Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Grep/Sed/regular expression command question

    Hey guys,

    I'm trying to recursively traverse several directories to remove a string from any files that contain it. I've been reading regular expression tutorials like crazy, but I'm still struggling with the concepts since I'm still a bit of a novice. I wouldn't even ask for help, except that I'm facing a time crunch.

    The string is: ?><script type="text/javascript">document.write(unescape('<!--W3Ninja-->'));</script>

    Most of you have probably guessed what's happening already. A had a content management system set up and one of the extensions I ignorantly installed was vulnerable and exploited. A version of the above string was injected into hundreds of php and html files.

    Originally, the javascript that was executed when the site was visited resulted in a XSS attack. I was able to recursively replace the the encoded javascript with that HTML comment to at least nuder the actual attack.

    File permissions are tight and the extension is removed. At this point, I just want to remove that entire string from all infected files.

    Here's what I'm currently failing with:

    grep -rl "<script type=\"text/javascript\">document.write(unescape('<!--W3Ninja-->" ./ | xargs sed -i "\?><script type=\"text\/javascript\">document\.write\(unescape\('<!--W3Ninja-->'\)\);</script>/<\!--W3Ninja-->/g"
    I was just trying to match the string literally since I'm having a hard time with regexp. I would appreciate any help with this.

    Thanks in advance.

  2. #2

    Correction on the regexp

    What I MEANT was:

    grep -rl "<script type=\"text/javascript\">document.write(unescape('<!--W3Ninja-->" ./ | xargs sed -i "\?><script type=\"text\/javascript\">document\.write\(unescape\('<!--W3Ninja-->'\)\);</script>/ /g"

  3. #3
    It would help if you also gave the error message (if any) that you're getting. I suggest you tackle this a command at a time. First get the grep command to work, then move on to the next. The problems I see with the grep command are:

    No escape characters before the '.' and '!'.
    The file to search shouldn't be './' but './*'

    grep -rl "<script type=\"text/javascript\">document\.write(unescape('<\!--W3Ninja-->" ./*
    Try that and see if it lists the correct files.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts