Recently i have noticed some strange stuff. In every public JavaScript file on my website there has been added redirect script at the end of every file.
I have access to access.logs and all that stuff.
How to locate trough what method did people insert this stuff?
How did they been able to access write permission on all my JavaScript files?
Since your JavaScript file has been changed, I don't think that's a XSS vulnerability.
I think they have hacked in your web server, maybe your web application has some upload vulnerability, or your web server has some 0-day vulnerabilities.
There are lots of ways to do that.
Check your web server's file system, what's the time stamp that the JavaScript files have been modified? And which user had the permission to access those files?