Dictionary<DateTime, ArrayList>();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(5).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
if (s != 0)
{
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select Session.Id from Session INNER JOIN SessionDays on Session.Id=SessionDays.SId where SessionDays.dayofweek='"+s+"' ", con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
SessionId = Convert.ToInt32(dr[0].ToString());
lii.Add(SessionId);
}
}
}
}
}
hf.Add(i, lii);
}
return hf;
}
private void Search()
{
Dictionary<DateTime, ArrayList> hf = new Dictionary<DateTime, ArrayList>();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(5).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
int c;
if (s != 0)
{
c = CheckBlockDate(i.ToString("yyyy/MM/dd"));
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select Session.Id from Session INNER JOIN SessionDays on Session.Id=SessionDays.SId where SessionDays.dayofweek='"+s+"' ", con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
SessionId = Convert.ToInt32(dr[0].ToString());
lii.Add(SessionId);
}
}
}
}
}
hf.Add(i, lii);
}
}
[WebMethod]
public static Dictionary<string, ArrayList> getddddd()
{
Dictionary<string, ArrayList> hf = new Dictionary<string, ArrayList>();
ArrayList li = new ArrayList();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(6).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
int c;
if (s != 0)
{
c = CheckBlockDate(i.ToString("yyyy-MM-dd"));
if (c == 0)
{
li.Add(i.ToString("yyyy-MM-dd"));
}
}
}
hf.Add("fdate", li);
return hf;
}
public static int CheckBlockDate(string Date)
{
int s = 0;
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select * from BlockDay where Date='"+Date+"' and Status='0'",con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
if (dr.Read())
{
s = 1;
}
else
{
s = 0;
}
}
}
}
return s;
}
}
}
回答我自己的问题。 正如@Keith 和@AlexeiFimine 在评论中所建议的那样。原来我的本地 jquery 感染了恶意软件 javascript。用 CDN link 替换该文件后,我的问题得到解决。