解码JavaScript代码?

时间:2016-10-11 16:34:22

标签: javascript decode blogger deobfuscation

我在博客模板中找到了这段代码,已经使用过了。我害怕是有害的博客,或者是注射..我正在尝试解码它但失败了,所以请帮助?因为我想确定它是什么,

document.write( unescape( '%3C%73%63%72%69%70%74%20%73%72%63%3D%27%68%74%74%70%73%3A%2F%2F%61%72%6C%69%6E%61%2D%64%65%73%69%67%6E%2E%67%6F%6F%67%6C%65%63%6F%64%65%2E%63%6F%6D%2F%73%76%6E%2F%76%69%65%77%6D%65%2E%6A%73%27%20%74%79%70%65%3D%27%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%27%2F%3E'
))

1 个答案:

答案 0 :(得分:0)



console.log( unescape( '%3C%73%63%72%69%70%74%20%73%72%63%3D%27%68%74%74%70%73%3A%2F%2F%61%72%6C%69%6E%61%2D%64%65%73%69%67%6E%2E%67%6F%6F%67%6C%65%63%6F%64%65%2E%63%6F%6D%2F%73%76%6E%2F%76%69%65%77%6D%65%2E%6A%73%27%20%74%79%70%65%3D%27%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%27%2F%3E'
))




如上面的评论所示,使用console.log查看内容。这会产生https://arlina-design.googlecode.com/svn/viewme.js,这似乎会产生404错误,但如果所有者将其重新启动,那么他们就可以运行该代码 - 它们控制的代码。如果你包含它,它可以访问你的网页,这是一个安全漏洞。