Ajax to "quietly execute" the Web Trojan

Source: Internet
Author: User
Tags execution object model

On the implementation of Ajax, developers think that "Ajax to do, when users browse the page should not feel the execution of it (asynchronous), do not need to wait for the page refresh can automatically complete the validation data", such as whether the user name can be registered and so on. Whenever I think of the phrase "it doesn't feel like it's going to work," It reminds me that there are a lot of network security related things (such as Trojans) that want to be able to do something when the user doesn't feel it, or when the user doesn't feel it.

Many "Research network security Friends" should feel that Microsoft's operating system has been a long time, as before, "Ms05039.exe www.microsoft.com 7758" to get system permissions. So everyone put their eyes on the browser, I hope that users once browsing a Web page can automatically download the real Trojan server files, and then in the background, such a Web page has become a "web Trojan." There are a few obvious benefits to doing this:

1, do not have to find ways to break through the layers of firewalls, local area network users will themselves through the "rebound connection" way is easy to control.

2, if this has a Trojan page in the site, there will be a large attack surface, as long as browsing the page may be a trojan, than the hard waiting for the results of the scan more cool.

3, send the e-mail can also be accompanied by such a Web page.

So a variety of IE vulnerabilities appear, from the beginning to find a way in the user browsing the Web page "56K Cat's speed should be in the background to download 300K around the Trojan server," to all kinds of "11k download" The emergence of the only purpose is to do "so that users do not feel the time to implement." Also for this purpose, I decided to study the Ajax into the Web Trojan, let the Trojan "quietly into the village, shooting the Don't".

Research Ajax first to study "XmlHttp", from the MSDN explanation: XmlHttp provides clients with HTTP server communication protocol. The client can pass the XMLHTTP object (MSXML2). xmlhttp.3.0) Send a request to the HTTP server and use the Microsoft XML Document Object model Microsoft? The XML Document Object Model (DOM) handles the response. Usually a simple Ajax is written like this:

Starting from step fourth, the browser no longer waits for the server to return the results, but continues to handle "other things", which is "the user does not feel (asynchronous execution)", and so the server returned the results, only to start processing server returned information, so this time is the most suitable for the server download Trojan horse. With regard to asynchronous execution, there is a relatively figurative analogy between Xiao Li and his girlfriend on the street, see a woman shop, Xiao Li don't want to go in, at the door, etc, this time, he can choose two ways: 1, in the doorway has been waiting for girlfriend out (synchronous execution), and then continue shopping, 2, two people in advance, and then flash people, When his girlfriend comes out, he will call him back and then go shopping.

The XMLHTTP object has 4 properties that describe the different data types returned by the server, allowing JavaScript variables to be received. When I started my research, I had a thought: the JavaScript variables are weakly typed, the variables are defined, and the type is initialized, which is the type of variable. One of the attributes, "Responsestream," returns the "Ado Stream" object, which has a method to save the returned data as a file and completes the "download Trojan" process. Then wrote a script, the returned object alert out, unexpectedly did not return object, but an error occurred, the hint type is not supported. So search for "Responsestream" information, MSDN no details, use. Net2005 "compiler debugging does not see the return type, code.google.com can not find the relevant code (which heroes have relevant to operate Responsestream information, trouble to a copy).

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.