?
Solved

How dangerous is <input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----

Posted on 2006-07-01
5
Medium Priority
?
2,608 Views
Last Modified: 2010-05-18
Hi,

In the source code of a free storage hosting site I noticed a code to be invoked when pressing a javascript button. There is no reason to the action to be encrypted, so I think a lot about malicious coding, worms, and so on...

So my question is: could below code (starting and finishing lines reproduced) carry malicious code inside it, as executables, spyware, worms?
 
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHVwYJKoZIhvcNAQcEoIIHSDCCB0QCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRY ...                             ........ several lines, around 20 ........
k4wmuKk/UZw7fV6+8wZOGr0eI8ScnVuFysSEAZ4BhhiGV4Pgyq5A5VvQ78HZg2N6//+GudczKzx9A0jZ1JX9V1uHxkBClK0jnXw=-----END PKCS7-----">

Thank you!
0
Comment
Question by:Jose Parrot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Harisha M G
ID: 17025273
Hi, there is no need for this to be encrypted, as you are aware.

The value cannot be decrypted unless its format or the decrypter is known. What action is taken when you click the button ? ( I mean, in the code, what is written ? )

Does it manipulate this information in some way ? If so, I hope we can track that.

---
Harish
0
 
LVL 18

Author Comment

by:Jose Parrot
ID: 17025494
Thanks, Harish,

The action is to start the upload of a selected file in the user's computer to the free storage site, at a folder assigned to the user.

As soon I asked the site owner what was the purpose of such code, the web page was modified, and the code deleted. Unfortunately I didn't captured the whole page source, just the tag.

Actually I would like to track the following actions after pressing the button, as you suggest, mainly because the owner of such site posted a question here in EE, asking the experts to upload a file to test the interactivity.

Free storage area + a site with no banners or advertising popups or sponsors + www.something.nu + encrypted code = suspicious thing. If the source is edited after my question = much more suspicious. But I don't want to accuse someone based only in assumptions that can be wrong or mere paranoia.

I'm trying to find, in temporary files, the former page. If I find it, I'll post a new question. By now I will be happy if I can understand how dangerous, in potential and generalizing, could be specifically this kind of code (input type="hidden" name="encrypted" value="-----BEGIN PKCS7---) and something about the mechanism of installing, by using such code, malicious programs in the user's PC.

Jose
0
 
LVL 37

Accepted Solution

by:
Harisha M G earned 400 total points
ID: 17025874
It won't do anything to the system, provided you use a secure browser such as IE or FF.

The worst it can cause is to put a dialler software, or a malware. To be sure that it has not done anything, run HijackThis.
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 17026461
the value= attribute could contain anything, even malicious code for whatever you could imagine
But as long as you don't have enabled any active scripting in your browser, it's just data of the web page, nothing to think about, not a security problem anyhow.
0
 
LVL 18

Author Comment

by:Jose Parrot
ID: 17026708
Thanks, guys!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question