I created a website project that has one aspx page which displays the current date and time in an asp label. When I run the page in Firefox and inspect the markup in Firebug, I see this:
Thank you for that feedback. Using the same visual studio, if I create an HTML page and browse it with Firefox, that code does not appear.
Back to the aspx page, the code does not appear when I view the html source in Firefox. However, when I veiw the page info, I see the objects in the media section.
It's more or less the same thing with chrome. When I inspect the elements, the unexpected code appears in the aspx page but not the html page.
I assume that this does not happen to other people?
if you put in the code there yourself then it's likely a banner. If you find this in a generated page then likely it could be something a script kiddie injected into a form and uploaded that to your application. If so check your database for more entries
and take them out. It also means that likely you turned off page request validation which can be / is a dangerous thing to do.
Grz, Kris.
Read my blog | Twitter Interested in Azure, ASP.NET (MVC), jQuery, WCF, EF, MS SQL, ...
Keep the forums clean: report to the moderation team!
I'm seeing this locally. There is no database involved with the page. I have McAfee and Windows Defender running full system scans right now. We'll see what they find.
I created a website project that has one aspx page which displays the current date and time in an asp label. When I run the page in Firefox and inspect the markup in Firebug, I see this:
Thank you for the responses. My scan with McAfee and Windows Defender revealed nothing. I also downloaded Spybot Search and Destroy and while it found stuff, nothing was related to what I was seeing.
I've come up with a predictable pattern though.
I have been teaching myself jQuery using the book Head First jQuery. The first seven chapters could be done with local browsing but Chapter 8 involved AJAX and a php file, and had to be run through a webserver. After some experimentation and observation,
it appears that the extra scripts only show up when I use IIS. So I do have a security issue - with IIS. I'll figure something out.
As an aside, I didn't notice this when I was doing Chapter 8. I first noticed it when I made an aspx version of the php file.
Dan Bracuk
Contributor
3970 Points
1096 Posts
So What's All This Then?
Dec 30, 2012 03:31 AM|LINK
I created a website project that has one aspx page which displays the current date and time in an asp label. When I run the page in Firefox and inspect the markup in Firebug, I see this:
What purpose does that serve?
ignatandrei
All-Star
134527 Points
21579 Posts
Moderator
MVP
Re: So What's All This Then?
Dec 30, 2012 04:14 AM|LINK
if you do not put this code, then you may have a virus ... or a FF addon...
Dan Bracuk
Contributor
3970 Points
1096 Posts
Re: So What's All This Then?
Dec 30, 2012 04:37 AM|LINK
Thank you for that feedback. Using the same visual studio, if I create an HTML page and browse it with Firefox, that code does not appear.
Back to the aspx page, the code does not appear when I view the html source in Firefox. However, when I veiw the page info, I see the objects in the media section.
It's more or less the same thing with chrome. When I inspect the elements, the unexpected code appears in the aspx page but not the html page.
I assume that this does not happen to other people?
oned_gk
All-Star
31017 Points
6352 Posts
Re: So What's All This Then?
Dec 30, 2012 05:04 AM|LINK
MetalAsp.Net
All-Star
112041 Points
18235 Posts
Moderator
Re: So What's All This Then?
Dec 30, 2012 06:23 AM|LINK
You're seeing this locally, or when you deploy the page?
XIII
All-Star
182674 Points
23445 Posts
ASPInsiders
Moderator
MVP
Re: So What's All This Then?
Dec 30, 2012 08:01 AM|LINK
Hi,
if you put in the code there yourself then it's likely a banner. If you find this in a generated page then likely it could be something a script kiddie injected into a form and uploaded that to your application. If so check your database for more entries and take them out. It also means that likely you turned off page request validation which can be / is a dangerous thing to do.
Grz, Kris.
Interested in Azure, ASP.NET (MVC), jQuery, WCF, EF, MS SQL, ...
Keep the forums clean: report to the moderation team!
Dan Bracuk
Contributor
3970 Points
1096 Posts
Re: So What's All This Then?
Dec 30, 2012 11:52 AM|LINK
I'm seeing this locally. There is no database involved with the page. I have McAfee and Windows Defender running full system scans right now. We'll see what they find.
oned_gk
All-Star
31017 Points
6352 Posts
Re: So What's All This Then?
Dec 30, 2012 12:08 PM|LINK
I found similar problem, i think this is not ASP.NEt problem
http://www.bleepingcomputer.com/forums/topic467670.html
Dan Bracuk
Contributor
3970 Points
1096 Posts
Re: So What's All This Then?
Dec 30, 2012 07:00 PM|LINK
Thank you for the responses. My scan with McAfee and Windows Defender revealed nothing. I also downloaded Spybot Search and Destroy and while it found stuff, nothing was related to what I was seeing.
I've come up with a predictable pattern though.
I have been teaching myself jQuery using the book Head First jQuery. The first seven chapters could be done with local browsing but Chapter 8 involved AJAX and a php file, and had to be run through a webserver. After some experimentation and observation, it appears that the extra scripts only show up when I use IIS. So I do have a security issue - with IIS. I'll figure something out.
As an aside, I didn't notice this when I was doing Chapter 8. I first noticed it when I made an aspx version of the php file.