Find the answer to your Linux question:
Results 1 to 3 of 3
Hey guys, I'm trying to recursively traverse several directories to remove a string from any files that contain it. I've been reading regular expression tutorials like crazy, but I'm still ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2009
    Posts
    2

    Grep/Sed/regular expression command question


    Hey guys,

    I'm trying to recursively traverse several directories to remove a string from any files that contain it. I've been reading regular expression tutorials like crazy, but I'm still struggling with the concepts since I'm still a bit of a novice. I wouldn't even ask for help, except that I'm facing a time crunch.

    The string is: ?><script type="text/javascript">document.write(unescape('<!--W3Ninja-->'));</script>

    Most of you have probably guessed what's happening already. A had a content management system set up and one of the extensions I ignorantly installed was vulnerable and exploited. A version of the above string was injected into hundreds of php and html files.

    Originally, the javascript that was executed when the site was visited resulted in a XSS attack. I was able to recursively replace the the encoded javascript with that HTML comment to at least nuder the actual attack.

    File permissions are tight and the extension is removed. At this point, I just want to remove that entire string from all infected files.

    Here's what I'm currently failing with:

    Code:
    grep -rl "<script type=\"text/javascript\">document.write(unescape('<!--W3Ninja-->" ./ | xargs sed -i "\?><script type=\"text\/javascript\">document\.write\(unescape\('<!--W3Ninja-->'\)\);</script>/<\!--W3Ninja-->/g"
    I was just trying to match the string literally since I'm having a hard time with regexp. I would appreciate any help with this.

    Thanks in advance.

  2. #2
    Just Joined!
    Join Date
    Mar 2009
    Posts
    2

    Correction on the regexp

    What I MEANT was:


    Code:
    grep -rl "<script type=\"text/javascript\">document.write(unescape('<!--W3Ninja-->" ./ | xargs sed -i "\?><script type=\"text\/javascript\">document\.write\(unescape\('<!--W3Ninja-->'\)\);</script>/ /g"

  3. #3
    Linux Newbie
    Join Date
    Mar 2009
    Posts
    228
    It would help if you also gave the error message (if any) that you're getting. I suggest you tackle this a command at a time. First get the grep command to work, then move on to the next. The problems I see with the grep command are:

    No escape characters before the '.' and '!'.
    The file to search shouldn't be './' but './*'

    Code:
    grep -rl "<script type=\"text/javascript\">document\.write(unescape('<\!--W3Ninja-->" ./*
    Try that and see if it lists the correct files.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •