On Mon, Jan 26, 2009 at 3:51 PM, Glen Johnson <[email protected]> wrote:
> I'm gonna show my lack of web knowledge here.
> I believe you are referring to the code in the index.html file, correct?
Yah, most web pages just have HTML. The home page[1] has a bunch of
encoded values, which the JavaScript at the end[2] transforms into
something else. It then replaces the main document body with that
something else. There's no good reason to do this. It's not useful
to protect the page source, since the browser can only render HTML,
thus the decode routine is right there. It's obfuscation at best.
[1] More specifically, the top-level page which contains the frameset
for the home "page"
[2] for(var i=0;i<source.length;i++) result+= ...
Only the home page does it. None of the other pages do. That
makes me suspect it's something the web designer didn't do on purpose.
Perhaps an attacker injected something into your home page. I've
seen similar things on other web pages.
> BTW, got a handy link for a site that might decode that mess?
I'm no expert at JavaScript, but it appears it's just shifting all
the characters's ASCII values by one. A => B; B => C; etc. While
that's a trivial encoding, I dunno of anything "ready made" that will
decode it.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
