Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies


Can someone tell me what this code does?



2:28 pm on May 29, 2001 (gmt 0)

10+ Year Member

I am hoping someone can tell me the purpose of this code:

an=navigator.appName;sr='http://domain1.com/';srw="na";srb="na";d=document;r=41;function pr(n) {
d.write("<img src=\""+sr+"n\/?tag=fjc1&p=http%3A%2F%2Fwww.yourdomain.com%2F&j=y&srw="+srw+"&srb="+srb+"&l="+escape(d.referrer)+"&rs="+r+"\" height=1 width=1>");}//-->
<script language="javascript1.2"><!--
<noscript><img src=http://domain1.com/z/?tag=xyz1&p=http%3A%2F%2Fwww.yourdomain.com%2F&j=n height=1 width=1></noscript>

It looks like 3 scripts. What does each do?


3:40 pm on May 29, 2001 (gmt 0)

10+ Year Member

Looks like the kind of code thecounter.com use.

Its a hit counter basically.


3:52 pm on May 29, 2001 (gmt 0)

I'll take a stab at what that first SRC IMG line does, because I used to have a cookie-leak demo on my site that used the same technique.

It's generating an on-the-fly link back to www.yourdomain.com for a 1 x 1 "web bug" image, which will not show up on the screen because it's probably transparent anyway. The purpose of this is to get the extra PATH_INFO into the link, so that www.yourdomain.com can collect it. Everything after the actual CGI program that generates the 1 x 1 in this path statement ends up in the environment variable PATH_INFO, which is accessible to that CGI program. The escape is to hex-encode any unusual characters so that they won't screw up the data transfer; these will get decoded later. ( for example, %3A = :, %2F = / )

It appears that this extra info in the path consists of the HTTP_REFERER seen by domain1.com.

Thus, www.yourdomain.com gets this information:

1) A log of exactly when this code was executed the remote domain1.com

2) Where the link was, that was clicked, that caused this code to be executed at that time on the remote domain1.com

I got bored so I didn't look at it past that first SRC IMG statement, but you probably have enough info now to figure out the rest of it.

It's spyware. It's nasty. It doesn't deserve to exist. Disable JavaScript. Except for the fact that REFERER would be irrelevant in such a case, the same technique can be used in html-enabled email to secretly send info back.

And at the point of connection between domain1.com and www.yourdomain.com, the latter can plant or read a cookie on domain1.com.


5:28 pm on May 29, 2001 (gmt 0)

10+ Year Member

I wonder if this would be used to track the number of clicks on a banner?

Featured Threads

Hot Threads This Week

Hot Threads This Month