homepage Welcome to WebmasterWorld Guest from 54.196.24.103
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
javascript...
Can someone tell me what this code does?
lizzie




msg:1495337
 2:28 pm on May 29, 2001 (gmt 0)

I am hoping someone can tell me the purpose of this code:

<script><!--
an=navigator.appName;sr='http://domain1.com/';srw="na";srb="na";d=document;r=41;function pr(n) {
d.write("<img src=\""+sr+"n\/?tag=fjc1&p=http%3A%2F%2Fwww.yourdomain.com%2F&j=y&srw="+srw+"&srb="+srb+"&l="+escape(d.referrer)+"&rs="+r+"\" height=1 width=1>");}//-->
</script>
<script language="javascript1.2"><!--
s=screen;srw=s.width;an!="Netscape"?srb=s.colorDepth:srb=s.pixelDepth//-->
</script>
<script><!--
pr()//-->
</script>
<noscript><img src=http://domain1.com/z/?tag=xyz1&p=http%3A%2F%2Fwww.yourdomain.com%2F&j=n height=1 width=1></noscript>

It looks like 3 scripts. What does each do?

 

theperlyking




msg:1495338
 3:40 pm on May 29, 2001 (gmt 0)

Looks like the kind of code thecounter.com use.

Its a hit counter basically.

Everyman




msg:1495339
 3:52 pm on May 29, 2001 (gmt 0)

I'll take a stab at what that first SRC IMG line does, because I used to have a cookie-leak demo on my site that used the same technique.

It's generating an on-the-fly link back to www.yourdomain.com for a 1 x 1 "web bug" image, which will not show up on the screen because it's probably transparent anyway. The purpose of this is to get the extra PATH_INFO into the link, so that www.yourdomain.com can collect it. Everything after the actual CGI program that generates the 1 x 1 in this path statement ends up in the environment variable PATH_INFO, which is accessible to that CGI program. The escape is to hex-encode any unusual characters so that they won't screw up the data transfer; these will get decoded later. ( for example, %3A = :, %2F = / )

It appears that this extra info in the path consists of the HTTP_REFERER seen by domain1.com.

Thus, www.yourdomain.com gets this information:

1) A log of exactly when this code was executed the remote domain1.com

2) Where the link was, that was clicked, that caused this code to be executed at that time on the remote domain1.com

I got bored so I didn't look at it past that first SRC IMG statement, but you probably have enough info now to figure out the rest of it.

It's spyware. It's nasty. It doesn't deserve to exist. Disable JavaScript. Except for the fact that REFERER would be irrelevant in such a case, the same technique can be used in html-enabled email to secretly send info back.

And at the point of connection between domain1.com and www.yourdomain.com, the latter can plant or read a cookie on domain1.com.

lizzie




msg:1495340
 5:28 pm on May 29, 2001 (gmt 0)

I wonder if this would be used to track the number of clicks on a banner?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved