javascriptc#asp.netcode-injectionmalware
Adware javascripts gets injected into aspx page
Im not sure if its the right kind of question here. But I have no idea why it happens.
I have a simple site made in C# asp.net. But I get some unwanted javascripts injected into my page. Initially i expected some malware/browser add-on in my system and made scan using Avast, Adwcleaner. But the javascript is injected regardless of the system or browser from which its being accessed.
This code is not injected into pure html pages added in the ASP site. Its only found in ASPX pages. The javascript injected points to some cdncache.com, cdncash.com like adware sites.
Some javascript libraries used are zabuto_calendar, bootstrap, jquery but the javascript gets also injected in other aspx pages too.
I had no idea where to look for the issue. I have mode the source code to a new system and built there and still the code gets injected. I have also hosted the site and checked in mobile inspected the android phone using chrome dev tools and in mobile browser too the code gets injected.
Please help me. Im not good at both asp.net and the whole .net environment, Im coming from PHP background.
I have attached the source code of the page in screenshots
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="AppointmentListaspx.aspx.cs" Inherits="Online_Appointment_System_RGK_19_07_16.AppointmentListaspx" %>
<!DOCTYPE html>
<html lang="en">
<head runat="server">
<title>Appointments</title>
<link href="bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap-theme.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/css/bootstrap-theme.min.css" rel="stylesheet" type="text/css"/>
<link href="bootstrap/fonts/glyphicons-halflings-regular.ttf" rel="stylesheet" type="text/css"/>
<link href="css/zabuto_calendar.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript">
var eventData = [];
function GetInputs() {
$.ajax({
type: "POST",
url: 'AppointmentListaspx.aspx/getddddd',
data: "",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (msg) {
var getdates = [];
getdates = msg.d;
var getdays1 = [];
getdays1 = getdates.fdate;
var gg = [];
gg = getdays1;
for (var i = 0; i < getdays1.length; i++) {
var tempar = {};
tempar.date = getdays1[i];
tempar.badge = false;
eventData.push(tempar);
}
sucemsg(eventData);
},
error: function (e) {
var v = e.responseText;
var s = v;
}
});
}
</script>
</head>
<body style="margin:0px;background-color:#5E5E75;">
<form id="form1" runat="server">
<div class="row">
<div class="col-md-3"> </div>
<div class="col-md-6" style="margin-top:120px;padding:30px;background-color:#0B1633;">
<div class="col-xs-12">
<div id="date-popover" class="popover top"
style="cursor: pointer; display: block; margin-left: 33%; margin-top: -50px; width:175px;">
<div class="arrow"></div>
<h3 class="popover-title" style="display: none;"></h3>
<div id="date-popover-content" class="popover-content"></div>
</div>
<div id="my-calendar"></div>
</div>
</div>
<div class="col-md-3"> </div>
</div>
</form>
<script type="text/javascript" src="bootstrapd/js/jquery.min.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/zabuto_calendar.js"></script>
<script type="text/javascript" src="js/moment.js"></script>
<script type="text/javascript" src="bootstrap/js/npm.js"></script>
<script type="application/javascript">
$(document).ready(function () {
GetInputs();
});
function sucemsg(x) {
$("#date-popover").popover({ html: true, trigger: "manual" });
$("#date-popover").hide();
$("#date-popover").click(function (e) {
$(this).hide();
});
$("#my-calendar").zabuto_calendar({
data:x,
action: function () {
return myDateFunction(this.id, false,x);
},
action_nav: function () {
return myNavFunction(this.id);
},
ajax: {
url: "show_data.php?action=1",
modal: true
},
});
}
function myDateFunction(id, fromModal,y) {
$("#date-popover").hide();
if (fromModal) {
$("#" + id + "_modal").modal("hide");
}
var date = $("#" + id).data("date");
for(var i=0;i<y.length;i++)
{
if(y[i].date==date)
{
window.location.href="DuplicateViewPatientAppointmentList.aspx?Date="+date;
}
}
var hasEvent = $("#" + id).data("hasEvent");
if (hasEvent && !fromModal) {
return false;
}
return true;
}
function myNavFunction(id) {
$("#date-popover").hide();
var nav = $("#" + id).data("navigation");
var to = $("#" + id).data("to");
console.log('nav ' + nav + ' to: ' + to.month + '/' + to.year);
}
</script>
</body>
</html>
And its corresponding .cs file
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Collections;
using System.Web.Services;
namespace Online_Appointment_System_RGK_19_07_16
{
public partial class AppointmentListaspx : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
ArrayList li1 = new ArrayList();
[WebMethod]
public static Dictionary<DateTime, ArrayList> getDetails()
{
Dictionary<DateTime, ArrayList> hf = new Dictionary<DateTime, ArrayList>();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(5).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
if (s != 0)
{
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select Session.Id from Session INNER JOIN SessionDays on Session.Id=SessionDays.SId where SessionDays.dayofweek='"+s+"' ", con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
SessionId = Convert.ToInt32(dr[0].ToString());
lii.Add(SessionId);
}
}
}
}
}
hf.Add(i, lii);
}
return hf;
}
private void Search()
{
Dictionary<DateTime, ArrayList> hf = new Dictionary<DateTime, ArrayList>();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(5).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
int c;
if (s != 0)
{
c = CheckBlockDate(i.ToString("yyyy/MM/dd"));
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select Session.Id from Session INNER JOIN SessionDays on Session.Id=SessionDays.SId where SessionDays.dayofweek='"+s+"' ", con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
SessionId = Convert.ToInt32(dr[0].ToString());
lii.Add(SessionId);
}
}
}
}
}
hf.Add(i, lii);
}
}
[WebMethod]
public static Dictionary<string, ArrayList> getddddd()
{
Dictionary<string, ArrayList> hf = new Dictionary<string, ArrayList>();
ArrayList li = new ArrayList();
int SessionId = 0;
int Dayofweek = 0;
DateTime fromDate=DateTime.Now.Date;
DateTime endate=DateTime.Now.Date.AddDays(6).Date;
for (DateTime i = fromDate; i <= endate; i = i.AddDays(1))
{
int s = (int)i.DayOfWeek;
ArrayList lii = new ArrayList();
int c;
if (s != 0)
{
c = CheckBlockDate(i.ToString("yyyy-MM-dd"));
if (c == 0)
{
li.Add(i.ToString("yyyy-MM-dd"));
}
}
}
hf.Add("fdate", li);
return hf;
}
public static int CheckBlockDate(string Date)
{
int s = 0;
using (SqlConnection con = new SqlConnection(DBCON.getone()))
{
con.Open();
using (SqlCommand cmd = new SqlCommand("Select * from BlockDay where Date='"+Date+"' and Status='0'",con))
{
using (SqlDataReader dr = cmd.ExecuteReader())
{
if (dr.Read())
{
s = 1;
}
else
{
s = 0;
}
}
}
}
return s;
}
}
}
Solution
Answering my own question. As @Keith and @AlexeiFimine suggested in the comments. It turns out my local jquery was infected with malicious javascript. After replacing that file with CDN link my issue got resolved.
- How to create streams from string in Node.Js?
- Filter or map nodelists in ES6
- How to force JavaScript to deep copy a string?
- Why is React component losing state sometime between setting state and keydown?
- Express.js - How to check if headers have already been sent?
- Why can't i unmute my HTML5 video with autoplay enabled?
- Is there any reason to manually `return` in a constructor function?
- Difference between Localhost and opening html file
- Change html table color based on the value of a cell
- Using Cypress, how to test if element does not exist?
- How to import ES Module into UI5 controller
- Referencing another element in CSS / doing math in CSS
- How to pass returned value to different component
- Correct way to handle conditional styling in React
- @panzoom/panzoom does not work when cursor over element
- How to make GTM run before redirect?
- How to make the Form elements work correctly when referencing in JS?
- Javascript live typing animation that handles HTML tags
- How to use onbeforeunload event handler without the pop up message?
- My Component in React JS application don't read the Headers from REST-Api - Headers is Empty
- How to get the absolute value of a number in JavaScript
- Detect if user is using webview for android/iOS or a regular browser
- Create a Web Worker from a Chrome Extension content script
- react-select: How do I resolve “Warning: Prop `id` did not match”
- How use BigInt that right shift operation and XOR in javascript?
- How to create checkbox inside dropdown?
- How to replace a quoted string with a modified version of it JQuery/Javascript
- Angular NG5002: @for loop must have a "track" expression
- Clickable Table Rows in Ruby on Rails
- How to focus on a form input text field on page load using jQuery?