tech.ccidnet.com/art/230/20091126/1947633_1.html存在漏洞攻击

显示全部楼层 · 发表于 2009-12-5 10:54:51

tech.ccidnet.com/art/230/20091126/1947633_1.html

AVG报警 漏洞利用IE VML overflow

显示全部楼层 · 发表于 2009-12-5 11:58:43

NAV拦截

显示全部楼层 · 发表于 2009-12-5 12:38:54

误报，可能是因为几个长宽为0的iframe所致
关于:hxxp://huaminli.blog.hexun.com/28908454_d.html解密的日志(全体输出 -  22):

Level  0>http://huaminli.blog.hexun.com/28908454_d.html
Level  1>http://im.hexun.com/bevent.aspx?cururl=http://blog.hexun.com%2f28908454_d.html
Level  1>http://utrack.hexun.com/track/track.js
Level  1>http://utility.tool.hexun.com/menu.aspx?gourl=http%3a%2f%2fhuaminli.blog.hexun.com%2f28908454_d.html
Level  1>http://blog.hexun.com/inc/popbox.aspx
Level  1>http://comment.blog.hexun.com/inc/emotions.aspx
Level  1>http://shequ3.tool.hexun.com/rest/blogtrack.aspx?userid=4174463&articleid=28908454&topcount=8
Level  1>http://cache-sidebar.blog.hexun.com/single/templete/module18/controls/getarticleside.aspx?articleid=28908454&state=1&orderbylastupdatetime=0&blogid=1292674&userid=4174463&blogname=huaminli&username=huaminli
Level  1>http://click.tool.hexun.com/click.aspx?articleid=28908454&blogid=1292674
Level  1>http://cache-sidebar.blog.hexun.com/articlestatusnew.aspx?blogid=1292674&blogname=huaminli&articleid=28908454
Level  1>http://adphoto.hexun.com/single/templete/module18/articlenewaddisplay.aspx
Level  1>http://adphoto.hexun.com/single/templete/module18/articlelinkdisplay.aspx?articleid=28908454&orderbylastupdatetime=0&userid=4174463
Level  1>http://comment.blog.hexun.com/single/templete/module18/commentdisplay.aspx?articleid=28908454&blogname=huaminli&blogid=1292674
Level  1>http://comment.blog.hexun.com/js/vcode.js
Level  1>http://comment.blog.hexun.com/inc/homeway.js
Level  1>http://comment.blog.hexun.com/inc/xmlhttprequest.js
Level  1>http://comment.blog.hexun.com/inc/api.js
Level  1>http://comment.blog.hexun.com/inc/globaltest.js
Level  1>http://comment.blog.hexun.com/js/PostComment.js
Level  1>http://huaminli.blog.hexun.com/this.src
Level  1>http://shequ2.tool.hexun.com/rest/personpic.aspx?userid=4174463
Level  1>http://login.tool.hexun.com/rest/IsUserSelf.aspx?userid=4174463&flag=1

X版本2.0+79，又把我自定义给弄掉了

显示全部楼层 · 发表于 2009-12-5 13:25:39

估计是误报 avg误报率很高的
Log generated by lijiangyun use mdecoder 0.26
[root]http://tech.ccidnet.com/art/230/20091126/1947633_1.html
[script]http://image.ccidnet.com/nav/toupiao_news.js
[script]http://www.ccidnet.com/images/image_service/blank_tech.js
[iframe]http://image6.ccidnet.com:8081/ad_files/image/tech/art/blank.gif
[script]http://image.ccidnet.com/nav/flash.js
[script]http://image.ccidnet.com/nav/ccid_js/ccidnet_art_header.js
[script]http://www2.ccidnet.com/adpolestar/door/;ap=ec70f701_75e7_1941_07ff_9d1d60bee4c0;ct=js;pu=ccid;/?
[script]http://www2.ccidnet.com/adpolestar/door/;ap=78ed3293_8580_d5ae_236a_6cf7ed1afd99;ct=js;pu=ccid;/?
[script]http://www2.ccidnet.com/adpolestar/door/;ap=7ad973fd_e7ed_2657_9929_cdd2d028b9dd;ct=js;pu=ccid;/?
[script]http://comment1.ccidnet.com/comment/disp/article?articleid=1947633&columnid=230&articletime=2009-11-26&articletitle=ie7+css+0day漏洞攻击页面系金山造假&articleurl=http://news.ccidnet.com/art/230/20091126/1947633_1.html
[script]http://www2.ccidnet.com/adpolestar/door/;ap=e111d266_b7b8_dcd9_f3f1_ff573b403271;ct=js;pu=ccid;/?
[script]http://www2.ccidnet.com/adpolestar/door/;ap=e78842fd_491a_8517_6292_ae850d347343;ct=js;pu=ccid;/?
[script]http://www2.ccidnet.com/adpolestar/door/;ap=c2e21db1_7302_34b5_0e24_e17f1fb7ad08;ct=js;pu=ccid;/?
[script]http://count.ccidnet.com:7001/pub/tools/do_click.jsp?article_id=1947633&column_id=230&create_time=2009-11-26&flag=tech
[script]http://image.ccidnet.com/nav/ccid_js/ccidnet_art_footer.js
[exe]http://www.ccidnet.com/images/ccid_art/layout.css
[exe]http://www.ccidnet.com/images/ccid_art/main.css

[已鉴定] tech.ccidnet.com/art/230/20091126/1947633_1.html存在漏洞攻击