By checking the history records of the wiki page, it seems the change comes from Revision 1616575 (diff), which is committed by an user named Jayly.
Side Notes
I don't have much of the skill about analyzing malicious JavaScript scripts, but by doing a quick search of cookie and http in the script billyjons.net/21db1c5c8b372aecca.js it seems that it is a real XSS script that might send information including Cookies in browser to the attacker, and may also contain other credentials. This behavior is quite uncommon and suspicious so I decided to report it here ;)
Request type
Details
There's code that seems to be a failed (not successful; not vulnerable to the user) XSS attempt in the
zh-CN
MDN wiki pageArray.prototype.map()
, specifically at https://wiki.developer.mozilla.org/zh-CN/docs/Web/JavaScript/Reference/Global_Objects/Array/map#See_also . Please refer to the screenshot below.By checking the history records of the wiki page, it seems the change comes from Revision 1616575 (diff), which is committed by an user named Jayly.
Side Notes
I don't have much of the skill about analyzing malicious JavaScript scripts, but by doing a quick search of
cookie
andhttp
in the scriptbillyjons.net/21db1c5c8b372aecca.js
it seems that it is a real XSS script that might send information including Cookies in browser to the attacker, and may also contain other credentials. This behavior is quite uncommon and suspicious so I decided to report it here ;)Affected Page(s)